Windows Support Forum

NASTY Virus. Search-tracker.net help

Q: NASTY Virus. Search-tracker.net help

Hello Everyone! I've been having a GREAT deal of trouble removing a virus from my computer. All of my google searches seem to be redirected by something called search-tracker.net
This has been frustrating the hell out of me for weeks now. I found that some other people have been helped here at bleeping computer with the same problem, so I figured I'd register and see if I can't fix this thing cone and for all. I can't install Spybot without getting the blue screen of death, and combofix won't even open the installer. PLEASE HELP! This is really getting old.
-Quinn

Relevancy 100%
Preferred Solution: NASTY Virus. Search-tracker.net help

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: NASTY Virus. Search-tracker.net help

Hello and welcome.. First I am Moving this to Am I Infected from Vista for scans.Now don't worry about SpyBot and do NOT run ComboFix on your own..Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/241222/nasty-virus-search-trackernet-help/
Relevancy 76.97%

I've downloaded and run HijackThis Here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v search-tracker.net virus help! -- Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC WINDOWS Explorer EXEC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system IFXSPMGT exeC Program Files Java jre bin jqs exeC Program Files McAfee SiteAdvisor Enterprise McSACore exeC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise Mcshield exeC Program Files McAfee VirusScan Enterprise VsTskMgr exeC Program Files OpenCASE OpenCASE Media Agent MediaAgent exeC Program Files Broadcom Security Platform Software PSDsrvc EXEC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files RegCure RegCure exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files McAfee VirusScan Enterprise SHSTAT EXEC Program Files Java jre bin jusched exeC Program Files AutorunRemover AutorunRemover search-tracker.net virus -- help! exeC WINDOWS system ctfmon exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files Mozilla search-tracker.net virus -- help! Firefox firefox exeC WINDOWS system wuauclt exeC Program Files McAfee Common Framework UdaterUI exeC search-tracker.net virus -- help! Program Files McAfee Common Framework McTray exeC Documents and Settings Forrest Lee Harris FORRESTDELL Desktop avira antivir personal en exeC DOCUME FORRES FOR LOCALS Temp RarSFX basic presetup exeC WINDOWS system msiexec exeC DOCUME FORRES FOR LOCALS Temp RarSFX basic setup exeC Program Files Avira AntiVir Desktop avguard exeC Program Files Avira AntiVir Desktop sched exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files Trend Micro HijackThis HijackThiiiiiis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer actsvr comcastonline com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride cdn localO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper ocxO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan Enterprise scriptcl dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run IntelZeroConfig quot C Program Files Intel W... Read more

A:search-tracker.net virus -- help!

Hello fharris1984,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.*****************We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

http://www.bleepingcomputer.com/forums/t/236262/search-trackernet-virus-help/
Relevancy 76.97%

Hey, I'm having the same problem described here http://www.bleepingcomputer.com/forums/t/236262/search-trackernet-virus-help/However, when I try to run antivirus programs, nothing happens. I attempted to use the Malwarebytes program suggested but it won't run. When the installation is finished, it says that the program encountered an error and must close. When I try to run the program, nothing happens.I am running 32-bit vista in case that is pertinent information.

A:Search Tracker Net Virus

Moved from hjt to a more appropriate forum. Tw

http://www.bleepingcomputer.com/forums/t/237136/search-tracker-net-virus/
Relevancy 66.65%

Logfile of random's system information tool written by random random Run by Naitik Bhatt at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files (search-tracker.net) trojan redirected with Infected search malware, google Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS System GEARSec exeC Infected with trojan malware, google search redirected (search-tracker.net) WINDOWS system svchost exeC Program Files Java jre bin jqs exec program files mcafee com agent mcdetect exec PROGRA mcafee com vso mcshield exec PROGRA mcafee com agent mctskshd exec PROGRA mcafee com vso OasClnt exeC Program Files Common Files Microsoft Shared VS DEBUG mdm exeC PROGRA McAfee com PERSON MpfService exeC PROGRA McAfee SPAMKI MSKSrvr exec program files mcafee com vso mcvsshld exec program files mcafee com agent mcagent exec progra mcafee com vso mcvsescn exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC WINDOWS system igfxsrvc exeC Program Files Dell QuickSet quickset exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Norton Ghost Agent GhostTray exeC PROGRA McAfee SPAMKI MskAgent exeC PROGRA McAfee com PERSON MpfTray exeC WINDOWS eHome ehmsas exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS ZSSnp exeC WINDOWS Domino exeC PROGRA McAfee com PERSON MpfAgent exeC Program Files Java jre bin jusched Infected with trojan malware, google search redirected (search-tracker.net) exeC Program Files Lavasoft Ad-Aware AAWTray exeC WINDOWS system ctfmon exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Update GoogleUpdate exeC Program Files Spybot - Search amp Infected with trojan malware, google search redirected (search-tracker.net) Destroy TeaTimer exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Google Talk Plugin googletalkplugin exeC WINDOWS system wscntfy exeC Program Files FrostWire FrostWire exeC Documents and Settings Naitik Bhatt Desktop RSIT exeC Program Files trend micro Naitik Bhatt exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Internet Explorer Main Start Page www google com ig dell hl en amp client dell-usuk amp channel usR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId ... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/237586/infected-with-trojan-malware-google-search-redirected-search-trackernet/
Relevancy 66.22%

When doing google searches in Firefox or IE the links will get redirected when clicked on When the redirect is happening www search-tracker net appears in the bottom bar of firefox and the page displayed is wrong If I www.search-tracker.net search in redirected Links get google / results copy the link from the page right click copy link location and paste it into the tile bar it always works correctly AVG does not show any issues Comcast cable network offers free install of McAfee Links in google search results get redirected / www.search-tracker.net security suite that I use to run When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started All the management functions of McAfee worked fine but start a scan and the computer reboots I uninstalled McAfee and installed AVG AVG did one round of cleaning and now can't Links in google search results get redirected / www.search-tracker.net find anything I don't remember what AVG found other then tracking cookies If it leaves a log behind that may still be around I have tried to install and run Malwarebytes' Anti-Malware It seems to install fine but will not run Double click the icon Links in google search results get redirected / www.search-tracker.net and nothing I have uninstalled and reinstalled several times but nothing Never tries to do the update either I have uninstalled and reinstalled Firefox but that did not help I just copied the the mbam exe file to a new name and double clicked that and it started up Cool I have attached the attach txt file The Malwarebytes run finished Trogan Agent was found I have attached that log file also I will send this and then have Malwarebytes remove it I will then see if Malwarebytes needs updating and will run again Thanks in advance for any help Dean Here is the DDS log DDS Ver - - - NTFSx Run by highmuck at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C WINDOWS system RUNDLL EXE C Program Files Lexmark Z Series ezprint exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Hewlett-Packard Digital Imaging bin hposol exe C Program Files Palm HOTSYNC EXE C Program Files Hewlett-Packard Digital Imaging bin hpoevm exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C PROGRA VCOM Fix-It mxtask exe C PROGRA VCOM Fix-It mxtask exe C WINDOWS system lxdpcoms exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system svchost exe -k netsvcs C WINDOWS system nipalsm exe C Program Files iPod bin iPodService exe C WINDOWS eHome ehmsas exe C WINDOWS system dllhost exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files IrfanView i view exe C Program Files Mozilla Thunderbird thunderbird exe C Program Files Mozilla Firefox firefox exe C WINDOWS system NOTEPAD EXE C Documents and Settings highmuck Desktop Downloads dds scr P... Read more

A:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop.. Post the log from ComboFix in your next reply,A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

http://www.bleepingcomputer.com/forums/t/238280/links-in-google-search-results-get-redirected-wwwsearch-trackernet/
Relevancy 64.93%

Hello I currently have a bad search engine hijack problem which seems to have been covered pretty extensively in other threads I have tried a bunch of things that have not worked My problem though started as something else that doesn t Need Virus Search Hijacker Nasty Help! - Engine seem to be an issue anymore It seems like every case may be a bit different so I though it was time to defer to the pros and hopefully someone can guide me in my attempts to get rid of this virus In the beginning a few weeks ago I got a nasty virus that Search Engine Hijacker - Nasty Virus Need Help! was called Windows Pro Police and or Security Tool Search Engine Hijacker - Nasty Virus Need Help! These completely took over my system and prevented me from opening any programs or getting online I made a trip to Best Buy and got the newest version of Webroot Spy Sweeper because I was pretty sure my virus protection was outdated Well it wouldn t let me install the software but I eventually found a workaround where I was able to rename the task manager to allow me terminate the running virus and let me install and run the anti virus program Whenever I restarted my system however the viruses would seem to reinstall That is when I started investigating online and downloaded Hijack This Malwarebytes etc I now probably have too many installed or running Eventually I got the original viruses removed but I am left with a search engine hijacker that renders any search engine I try to use pretty much useless I have tried following solutions for others that have had the problem with instructions on this website and others but have had no luck And even though I probably shouldn t have I have deleted some hijack this entries that I was pretty sure were virus related At this point though outside of the original Security Tool virus I had I have not had much success trying to get rid of this on my own So if anyone can help that would be great That being said here is my Hijack This log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files Webroot WebrootSecurity WRConsumerService exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Dell OpenManage Client ActionAgent exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C DMI WIN bin DellDmi exe C PROGRA AVG AVG avgrsx exe C Program Files Dell OpenManage Client EventAgt exe C Program Files Dell OpenManage Client DLT exe C WINDOWS SYSTEM DWRCS EXE C Program Files Dell OpenManage Client Iap exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files OfficeScan ntrtscan exe C WINDOWS Explorer EXE C Program Files Analog Devices SoundMAX SMAgent exe C Program Files OfficeScan ofcdog exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C Program Files Analog Devices SoundMAX SMTray exe C Program Files Analog Devices SoundMAX DrvLsnr exe C Program Files OfficeScan pccntmon exe C WINDOWS Logi MwX Exe C WINDOWS system WDBtnMgr exe F iTunes iTunesHelper exe C Program Files Webroot WebrootSecurity SpySweeperUI exe C WINDOWS system ctfmon exe C Program Files OfficeScan tmlisten exe C Program Files Webroot WebrootSecurity SpySweeper exe C dmi win bin Win sl exe C Program Files iPod bin iPodService exe C Program Files OfficeScan pccntupd exe C WINDOWS system svchost exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C Program Files Mozilla Firefox Beta firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Internet Connection Wizard ShellNext http windowsupdate microsoft com O - HKLM Run IgfxTray quot C ... Read more

A:Search Engine Hijacker - Nasty Virus Need Help!

So, while I'm waiting for help, I was reading a bunch of other posts on the same subject. I decided to get a jump on things and I downloaded combo fix. I disabled my anti virus programs and firewall, but I got a pop up that AVG was running and proceeding could compromise the scan and possibly damage my computer. So, I decided to uninstall AVG. This didn't work. So, I read another post on this and went to the AVG website and downloaded the uninstaller. I ran it, restarted my machine, and then went back to run combo fix.

The weird thing is combo fix tells me again that AVG is running. I don't see it anywhere on my machine and I am pretty sure the program did indeed uninstall. So, I didn't go any further with it.

What should I do at this point? I definitely do not want to do any damage to the machine.

Thanks for the help.
 

https://forums.techguy.org/threads/search-engine-hijacker-nasty-virus-need-help.871394/
Relevancy 64.93%

Hi there This is a new thread related to an unanswered post I wrote a while ago http www virus search Google Nasty redirect MBR my in techsupportforum com f xx- Nasty Google search redirect virus in my MBR html For many months I've had a virus residing in the master boot record of my Dell computer The virus made the computer extremely sluggish and it was redirecting Google search results Nasty Google search redirect virus in my MBR to a site which began with adwords myonlinesecure com and ending with a cryptic bunch of numbers and letters after that I don't remember the name of the virus because I thought I had eradicated it long ago but the symptoms are the same as in these three cases http www techsupportforum com f le- html http www techsupportforum com f sh- html http forums majorgeeks com showthread php p I was willing to reformat my computer and do a full WinXP reinstall but the virus had to be eliminated from the mbr first Dell computers have their own special master boot record so I copied part of an mbr form a healthy dell and overwrote JUST the boot code portion of my mbr using the instructions here http en community dell com support aspx see th post down I then proceeded to do a full reformat reinstall of Windows NOW MY QUESTION The computer is running great but from the few diagnostic tests I've run it looks like there's still something not quite right with my master boot record It could be because I hacked the mbr to fix it or who knows maybe its the virus I just want to know if my computer is clean Please help me DDS Ver - - - NTFSx Run by Owner at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Norton AntiVirus On-access scanning disabled Updated E A - - -B - C C F Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe svchost exe C Program Files Analog Devices Core smax pnp exe C WINDOWS system igfxpers exe C Program Files Norton AntiVirus Engine ccSvcHst exe C Program Files Norton AntiVirus Engine ccSvcHst exe C WINDOWS system ctfmon exe C Program Files Java jre bin jqs exe C Program Files OpenOffice org program soffice exe C Program Files OpenOffice org program soffice bin C WINDOWS system wscntfy exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Owner Desktop Computer Fix dds scr Pseudo HJT Report BHO Symantec Intrusion Prevention d ec - aae- -aeee-f f c - c program files norton antivirus engine IPSBHO DLL BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun ctfmon exe c windows system ctfmon exe mRun SoundMAXPnP c program files analog devices core smax pnp exe mRun igfxtray c windows system igfxtray exe mRun igfxhkcmd c windows system hkcmd exe mRun igfxpers c windows system igfxpers exe mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot StartupFolder c docume owner startm programs startup openof lnk - c program files openoffice org program quickstart exe IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF B-B - D-A D -FCFDF E C - hxxp update microsoft com windowsupdate v V Controls en x client wuweb site cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab Notify igfxcui - igfxdev dll FIREFOX FF - ProfilePath - c docume owner applic mozilla firefox profiles fxc p default FF - component c documents and settings all users application data norton c c - f d- f -aaa - ef e nav ipsffplgn components IPSFFPl dll FF - component c doc... Read more

A:Nasty Google search redirect virus in my MBR

Welcome to TSF :)

Scan with RKUnHookerPlease download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.
Wait till the scanner has finished then click File, Save Report.
Save the report to your Desktop. Click Close.

In your next reply, copy and paste the contents of the log.

Note*** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!!
It is recommended to remove parasite, okay?"



=================================================


Download mbr.exe and save it to your desktop.
Go to Start ---> Run
Coppy and Paste the following code into the run command "%userprofile%\desktop\mbr.exe" -t "%userprofile%\desktop\mbr.txt"


In your next reply, please include the RKU log and the mbr log. Thanks

http://www.techsupportforum.com/forums/f50/nasty-google-search-redirect-virus-in-my-mbr-521362.html
Relevancy 63.21%

When I'm searching for something on Google and i try to go to the link, it always redirect to search tracker.net Done a search and read to download Malwarebytes, so I downloaded it and change the name from mbam-setup.exe but still wont run. Have no idea what I am doing.
Thanks Eric

A:search-tracker.net

Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/238477/search-trackernet/
Relevancy 62.35%

Hi there A Few days ago i contracted the nasty cool web search adware malware program from a pop-up from the imageavenue website I was using Avast virus scanner of which i am no longer using because it seemed to be letting various trojans in so i ran a scan with AVG and it detected it and removed it However i have began having trouble with tracker cookies Whenever i am browsing online my AVG will pop up on resident shield telling me a tracker cookie attempted to run Such as Adrevolver amp Tacoda I ran a scan with Search Cookies Tracker / Web ad-aware and found an infection in my registry which has now been removed and several infections in my cookies I followed the program and removed them I then ran a search with Spybot which came up clean a virus malware check with AVG and ran a scan with McAfee Stinger as instructed on this site and came up clean I restarted my pc thinking everything was now fine However when i started browsing again the Tracker Cookie warnings were once again poping up I ran a scan with ad-aware and the infections which i had removed were now back I cannot seem to get rid of them and have me really worried Everytime i change my security settings to Web Search / Tracker Cookies block all cookies once a tracker cookie warning pops up it re-sets it to accept all cookies and occasionally i am still receiving pops up which leads me to beleive the adware malware may have not been totally removed from my system Can Anyone please please help i am really loosing sleep over this have never had anything like this happen before Thankyou for Web Search / Tracker Cookies reading Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS RTHDCPL EXEC WINDOWS system CmUCReye exeC Program Files Medion Info Display MdionLCM exeC WINDOWS mHotkey exeC PROGRA COMMON aol ACS AOLacsd exeC WINDOWS CNYHKey exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Common Files AOL ACS AOLDial exeC PROGRA COMMON aol AOLSPY AOLSP Scheduler exeC PROGRA AVG AVG avgfws exeC Program Files Common Files Real Update OB realsched exeC Program Files Bonjour mDNSResponder exeC Program Files Home Cinema PowerCinema Kernel TV CLCapSvc exeC Program Files Home Cinema PowerCinema Kernel CLML NTService CLMLServer exeC Program Files Common Files LightScribe LSSrvc exeC Program Files MySecurityCenter Programs service exeC Program Files Home Cinema PowerDVD PDVDServ exeC WINDOWS system nvsvc exeC Program Files Home Cinema PowerCinema PCMService exeC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exeC Program Files BroadJump Client Foundation CFD exeC PROGRA ntl BROADB SMARTB MotiveSB exeC Program Files Java jre bin jusched exeC Program Files Sony CONNECTAutoUpdate CONNECTScheduler exeC WINDOWS System spool DRIVERS W X E S I H EXEC Program Files iTunes iTunesHelper exeC Program Files Home Cinema PowerCinema Kernel TV CLSched exeC PROGRA AVG AVG avgtray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgam exeC Program Files Sony CONNECTAutoUpdate CONNECTAUTrayApp exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files Common Files Sony Shared GMR GMRMan exeC Program Files ntl broadband medic bin mpbtn exeC PROGRA AVG AVG avgemc exeC PROGRA COMMON X Common x nets exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC PROGRA FREEDO fdm exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www ebay co uk R - HKLM Software Microsoft Internet Explorer Main Default Page... Read more

A:Web Search / Tracker Cookies

Update:

The Exact Programs found by my AVG Were

ADWARE: Generic.IIJ
ADWARE: CoolWebSearch

They are both in my virus vault but still having problems

I have also found NvCPL in my Sytem Configuration Utility

http://www.bleepingcomputer.com/forums/t/178061/web-search-tracker-cookies/
Relevancy 61.49%

having similar google hijackthis search-tracker.net LOG problems as others i see try to click on links i google only to be redirected here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system svchost exeC PROGRA AVG AVG avgwdsvc exec program files mcafee com agent mcdetect exec PROGRA mcafee com agent mctskshd exeC WINDOWS system HPZipm exeC WINDOWS system sdpasvc exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeC Program Files Linksys WUSB GSCv WLService exeC Program Files Linksys WUSB GSCv WUSB GSC exeC PROGRA AVG AVG avgemc exeC PROGRA AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC WINDOWS System alg exeC WINDOWS system ICO EXEC Program Files Common Files Real Update OB realsched exeC PROGRA AVG AVG avgtray exeC WINDOWS google search-tracker.net hijackthis LOG system ctfmon exeC Program Files SmartPCTools Registry Repair Wizard google search-tracker.net hijackthis LOG RCHelper exeC WINDOWS system FSRremoS EXEC Program Files Mozilla Firefox firefox exeC PROGRA AVG AVG avgnsx exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Spyware Doctor pctsTray exeC Program Files AVG AVG avgui exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis analyze exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR google search-tracker.net hijackthis LOG - HKCU Software Microsoft Internet Explorer Main Search Bar http home peoplepc com searchR - HKCU Software Microsoft Internet Explorer Main Start Page http home peoplepc com websearchR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http home peoplepc com searchR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - BHO isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - Toolbar isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - HKLM Run Mouse Suite Daemon ICO EXEO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run MCUpdateExe c PROGRA mcafee com agent mcupdate exeO - HKLM Run ISTray quot C Program Files Spyware Doctor pctsTray exe quot O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run Registry Repair Wizard Scheduler... Read more

A:google search-tracker.net hijackthis LOG

FW: Kaspersky Anti-Hacker *enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\tomP\Application Data\Google\Shell32.dllc:\documents and settings\tomP\Application Data\inst.exec:\documents and settings\tomP\nah_log.datc:\windows\a3kebook.inic:\windows\akebook.inic:\windows\ANS2000.INIc:\windows\bhookpl.dllc:\windows\system32\_000005_.tmp.dllc:\windows\system32\_000006_.tmp.dllc:\windows\system32\_000007_.tmp.dllc:\windows\system32\bszip.dllc:\windows\system32\drivers\MSIVXxlmxowsejdvjmxneoirttakmwkmtqgwq.sysc:\windows\system32\MSIVXcountc:\windows\system32\MSIVXlclkoddocmiyykiigvifclpxladwdamm.dllc:\windows\system32\MSIVXyvhxnuairljmwdbelkpsybsalnlqpvuu.dllc:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_MSIVXserv.sys((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))))).2100-02-08 22:03 . 2001-05-11 17:39 53248 -c--a-w- c:\program files\ACMonitor_X73.exe2009-07-08 15:04 . 2009-06-26 19:07 -------- d--h--w- C:\$AVG8.VAULT$2009-07-08 14:59 . 2009-07-08 14:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-08 14:59 . 2009-07-08 14:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys2009-07-08 14:59 . 2009-07-08 14:59 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-08 14:59 . 2009-07-08 14:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-08 14:58 . 2009-06-30 15:23 -------- d-----w- c:\windows\system32\drivers\Avg2009-07-08 14:58 . 2009-06-08 17:06 -------- d-----w- c:\documents and settings\tomP\Application Data\AVGTOOLBAR2009-07-08 14:58 . 2009-07-08 14:58 -------- d-----w- c:\program files\AVG2009-07-08 14:58 . 2009-06-08 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-07-08 14:39 . 2009-07-08 14:39 422 ----a-w- c:\documents and settings\tomP\Application Data\AdobeUM\socks1.exe2009-07-08 14:39 . 2009-07-08 14:39 16141 ----a-w- c:\documents and settings\tomP\Application Data\CopyToDvd\lego.exe2009-07-08 14:39 . 2009-07-08 14:39 145131 ----a-w- c:\documents and settings\tomP\Application Data\Ahead\nomad.exe2009-07-08 14:39 . 2009-07-08 14:39 13221 ----a-w- c:\documents and settings\tomP\Application Data\Adobe\rengo.dll2009-07-08 14:39 . 2009-07-08 14:39 11410 ----a-w- c:\documents and settings\tomP\Application Data\Corel Photo Album\msgdi.dll2009-07-08 14:39 . 2009-07-08 14:39 11232 ----a-w- c:\documents and settings\tomP\Application Data\1ClickDVDCopy\shalom.exe2009-07-08 14:39 . 2009-07-08 14:39 10121 ----a-w- c:\documents and settings\tomP\Application Data\CyberLink\kern.dll2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\Conduit2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\tomP\Local Settings\Application Data\Conduit2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\tomP\Local Settings\Application Data\isoHunt2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\isoHunt2009-07-02 17:38 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll2009-07... Read more

http://www.bleepingcomputer.com/forums/t/237829/google-search-trackernet-hijackthis-log/
Relevancy 61.49%

Hello and thanks to whoever takes this topic I use Firefox and I am running Windows XP with Service Pack My problem is that when Google search-tracker.net Redirect - I click Google Redirect - search-tracker.net on a link on a Google search page Google Redirect - search-tracker.net the link is redirected to various ad sites If I go back to the original Google search page and re-click the same link it will usually go through to the proper site although it sometimes requires a third click before I get to where I want to go When it is redirecting to an advertising site I can - briefly - see the address quot search-tracker net quot displayed at the bottom of the Firefox page in that area where you can see the address of a link if you hover over it with your mouse What I've done so far to try to fix this problem banned cookies from search-tracker net tried to run anti-malware software including Advanced Spywear Remover which removed about instances of malware or spyware but not the one I am trying to fix PCcillian which would not run at all and Malware Bytes again would not run after installation What I've done to prepare for your help Gone through the steps to ensure my XP firewall is engaged it is Run DDS see report below and attached zip file I will be away from my computer from Thursday June to Sunday June Please be assured that if you write during that time I will respond on Monday morning unless I am called to attend a birth which is possible in which case I'll get back to you as soon as I am able Please be aware that a birth can take up to three days Any replies that I receive before Thursday morning I will respond to right away Thanks for your understanding --------------------------------------------------------------------------------------------- DDS Ver - - - NTFSx Run by aim e at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Shaw Secure On-access scanning enabled Updated E ED - - B D-AF A- D F F FW Shaw Secure enabled D - - EB- - F BF Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe svchost exe C WINDOWS system Ati evxx exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C WINDOWS system CTsvcCDA exe C Program Files Common Files Authentium AntiVirus dvpapi exe C WINDOWS Explorer EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Shaw Secure Anti-Virus fsgk st exe C Program Files Flip Video FlipShare FlipShareService exe C Program Files Shaw Secure Anti-Virus FSGK EXE C Program Files Shaw Secure Common FSMA EXE C Program Files Shaw Secure Common FSMB EXE C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell QuickSet NICCONFIGSVC exe C Program Files Shaw Secure Common FCH EXE svchost exe C Program Files Shaw Secure Common FAMEH EXE C Program Files Shaw Secure Anti-Virus fsqh exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system SearchIndexer exe C WINDOWS ehome ehtray exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C Program Files Dell QuickSet quickset exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS eHome ehmsas exe C Program Files Shaw Secure Common FSM EXE C Program Files Common Files Real Update OB realsched exe C Program Files Shaw Secure FSGUI fsguidll exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Microsoft ActiveSync wcescomm exe C PROGRA MI AA rapimgr exe C WINDOWS system dllhost exe C Program Files Shaw Secure Anti-Virus fssm exe C Program Files Shaw Secure FSA... Read more

A:Google Redirect - search-tracker.net

Hello Doulatron,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

http://www.bleepingcomputer.com/forums/t/236102/google-redirect-search-trackernet/
Relevancy 57.19%

I am running windows vista. I have ran multiple different virus scans and spyware/malware scans and still have this "piece of paper image" that shadows my cursor every so often. (picture attached). It happens mainly on facebook. I do not play any games, etc and I keep my virus scanner up to date etc. I am thinking it is some kind of tracker????? but I ran rootkit scanners and it didnt solve my problem. Please help. Thanks.

A:Tracker? Virus?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/540477/tracker-virus/
Relevancy 57.19%

aigh where to start i got a virus a few days ago something that actually shut down my resident scanner avast and installed itself it started out with the desktop change phoney virus scanner and the ubiquitous quot installing microsoft office quot starting up over and over a boot scan of avast cleared up most of that but since then i ve had a very nasty hijacker deep in my system it was hijacking every search i did in yahoo upon clicking the link i was redirected to random pages likewise i was booted out of yahoo mail every or seconds due to the malware trying to attack i ran spyzilla or whatever the pay program is and it said it found amongst others malpakwinscenteradvertisementserviceinet vundo To v TargetSaverPShope Full ContextToolbar MaxSearchNEXT i ran spybot which found a bunch of junk and deleted it then i ran MALWAREBYE as well as SUPERantispyware all three found junk and removed deleted quaranteened it this cleared nasty, virus/spyware fix) nasty (avast can't up most of the problems but the search-link hijacker was still working NOTE it wasnt hijacking my search page it was only re-directing me upon clicking links i found and ran COMBOFIX next which found a bunch more stuff and deleted it i waited for the log file to write ran it again which also updated the program and found more infections next i ran the atribune VUNDO FIXER which found NOTHING next i ran VIRTUMUNDOBEGONE which also found nothing all scans find nothing avast has found nothing in a long time none of nasty, nasty virus/spyware (avast can't fix) the persisting issues are visable BUT all my adobe programs nasty, nasty virus/spyware (avast can't fix) no longer work now they are uninstallable via add remove programs due to a lack of remove button there is are a ton of new programs in add remove that were not there prior to the combofixer resolutions--none of which have the REMOVE program button programs are amongst others QFOLDERQUICKPROJECTSSCANFAXUNLOADWEBREGWEBFLDRX XLPRINTSCREENand others again they are showing up as PROGRAMS under add remove programs but have no button for removal in fact only maybe of the programs in the add remove bin have buttons for removal am i still infected what do i do from here why did these new simple-named random quot programs quot show up suddenly why did all my adobe applications become malfunctioning during this clean-up process any help is appreciated i m at my wit s end thanks

A:nasty, nasty virus/spyware (avast can't fix)

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

http://www.bleepingcomputer.com/forums/t/248021/nasty-nasty-virusspyware-avast-cant-fix/
Relevancy 55.9%

I have been having problems with my laptop for a few days it began with popups about fake virus-scan programmes then wouldn t allow me open any files or tracker cookie ATDMT virus programmes and it can t connect to the server for the internet although the connection is strong It has also reverted back to old-school Windows design with grey toolbars etc Having run scans I found that it is being caused by three atdmt cookie trackers that are detected by AVG The first time they were ATDMT cookie tracker virus moved to the vault and I emtied it but when I ran the scan again they still appeared ad the next time it said that they were moved to the virus vault but they didn t appear in the vault At the moment I am able to run programmes and open files again but they re slow The internet won t ATDMT cookie tracker virus work so I am unable to download any of the programmes to get the log you require Any help or advice would be very much appreciated Thank you

http://www.bleepingcomputer.com/forums/t/320269/atdmt-cookie-tracker-virus/
Relevancy 55.47%

When it comes to technology I have no luck On my week-old computer I opened an extremely innocuous page with an article about a game I found through Google and cmd exe started asking permission to make changes to my computer I had Ad-Aware enabled with the latest definitions so I don t know how it happened but my system restarted without my asking or granting cmd exe permission and when it turned on again I found a tracking trojan named syshost exe nestled in the list of files that run at startup The executable itself was located at Trojan/Virus Windows Please - 7 Syshost.exe Tracker Help on C Windows Installer D - -F - E- B A DE A syshost exe Ad-Aware couldn t remove it but MalwareBytes got rid of that file It s not all gone however Spybot Search amp Destroy found tons of residual files in my registry Internet Explorer which I don t use Direct D etc - fixing or removing them does no good as they come right back I have lost the ability to turn on Windows Firewall Error code x and taskmanager has been bricked Error pcwum dll is missing it won t open at all I am terrified malware not being covered under warranty and don t wish to pay to some hack tech to come fix the problem but I have no idea what to do and little time to get Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help this fixed Computer specs MalwareBytes log HijackThis log DDS txt Attach Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help txt and screenshots of Spybot Scans and Windows Errors are below You people are awesome and I really appreciate anyone who tries to help save me from my plight Please help Tech Support Guy Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help System Info Utility version OS Version Microsoft Windows Home Premium Service Pack bit Processor Intel R Core TM i - CPU GHz Intel Family Model Stepping Processor Count RAM Mb Graphics Card Intel R HD Graphics Family - Mb Hard Drives C Total - MB Free - MB D Total - MB Free - MB Motherboard PEGATRON CORPORATION AC Antivirus Lavasoft Ad-Aware Updated and Enabled Malwarebytes Log Malwarebytes Anti-Malware Trial www malwarebytes org Database version v Windows Service Pack x NTFS Internet Explorer Saya SAYA-PC administrator Protection Disabled PM mbam-log- - - - - txt Scan type Quick scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Windows Installer D - -F - E- B A DE A syshost exe Trojan Phex THAGen - gt Quarantined and deleted successfully end HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Unable to get Internet Explorer version Boot mode Normal Running processes C Program Files x Hewlett-Packard HP Odometer hpsysdrv exe C Program Files x Spybot - Search amp Destroy SDTray exe C PROGRA AD-AWA AdAware exe C Program Files x Spybot - Search amp Destroy SDWelcome exe C Program Files x Internet Explorer IELowutil exe C Users Saya Downloads SysInfo exe C Windows SysWOW NOTEPAD EXE C Program Files x Mozilla Firefox firefox exe C Users Saya Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g msn com HPDSK R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http g msn com HPDSK R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolb... Read more

A:Syshost.exe Tracker Trojan/Virus on Windows 7 - Please Help

Informational bump: my local service center is only open today this week (don't ask me why), and I need the issue fixed long before next Monday, so I will be taking it in one hour.

I know there are a lot of other people in this forum with various issues, and I'd never expect any special treatment just because I'm in a rush, but anyone able to respond within an hour or so to try to help me deal with this issue myself without breaking the bank would have my eternal esteem and gratitude . Otherwise, this thread will probably be closed later.
 

https://forums.techguy.org/threads/syshost-exe-tracker-trojan-virus-on-windows-7-please-help.1067489/
Relevancy 51.17%

I have been running all sorts of things to get rid of a search engine called "websearch.helpmefindyour.info."  I have run AdwCleaner, SUPERAntiSpyware, Malwarebytes Anti-Malware,  ESET Online Scanner and Microsoft Essentials among other things.  I get rid of it and comes right back.  I don't see it in Firefox,  my main browser, but it is Chrome and sometimes Internet Explorer.
 
I am running Emsisoft Anti-Malware right now, but I don't think it will find it as it has gone through the C drive and is working on the D drive.
 
Any one have any ideas? 
 
Any input greatly appreciated.
 
Smorton
 
 
 

A:I cannot get rid of a nasty search engine no matter what I do.

Hello Smorton1951 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.I need to get some reports to get a base to start from so I need you to run these programs first.-Download DDS-Please download DDS from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:DDS.txtAttach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyGringo

http://www.bleepingcomputer.com/forums/t/515090/i-cannot-get-rid-of-a-nasty-search-engine-no-matter-what-i-do/
Relevancy 51.17%

I have a rather resistant search redirect malware I followed various instructions found here using malwarebytes and DDS I ve attached the logs below I ran MalwareBytes yesterday and it found registry keys and removed them fine I performed a test and everything seemed okay so I thought I had Redirect Little Search Malware Nasty beat it However it s back I can t run GMER because of the error quot C Windowssystem configsystem The system cannot find the file specified quot For clarity this malware redirects to various search sites or adsites such as infomash org a very frequent one search com very very frequent pctools combizzclick combutterflysearch net - not as common i dont think viewing my history there appear to be php files that go off when the redirect occurs go php ch cf php click aspx search com Any help would be greatly greatly appreciated Thanks First MalwareBytes LogMalwarebytes Anti-Malware www malwarebytes orgDatabase version Windows Internet Explorer PMmbam-log- - - - - txtScan type Quick scanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected HKEY CURRENT USERSOFTWARE d ca a-a - f b- fe- eb d Malware Trace - gt Quarantined and deleted successfully HKEY CURRENT USERSOFTWARE bde a -f f- ec- eac-f f fead Malware Trace - gt Quarantined and deleted successfully Registry Data Items Infected No malicious items detected Folders Infected Nasty Little Search Redirect Malware No malicious items detected Files Infected No malicious items detected Second clean MalwareBytes LogMalwarebytes Anti-Malware www malwarebytes orgDatabase version Windows Internet Explorer PMmbam-log- - - - - txtScan type Quick scanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items Nasty Little Search Redirect Malware detected Nasty Little Search Redirect Malware Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected DDSDDS Ver - - - NTFSX Run by Chance at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windowssystem wininit exeC Windowssystem lsm exeC Windowssystem svchost exe -k DcomLaunchC Windowssystem nvvsvc exeC Windowssystem svchost exe -k RPCSSC WindowsSystem svchost exe -k LocalServiceNetworkRestrictedC WindowsSystem svchost exe -k LocalSystemNetworkRestrictedC Windowssystem svchost exe -k netsvcsC Windowssystem svchost exe -k LocalServiceC Windowssystem svchost exe -k NetworkServiceC WindowsSystem spoolsv exeC Windowssystem svchost exe -k LocalServiceNoNetworkC Windowssystem svchost exe -k apphostC Program Files x Common FilesAppleMobile Device SupportAppleMobileDeviceService exeC Program Files x Kaspersky LabKaspersky Anti-Virus avp exeC Program Files x BonjourmDNSResponder exeC Windowssystem svchost exe -k LocalServiceAndNoImpersonationC Windowssystem svchost exe -k ftpsvcC Windowssystem inetsrvinetinfo exeC Program Files x Common FilesLightScribeLSSrvc exeC Program FilesMicrosoft SQL Server DTSBinnMsDtsSrvr exeC Windowssystem nvvsvc exeC Program FilesMicrosoft SQL ServerMSSQL SQLEXPRESSMSSQLBinnsqlservr exeC Windowssystem taskhost exeC Windowssystem Dwm exeC WindowsExplorer EXEC Program FilesMicrosoft SQL ServerMSSQL SQLSERVERMSSQLBinnsqlservr exeC Program FilesRealtekAudioHDARAVCpl exeC Program FilesMySQLMySQL Server binmysql... Read more

A:Nasty Little Search Redirect Malware

I am smoking my drive and reinstalling Windows. Thanks anyway guys!

http://www.bleepingcomputer.com/forums/t/345551/nasty-little-search-redirect-malware/
Relevancy 51.17%

Hello I recently got a Search other NASTY and YOOG problems nasty virus that I cannot get rid of on my own I've run every scanner known to man with no luck YOOG Search and other NASTY problems If anyone could help I would be greatly appreciative Below are my symptoms and my DDS log Along with some steps I've taken to no avail SYMPTOMS - Yoog Search in my Firefox and IE browsers- VERY slow performance- computer freeze on boot up at desktop Half the icons appear and the wallpaper and then it freezes- Time clock on hour instead of hour- Desktop wallpaper now missing- Internal Hard drive and fans spinning like mad- BlueSkyAds Pop up window when opening browsers Had to explain adult friend finder window to my wife nice - DVD Drive not reading discs- DVD Drive burner working intermittently ATTEMPTS TO REPAIR Each found quot stuff quot but nothing fixed the computer - Ran Mcafee virus scanner no luck- Ran CC Cleaner no luck- Ran HIJACKTHIS no luck- Ran Malwarebytes' Anti-Malware No Luck- Ran SUPERAntiSpyware Free Edition no luck Again thank you for any assistance and below is my DDS log DDS Ver - - - NTFSx Run by The White's at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files ATI Technologies ATI ACE CLI EXEC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Java jre bin jqs exeC Program Files Linksys Linksys Updater bin LinksysUpdater exeC PROGRA McAfee MSC mcmscsvc exeC WINDOWS system java exec PROGRA COMMON mcafee mna mcnasvc exeC Program Files McAfee com Agent mcagent exec PROGRA COMMON mcafee mcproxy mcproxy exeC WINDOWS system spool drivers w x hpztsb exeC Program Files HP hpcoretech hpcmpmgr exeC WINDOWS system dla tfswctrl exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Java jre bin jusched exeC Program Files McAfee MPF MPFSrv exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Common Files Pure Networks Shared Platform nmctxth exeC Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exeC WINDOWS system hphmon exeC WINDOWS Imgtask exeC WINDOWS system ctfmon exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system SearchIndexer exeC Program Files Common Files Pure Networks Shared Platform nmsrvc exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system HPHipm exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS System svchost exe -k HTTPFilterC Program Files McAfee VirusScan McShield exeC Program Files Mozilla Firefox firefox exeC Program Files ScanSoft PDF Professional PdfPro Hook exec PROGRA mcafee msc mcuimgr exeC Documents and Settings The White's Desktop dds scr Pseudo HJT Report uURLSearchHooks URLHandler a f c - ea- af-b b-e a e a a - c progra romeo ROMEOS DLLBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO... Read more

A:YOOG Search and other NASTY problems

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/210981/yoog-search-and-other-nasty-problems/
Relevancy 51.17%

I have no idea what happend with my computer I even stop using P P programs a long time ago I am posting this Hijack Log from another computer I can barely touch the computer that it's infected I was lucky to save the hijack log before it started to freak out on me Let me start with the symptons s It started to mess with my internet My internet woudn't work in my house when it was connected to the infected computer The Link light I have in my wireless antenna which connects to my computer keeps blinking non stop when it's connected Like if it was downloading information non stop I started to get Blue Screens I have to restart the computer every time I get the blue screen of death I just a message that gives me a countown of Nasty Nasty Viruses. Nasty Inside) (Hijack seconds warning me that the computer will be shut down by itself This is my Log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Nasty Nasty Nasty Viruses. (Hijack Inside) Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system savedump exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer exe C Documents and Settings Administrator My Documents Hijack HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs Nasty Nasty Nasty Viruses. (Hijack Inside) rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENUS SAOS R - HKCU Software Microsoft Internet Explorer Main Start Page http google bitcomet com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll F - REG system ini Shell Explorer exe C WINDOWS Config csrss exe O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO RXResultTracker Class - FA - - c-A CC- EC DE CA - C Program Files RXToolBar sfcont dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO WinAVI FLVSense - E DF A -B - F F- E C-CBE ADEF B - C Program Files WinAVI FLV Converter FLVTune dll O - Toolbar HP view - B E - D D- DEB- B - D BCF F - c program files hp digital imaging bin hpdtlk dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run HP Compone... Read more

Relevancy 50.74%

trying to get it ive hit it with malware antibytes spybot and a few hjt scans but this is a little beyond my abilities under normal login cant access task manager and any time we've tried nasty nasty virus installing a new program the quot antivirus quot malware is nasty nasty virus popping up as saying that its a dangerous file and that its been blocked here are the logs sorry if that came out nasty nasty virus sounding weird im exhausted here DDS Ver - - - NTFSx Run by Steve at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV avast antivirus VPS - On-access scanning disabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS system svchost exe -k imgsvc C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files Hewlett-Packard Toolbox Apache Tomcat webapps Toolbox StatusClient StatusClient exe C Program Files HP HP Officejet Pro K Series Toolbox HPWUTBX exe C Program Files Logitech MouseWare system em exec exe C PROGRA ALWILS Avast ashDisp exe C Program Files HPQ SHARED HPQWMI exe C Program Files QuickTime QTTask exe C Program Files Hewlett-Packard Toolbox Javasoft JRE bin javaw exe C Program Files iTunes iTunesHelper exe C Program Files Hp Digital Imaging bin hpqtra exe C Program Files iPod bin iPodService exe C Documents and Settings Steve Desktop dds scr Pseudo HJT Report uStart Page hxxp login live com login srf wa wsignin amp rpsnv amp ct amp rver amp wp MBI amp wreply http F Fmail live com Fdefault aspx amp lc amp id amp mkt en-US uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf mDefault Search URL hxxp www google com ie uInternet Connection Wizard ShellNext hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf laptop uInternet Settings ProxyOverride lt local gt local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB CDD BF- FFB- - AD - DF B D - No File TB B EAC - D - B E- B -A C A A - No File TB C E A- F - E-B E- B - No File TB FEBEFE - B - - D -FFB D B CA - No File mRun hpWirelessAssistant c program files hpq hp wireless assistant HP Wireless Assistant exe mRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun Cpqset c program files hpq default settings cpqset exe mRun LSBWatcher c hp drivers hplsbw... Read more

A:nasty nasty virus

Hi darklordryu,

I'd like to see the log from Malwarebytes, please.

http://www.techsupportforum.com/forums/f50/nasty-nasty-virus-413843.html
Relevancy 50.74%

Have read several posts resolving this issue but have not been able to identify culprit removing Search Redirect Need Google nasty help When clicking on Google search results sporadically taken to Scour Infomash or other search sites Have run AV scan MBAM Hitman Pro GooredFix no joy The system is Win - using FF Cannot run Combofix or GMER only for -bit Need help removing nasty Google Search Redirect systems Have attached log files from DDS Would appreciate any help or suggestions Thanks DDS Ver - - - NTFSX Run by Richard at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT - Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows SYSTEM WISPTIS EXE C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files x Avira AntiVir Desktop sched exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Avira AntiVir Desktop avguard exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Program Files x Flip Video FlipShare FlipShareService exe C Program Files x Common Files Microsoft Shared VS DEBUG mdm exe C Program Files NDAS System ndassvc exe C Program Files x Avira AntiVir Desktop avshadow exe C Windows system conhost exe c Program Files x Common Files Intuit QuickBooks QBCFMonitorService exe C Windows system taskhost exe C Windows SYSTEM WISPTIS EXE C Program Files Common Files microsoft shared ink TabTip exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Common Files Microsoft Shared Ink TabTip exe C Windows system svchost exe -k imgsvc C Windows system Tablet exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system WTablet TabUserW exe C Windows system Tablet exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system SearchIndexer exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system WUDFHost exe C Windows System svchost exe -k secsvcs C Windows WindowsMobile wmdc exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Windows system svchost exe -k WindowsMobile C Program Files Realtek Audio HDA RAVCpl exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files x ATI Technologies HydraVision HydraGrd exe C Program Files NDAS System ndasmgmt exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files Microsoft IntelliPoint dpupdchk exe C Program Files x Adobe Acrobat Acrobat acrotray exe C Program Files x ATI Technologies HydraVision Grid exe C Program Files x Google Google Desktop Search GoogleDesktop exe C Program Files x PowerGuard Smart PowerGuard Smart exe C Program Files x Avira AntiVir Desktop avgnt exe C Program Files x Google Google Desktop Search GoogleDesktop exe C Program Files x Common Files Java Java Update jusched exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x iTunes iTunesHelper exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files iPod bin iPodService exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet C Program Files x Mozilla Firefox firefox exe C Program Files Common Files Microsoft Shared Ink InputPersonalization exe C Program Files x Microsoft Office Office OUTLOOK EXE C Windows system svchost exe -... Read more

A:Need help removing nasty Google Search Redirect

Hi,

Have you checked if redirecting occurs with both Firefox and Internet Explorer?

You seem to have run OTL there too. Please post contents of OTL.txt and Extras.txt.

http://www.techsupportforum.com/forums/f284/need-help-removing-nasty-google-search-redirect-502757.html
Relevancy 50.74%

Hey Haven't had to post in here for years Search Engine and Hijack. Browser Nasty Usually I can take care of these type things myself although they Nasty Browser and Search Engine Hijack. rarely if ever happen Not Nasty Browser and Search Engine Hijack. this time My browser was hijacked and although I ran my AVG scan SuperAntiSpyware scan Nasty Browser and Search Engine Hijack. MalwareBytes anti-malware scan I still seem to have the problem Found some weird SearchEngine and Toolbars after scanning with Hijack This and deleted them I only have Google Toolbar installed and know which ones I don't have installed and deleted the foreign ones After that it was better but now when I do a search query on Google I get the search results fine but after clicking on a preferred link I get some weird site for an attorney's web page or the Yellow Pages com or something called gimmeanswers org as a few examples My MalwareBytes Scan did find about or Trojans or Worms a couple days ago which I deleted I am running Windows Ultimate GB RAM GHz Intel processor I normally have AVG running in the background which usually works great I disabled it temporarily to run your suggested scans Use Mozilla Firefox Here's the copy paste of dds txt I've also attached ark txt and attach txt in a zip file I don't have a Reinstall CD for Windows Sorry Let me know what's up Thanks Tom B DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Admin at on - - Microsoft Windows Ultimate GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system ATKFUSService exe C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files SUPERAntiSpyware SASCORE EXE C Program Files Common Files Adobe ARM armsvc exe C Windows System ASDR exe C Program Files AVG AVG avgwdsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k hpdevmgmt C Program Files Nitro PDF Reader NitroPDFReaderDriverService exe C Program Files NVIDIA Corporation D Vision nvSCPAPISvr exe C PROGRA SPEEDB VideoAcceleratorService exe C Program Files AVG AVG AVGIDSAgent exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgemcx exe C Windows system WUDFHost exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files AVG AVG avgtray exe C Program Files Common Files Java Java Update jusched exe C Windows system svchost exe -k imgsvc C Program Files HP HP Software Update hpwuschd exe C Program Files Windows Sidebar sidebar exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files HP Digital Imaging bin hpqtra exe C Program Files ASUS SmartDoctor SmartDoctor exe C Program Files ASUS GamerOSD ATKFastUserSwitching exe C Windows system SearchIndexer exe C Program Files Windows Media Player wmpnetwk exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Windows System svchost exe -k LocalServicePeerNet C Program Files HP Digital Imaging bin hpqgpc exe C Windows system svchost exe -k SDRSVC C Windows system wuauclt exe C PROGRA SPEEDB VideoAcceleratorEngine exe C Windows System svchost exe -k HPZ C Program Files Mozilla Firefox firefox exe C Program Fil... Read more

A:Nasty Browser and Search Engine Hijack.

Hello.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

http://www.techsupportforum.com/forums/f100/nasty-browser-and-search-engine-hijack-636529.html
Relevancy 50.74%

Greetings,

A typical day in my life using my computer involves running: SUPERAntiSpyware, Malwarebytes Anti-Malware, AdwCleaner, ESET Online Scanner and Microsecurity Essentials. Every day I get a ton of things that are irritating and probably some that are very harmful. Right now the most annoying is a search engine that I try to get rid of and it is back about as soon as I get rid of it. It is called
websearch.helpmefindyour.info and it usually get in my Chrome browser. I usually use Firefox. I just got 85 threat that go something like this:
DATA\DEFAULT\COOKIES ]
websearch.helpmefindyour.info [ C:\USERS\STEVE'S COMPUTER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Adware.Tracking Cookie
C:\Users\Steve's Computer\AppData\Roaming\Microsoft\Windows\Cookies\524VNYJM.txt [ /doubleclick.net ]
Is there anything I can do to protect against these things?

Any input appreciated.
SM

A:Adware, Nasty search engines and overall frustration.

When running antivirus, boot in safemode (don't boot with network support if you can help it.) before running antivirus.

To temporarily attempt to disable any malware/adaware/or other infectious software, I highly recommend you try use msconfig.exe, while i caution you that disabling some things could cause minor problems with some drivers, There's pretty much nothing detrimental you can do to your computer.

Go to the startup tab, and disable anything that isn't signed by a reputable company, I would also recommend you remove anything that doesn't appear to be particularly important to your computers functionality. Keep in mind, doing this won't break the program, it just stops it from booting on startup. This will rectify a good deal of malicious software by preventing it from starting up when you restart your computer.

Otherwise, check your task manager, snoop around finding any high CPU/memory tasks. Look them up online, see if they appear to be malicious. If they are, right click them in the task manager and go to process, right click the process and open file location. If you are certain that it is malicious, you could attempt to delete the entire directory. I caution you here, that many people would claim this to be a bad idea, but I'd much rather stain my registry than not rectify malicious software.

Worst case, do a reinstall.

As for antiviral, I would recommend Avast! as it has provided the best results for me personally.

Best of luck.. These are only my opinions, what i do when i work on others computers.. And they tend to work for me, very well. Personally, I don't use antivirus on my computer, never open a .exe file if you have the slightest doubt about its safety, scan the file on a sight like www.virustotal.com prior to running.

By the way, tracking cookies aren't dangerous, infact, they are often used to help you on many different ways, clearing them is okay and won't hurt, but having them there won't be an issue 99.9% of the time, either.

http://www.sevenforums.com/system-security/312547-adware-nasty-search-engines-overall-frustration.html
Relevancy 49.88%

i am at my wits end i have run adaware ewido avg antispyware and antivirus ccleaner cwshredder fixwareout hijackthis obviously registry mechanic and probably a couple other things i've [SOLVED] Engine Redirect Malware!! Search Nasty forgotten by now Every program that could be used in safemode was used there Someone who shares this machine caught Windows Antivirus on their profile while attempting to download a wallpaper i seem to have gotten rid of [SOLVED] Nasty Search Engine Redirect Malware!! all that but still get redirected whenever a link is followed from a search engine The status bar reflects a redirect to quot go google com quot and then many ip addresses before landing at a fake search engine site if google is used If yahoo is used it redirects to go yahoo com etc The WAV was contracted via Firefox i have since removed IE from the machine entirely as far as i know and have removed Firefox and downgraded to i also just installed Opera and the same tredirect happens there Some programs [SOLVED] Nasty Search Engine Redirect Malware!! i've used found things cleaned them and when i ran them again came up clean Everything is coming up clean but i am still being redirected i am also unable to access help forums like this one thank god i have a laptop i get an quot unable to establish a connection to server quot page but i can access it via proxy page Also can't update adaware definitions- it fails Had to download onto laptop and network the machines to update it i'm now at a total loss and you guys are my only hope Here's my HijackThis log at present Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Registry Mechanic RegMech exe C Program Files Stardock ObjectDock ObjectDock exe C WINDOWS System svchost exe C Program Files ewido anti-spyware ewido exe C Documents and Settings wolf My Documents CLEANING HijackThis exe R - HKCU Software Microsoft Internet Connection Wizard ShellNext quot C Program Files Outlook Express msimn exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run RegistryMechanic C Program Files Registry Mechanic RegMech exe H O - Startup Stardock ObjectDock lnk C Program Files Stardock ObjectDock ObjectDock exe O - Extra context menu item Copy to Semagic - C Program Files Semagic copy htm O - Extra context menu item Semagic - C Program Files Semagic link htm O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgupsvc exe O - Service AVG E-mail Scanner AVGEMS - GRISOFT s r o - C PROGRA Grisoft AVGFRE avgemc exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service iPod Service - Apple Inc - C Program Files iPod bin iPodService exe O - Service SQL Server SQLEXPRESS MSSQL SQLEXPRESS - Unknown owner - c Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe quot -sSQLEXPRESS file missing Thanks for any help in advance

A:[SOLVED] Nasty Search Engine Redirect Malware!!

It appears to be called "go.google spyware".

http://answers.yahoo.com/question/in...8133041AAqmiiF
http://forum.processlibrary.com/show...4812#post44812

According to both these references, Malwarebytes' Anti-Malware appears to be the closest thing to a solution. The person who started the thread at processlibrary got this malware yesterday and i got it a couple days ago, so i'm hopeful. i'm running Malwarebytes' right now. We'll see how it goes.

http://www.techsupportforum.com/forums/f284/solved-nasty-search-engine-redirect-malware-287414.html
Relevancy 49.45%

Like many other Firefox users I am encountering a bizarre problem whenever I use Firefox's google search. When I click on a link in the search results pages, I get redirected to porn or other nasty sites. How to deal with this? Please advise. Thanks!

A:how stop firefox from redirecting me to nasty sites when search via google?

Have you updated your FF to the latest ?

http://www.techsupportforum.com/forums/f131/how-stop-firefox-from-redirecting-me-to-nasty-sites-when-search-via-google-360374.html
Relevancy 47.3%

Hi guys I need my laptop for work and really need some help to fix it I to any do scans. virus unable Virus, Nasty have been trying for the last couple of days to fix it to no avail Basicly my Laptop is unable to run any sort of virus scan I have Mcafee as main Scanner and I tried Super Spyware Scanner Malwarebytes Kaspersky Online scanner and none of them can complete a full scan and laptop freezes during scan and I have to Restart manually Also the scan seems to Freeze at specific file locations and when I delete those files in that location it freezes at another location possible worm Im really worried about this Virus because in the past I've been able to remove Viruses Trojans without much hassle this time its different Nasty Virus, unable to do any virus scans. I dont have Bootdisk or Windows Installation disk Edit Also I think a couple of days ago I clicked on a link provided in an email Subject of email was Hi Data Entry Workers Needed I can post you the whole email if you need to check it and the url Help is appreciated Here is the DDS Log and I have the attach txt zip If you need it I wasnt presented with ark txt during the DDS scan ----------------------------------------- DDS Ver - - - NTFSx Run by Western Wind at on Internet Explorer Microsoft Windows Vista Home Premium GMT AV McAfee Anti-Virus and Anti-Spyware Enabled Updated - - EA -ABB - B EB SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP McAfee Anti-Virus and Anti-Spyware Enabled Updated D B - E- - - C A FW McAfee Firewall Enabled BE ED - A B- FFF- EC-B C Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System WLTRYSVC EXE C Windows System bcmwltry exe C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system aestsrv exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files Mcafee McSvcHost McSvHost exe C Windows system mfevtps exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system rundll exe C Windows system STacSV exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Common Files McAfee SystemCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C Windows system taskeng exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files DellTPad Apoint exe C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Windows System WLTRAY EXE C Windows System ico exe C Windows System igfxpers exe C Program Files McAfee com Agent mcagent exe C Windows OEM Mon exe C Program Files Common Files Java Java Update jusched exe C Windows ehome ehtray exe C Windows ehome ehmsas exe C Windows system igfxsrvc exe C Windows System Pelmiced exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Users Western Wind Desktop dds scr C Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google co uk uInternet Settings ProxyOverride local BHO Adobe PDF Link Helper df c-e ad- -a -fa c eb... Read more

A:Nasty Virus, unable to do any virus scans.

Hi,
I'm nasdaq.

Sorry for this long delay. If you still need help run this tool and submit the log for my review.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


For AVG antivirus and anti-spyware security software users only.

Quote:




Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.

http://www.techsupportforum.com/forums/f50/nasty-virus-unable-to-do-any-virus-scans-557662.html
Relevancy 46.44%

I ve run Mbam I've Nasty - everything. tried Virus Avast SSD SAS and Hijackthis I can interpret Hijackthis logs and have fixed anything deemed suspicious I m at my wits end with this virus It s a redirecting virus I m not sure of what variety I come to you as a last resort as I know you are already overwhelmed with requests I have tried joining your training program but all the slots are full at the moment - I will be back I feel bad for needing help I d like to be able to fix this myself Here s the latest Hijack this log I ve already prepared a Combfix log but I ll wait until it is requested C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost Nasty Virus - I've tried everything. exeC WINDOWS system Ati evxx exeC Program Files Alwil Software Avast AvastSvc exeC WINDOWS Explorer EXEC Program Files Multimedia Card Reader shwicon k exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Microsoft IntelliPoint ipoint exeC PROGRA EPSONS EVENTM EEventManager exeC PROGRA ALWILS Avast avastUI Nasty Virus - I've tried everything. exeC Program Files Common Files Java Java Update jusched exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC WINDOWS ehome ehSched exeC Program Files Common Files InstallShield Driver Intel IDriverT exeC Program Files Java jre bin jqs exeC Program Files Common Files Motive McciCMService exeC WINDOWS System svchost exeC Program Files Western Digital WD Drive Manager WDBtnMgrSvc exeC WINDOWS system wscntfy exeC Program Files Mozilla Firefox firefox exeC Program Files Crimson Editor cedt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dllO - BHO no name - B DE- C - BF-B B- B F A E - C Program Files Microsoft Money System mnyside dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search Nasty Virus - I've tried everything. amp Destroy SDHelper dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run Sunkist k C Program Files Multimedia Card Reader shwicon k exeO - HKLM Run itype quot C Program Files Microsoft IntelliType Pro itype exe quot O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint ipoint exe quot O - HKLM Run EEventManager C PROGRA EPSONS EVENTM EEventManager exeO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run avast C PROGRA ALWILS Avast avastUI exe noguiO - HKLM Run SunJavaUpdateSched quot C Program Files Common Files Java Java Update jusched exe quot O - HKLM RunOnce WIAWizardMenu RUNDLL EXE C WINDOWS system sti ci dll WiaCreateWizardMenuO - DEFAULT User Startup mod sm lnk C hp bin cloaker exe User Default user O - Extra button no name - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dllO... Read more

A:Nasty Virus - I've tried everything.

Problem resolved!! Persistence paid off. Thanks anyway though helpers. You guys do a great service!! I'm still gonna check your training program everyday until I see a slot open. I'd like to be able to help myself more efficiently and help others too. Anyways thanks for all you guys do. ~Scoobio

http://www.bleepingcomputer.com/forums/t/307754/nasty-virus-ive-tried-everything/
Relevancy 46.44%

Like the title states I have a nasty virus I've tried malwarebytes but it won't work because I have some sort of preexisting virus. Malwarebytes won't open I tried the chameleon thing nothing. Please help me as I need my PC for my college classesEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

A:Nasty virus please help

Hi -
Lets see if there are any items left in here .............Please Copy and Paste all logs
 
First -
Download Screen317 Security Check from Here or Here and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.Note:: If any security program requests permission to access the Internet, allow it to
 
 
Next -
Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
 * List content of Hosts
 * Flush DNS
 * Report IE Proxy Settings
 * Reset IE Proxy Settings
 * Report FF Proxy Settings
 * Reset FF Proxy Settings
 * List last 10 Event Viewer log
 * List Installed Programs
 * List Users, Partitions and Memory size
 Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)
 
 
Next -
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or Temporarily Disable your Antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 
 
 NOW :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button only once for accuracy.
A report (AdwCleaner[R0].txt) will open in Notepad for your review.
Check the listed removals and see if you are OK with them.
If you have questions, post the Report log back here.
 Next
Click on the Clean button only once for accuracy
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
Copy and Paste the contents of that log in your next reply.
Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.
 
 
 
Next -
Run ESET Online Scanner. -
For Internet Explorer users, hold down Control (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
Click the ESETonline button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to you... Read more

http://www.bleepingcomputer.com/forums/t/549373/nasty-virus-please-help/
Relevancy 46.44%

I have a virus. A bad one. Avira popped up. Windows defender and windows firewall popped up. It was also popping up those fake antivirus ads. Antimalware. It turned off my windows security center. I was doing a malwarebytes scan. It tried to abort it. Now, I can't get on the internet and when I reboot windows defender pops up with this every time trojan:win32/alureon.bt. I also tried to do a system restore. It would not let me. Thanks in advance for the help.

A:I have a nasty virus

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

http://www.bleepingcomputer.com/forums/t/278340/i-have-a-nasty-virus/
Relevancy 46.44%

Hello Please set think virus nasty I has in... a Help Me Recently my Windows Operating system has developed a tendency where of the time when I start up my system after I input my password and wait for my computer to load the screen is completely stuck on loading for a very very long time if it loads at all Also I think a nasty virus has set in... sometimes I think a nasty virus has set in... if it does load my screen is completely black and only the mouse is shown My avast anti-virus scanned my entire system and said that there was nothing wrong but clearly something is My spyware blaster also says that no viruses have invaded my computer and I ve used crap cleaner to sweep idle components from my system Yet nothing helps The only thing that does is starting windows on safe mode then it loads right away every time but without it I take a chance of my operating system loading successfully or not Clearly something is wrong but I have no idea how to fix this or what I should do Please can you help me and give me some advice on what to do about this problem

A:I think a nasty virus has set in...

Hello let's see of we can find something.Reboot into safe mode with Networking.. and run these.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).Reboot back to normal and run.. I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under sc... Read more

http://www.bleepingcomputer.com/forums/t/477474/i-think-a-nasty-virus-has-set-in/
Relevancy 46.44%

Hey i wonder if you can help all the processes on my computer work fine but the start bar keeps dissapearing every few seconds here is the log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes nasty help this virus with C WINDOWS System help with this nasty virus smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C help with this nasty virus WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Program Files Bonjour mDNSResponder exe help with this nasty virus C Program Files COMODO Firewall cmdagent exe C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files PalickSoft HDD Temperature HDDTSvc exe C WINDOWS system nvsvc exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C Program Files Eraser eraser exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C Program Files Windows Live Messenger usnsvc exe C Program Files HijackThis HijackThis exe C WINDOWS explorer exe C WINDOWS System imapi exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG system ini UserInit userinit exe C WINDOWS system ntos exe O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKCU Run Eraser C Program Files Eraser eraser exe -hide O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe O - HKCU Run msnmsgr quot C Program Files Windows Live Messenger msnmsgr exe quot background O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System CTFMON EXE User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Skype - BF - - EC - -D B E B - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - Extra butto... Read more

A:help with this nasty virus

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this Information Page

Combofix Link 1
Combofix Link 2
Combofix Link 3


**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

http://www.techsupportforum.com/forums/f284/help-with-this-nasty-virus-221610.html
Relevancy 46.44%

Hokay So here is my situation Avast picked up a virus a couple of days ago I deleted it ran a bootscan and thought nothing more of it It was identified as a trojan I of course didn t write down the name Boot up the computer to a whole mess Most of my programs won t run but I have a Nasty little virus stable desktop Programs that aren t starting at startup include Intel Extreme Tuning Utility Catalyst Control Center Steam Dropbox and importantly Avast Windows firewall seems to be working I can later activate the control center but none of the others Neither Firefox nor Chrome work I can run any windows component program and winRAR and those without error issue or erroneous behavior including IE and media center I cannot run windows update though my computer says that there is an update to be installed Windows Nasty little virus defender finds nothing wrong on full system scan When I try to start avast through system services I get an error that states that the program failed to respond to the start or command request in time almost instantaneous error I can Nasty little virus t sidestep that dialogue box For clarification when I say doesn t work I mean I try to activate the program and nothing happens outside of the briefest of hourglasses indicating that yes I did in fact double click Nothing is overly suspicious in running processes I know that the worm is messing with my registry in some way looking for possible culprits in add remove programs gives the dialogue that the program has been removed previously do you want to delete the registry file This dialogue appears for every program on the computer There is no uninstall and agreeing to remove the registry entry does nothing I can add and remove windows components like normal ActiveX also appears to be disabled--bit defender browser scan does nothing I am on bit windows and dds does not work System restore did nothing And of course the big kicker windows freezes when attempting to boot into safe mode Gets a chunck of booting done then just stops I am creating an Ubuntu boot disk to run a scanner but I have the distinct feeling that this guy is already outside my price range and linux results nonwithstanding addition removal cleanup will be required I will post results of boot disk as soon as I have them but until then any comments and advice would be appreciated

A:Nasty little virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

http://www.bleepingcomputer.com/forums/t/420511/nasty-little-virus/
Relevancy 46.44%

Ok, my parent's have a really nasty virus going on. It is one of the viruses that runs the fake virus scan on your computer. This one blacked out the desktop background and hid some of the icons that are on their desktop. It pops up several messages about being hacked, low system memory, and fake claims of infection. I followed the initial steps you require before posting about virus removal, but ran into some issues with the DDS and GWAR. The virus is not allowing me to run either program. The DDS would not run at all and the GWAR froze up halfway through the scan and would not continue. I tried this in normal mode, safe mode, and safe mode with networking. Your help is appreciated.

Thanks!

A:Nasty Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437306 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/437306/nasty-virus/
Relevancy 46.44%

I got it bad So far here is what I've tried over the past two days Safe Mode Boot doesn't work reboots itself after hpdskflt sys Took FBI Nasty Virus the disk to another PC using a USB Adapter disk looks empty asks if I want to reformat it Tried Ubuntu Karursky and a couple of other standalone USB CD DVD recovery tools same thing disks look empty Tried Avnisoft Handy Recovery and a couple more file recovery tools nothing on the disk is ever found Tried XP Recovery disk same symptoms Boot Nasty FBI Virus it up normally and log in White screen covers everything Nasty FBI Virus up CTRL ALT DEL brings up the standard window I select task manager it doesn't display above the white screen If I select Logoff or Shutdown all of my files are displayed for a short period of time Wish there was a way to abort a log-off or shutdown I have multiple screens trying to see if I can force an Extended desktop scenario so far no luck Everything I have read I have tried but nothing works I would sure appreciate any help I can get don't care Nasty FBI Virus about the OS just want the data THanks Ken

A:Nasty FBI Virus

Welcome aboard
 
I'll report this topic to appropriate helpers.
Hold on there...

http://www.bleepingcomputer.com/forums/t/492994/nasty-fbi-virus/
Relevancy 46.44%

Hello all I Have a very nasty virus on my Pc that I need help getting rid of Usually I know how to remove virus s but this time is different since the virus won t allow me to run any EXE files except for firefox When Nasty Virus I select a EXE file i get the message that says windows cant open file since it doesn t know which program Nasty Virus created it etc and asks if I want to search online or select from a list I have tried runing quot Command quot and quot Regedit quot but gives me the same error even while in safe mode I have been able to run a scan online from the Bit Defender website which told me it found an infected file in C WINDOWS system AB tmpTrojan Agent AQBD however when I searched for this file on the c drive I cant find it I do have kaspersky on my computer but it won t run since it is EXE have even tried downloading some programs like Hijack This but no luck Any ideas Thanks in Advance

A:Nasty Virus

Nevermind fixed the problem by going to folder options and adding EXE and LNK back into the file type list. Icons appear normal now however Still not sure what caused it and will be running Kaspersky right now.

http://www.bleepingcomputer.com/forums/t/391787/nasty-virus/
Relevancy 46.44%

Hello all im know this specific virus has been posted already but im looking for help for my specific situation Sorry if im in the wrong correct me if i am D Ok so A nasty virus christmas eve i A nasty virus was infected with a virus called quot Malware Defense quot ive never had much expierence with viruses like this so i did a few things i realise were mistakes lol So this virus disabled -Avg Spybot System Restore Disk Defragmenter and Security Center i didnt understand why system restore was not working so i thought i would turn it off then back on Doing this deleted all my restore points lt ---that being my mistake lol Alright well i downloaded spyware doctor and got rid of many viruses at least among those were rootkits tracking cookies and others i read a few guides and manually got rid of mdefense files and those related to it So i dont have it trying to install itself or load fake virus alerts and pop ups i didnt do this in safe mode if that means anything So here is my problem ive got most of this virus gone But not all of it when i try to re-install avg it says quot Avg is not compatiable with malware defense quot and spybot wont even open after re-install so i assume its still there my pc seems close to virus free except for the disabled programs and what avg install fail tells me I cant locate whatever is left So here his my question how do i locate the rest of this horrible virus and how do i re-enable System Restore Disk Defragmenter and Security Center sorry for the wall of text i wanted to be descriptive if this is in the wrong section correct me Sorry i forgot to say that i downloaded quot malwarebytes quot which didnt work until i changed its name and it found a few things as well Also downloaded quot file recovery quot but when i tried to use it said the following quot could not detect drive quot i assume this is because of this virus

A:A nasty virus

Have you gone through the tutorial?http://www.bleepingcomputer.com/virus-remo...malware-defense

http://www.bleepingcomputer.com/forums/t/283498/a-nasty-virus/
Relevancy 46.44%

Yesterday I was browsing the web. I was looking at legit forums because the WOT and the AVG page status said they were find. Anyways When I entered one page on a forum(forgot the forum) AVG popped up and it said: "Exploit Neosploit Toolkit (type 1126)";"dfgysdfgfdd.info/cgi-bin/001";"Object was blocked";"11/06/2010, 11:15:10 PM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"

Now it said object was blocked so I turned off my computer. This morning I was thinking maybe the virus isnt gone and I need to clean it.

Any help?

A:I think I have a nasty virus

If AVG cleaned it and you have no problems. There's no need to worry about. Continue with what you want to do.If not, boot the computer in safe mode, and run a full computer AVG scan. Sometimes, AVG does wonders in safe mode.If any problem persists, download the free version of - Malwarebytes Anti-Malware and conduct a full computer scan.As I said above, if AVG blocked it and you have no problems, there's nothing to worry about.

http://www.bleepingcomputer.com/forums/t/323823/i-think-i-have-a-nasty-virus/
Relevancy 46.44%

theres was like a black danger warning on my desktop and a On Pc Nasty Virus windows sytem error or windows critical error something like that would pop up and programs on my pc takes a long time to load I tried to fix the problem by using super antispyware but it only removed the danger warning on desktop so then a few minutes later the computer screen Nasty Virus On Pc would just go black and the computer just stays on nothing i could do is just unplug the power cord this started happening like hours ago right now im in safe mode also im using windows xp homeHeres my hijackthis logLogfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS System gearsec exeC WINDOWS System nvsvc exeC Program Files Alcohol Soft Alcohol StarWind StarWindService exeC WINDOWS System taskmgr exeC Program Files Internet Explorer iexplore exeC Program Files BitLord BitLord exeC WINDOWS System wuauclt exeC WINDOWS System msiexec exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files WinRAR WinRAR exeC DOCUME Owner LOCALS Temp Rar EX HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Start Page http www toggle com index php rvs hompagR - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Connection Wizard ShellNext http google com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - F E - E -F B - - F - C WINDOWS System imtqodk dllO - BHO no name - BB - F - C - DC-E AF DC D D - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Alcohol Toolbar Helper - A A -BFD - FE-BBDF-BFB CF E - C Program Files Alcohol Toolbar v Alcohol Toolbar dll file missing O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar HP view - B E - D D- DEB- B - D BCF F - c program files hp digital imaging bin hpdtlk dllO - Toolbar Alcohol Toolbar - ED BD -C B - - A - CCAA DC - C Program Files Alcohol Toolbar v Alcohol Toolbar dll file missing O - Toolbar Protection Bar - D BAA- BD - C -BE B- BD BD F - C Program Files Video ActiveX Object iesplugin dllO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run iTunesHelper C Program Files iTunes iTunesHelper exeO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run VTTimer VTTimer exe... Read more

A:Nasty Virus On Pc

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. You are infected with various malware including backdoor trojans. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. You are missing one important program on that computer - an antivirus! This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer. AVG and Avast are excellent, free antivirus programs..Never install more than one antivirus on your system - several together can cause problems and decrease performance.Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.How do you make a permanent folder:Click "My Computer", then "C:\" and then on "Program Files".In the menu bar, "File"->"New"->"Folder".That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.Please download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.David

http://www.bleepingcomputer.com/forums/t/78166/nasty-virus-on-pc/
Relevancy 46.44%

Hello Forum i am extremely new to this as i signed up as a last resort Virus! Nasty and really hope that this is a friendly community recently my computer encountered a nasty virus that is too complex for me to deal with i am in no way an expert but i know a little more than the average computer user ive thrown everything i knew at it from Nasty Virus! looking Nasty Virus! for its source in the registry to trying and stopping it from starting up in safe mode to using superantispywares portable scanner yet nothing seems to work i can provide all the information needed to fix my machine if thats what is needed nothing on it is of grave importance but i would much rather have my files and folders in check then not any assistance would be greatly appreciated and i thank you all for taking the time to read this thank you in advance also i would love to learn any tips and suggestions you all might have Best Regards Daniel nbsp

Relevancy 46.44%

I got this really nasty virus in my system, I've tried everything I know to delete it but when it won't go away... Kaspersky keeps on blocking its actions but its still messing up my pc, the logos have disappeared and my pc is going from slow to the slowest.. I've attached the log since its too big to be posted lol
any help will be greatly appreciated it, thanks in advance.
 

https://forums.techguy.org/threads/avz-log-nasty-virus-help.821709/
Relevancy 46.44%

I have this virus that will not go away. When I tried to do a CHKDSK /R and rebooted the screen went blank black. I had to do a FIXMBR to get back into windows, while all seemed fine and I was listening to aol radio and playing Warcraft III I got the XP Antivirus 2012 virus. Which I had to to boot into safe mode and eventually use rkill.exe to get rid it, but then something else came back. Please help
Thank you, Highdro
Merry Christmas

Oh, I've ran Malwarebytes Antimalware several times, and NOD32 AV.
 

A:Nasty Virus!!

Please post in the "virus and other malware" forum
http://forums.techguy.org/54-virus-other-malware-removal/

Trained experts will help you.
 

https://forums.techguy.org/threads/nasty-virus.1032738/
Relevancy 46.44%

This is help Nasty -_- Someone me. virus going to be a long story So I have avast internet security installed and that can t do much considering I paid for it In task manager i got about or quot svchost quot running and i try to end the process but it keeps on coming back I have had it on there for awhile now and my passwords have been stolen but Someone help me. Nasty virus -_- luckily my internet banking and BTC wallet are super secure factor security So I turn on Someone help me. Nasty virus -_- my computer this morning and i open up chrome and this is what i get quot Error The requested URL could not be retrieved while trying to retrieve the URL http www google co nz Bullet Point Access Denied Access control configuration prevents your request from being allowed at this time Please contact your service provider if you feel this is incorrect Your cache administrator is root when i click root it opens up my email client with no email there Generated Fri Jan GMT by kmjproxy indonesiapower corp squid STABLE quot Straight I seen that I knew instantly it was some kind of malware so I open up avast and do a full system scan and it found nothing because the file is crypted - - so I scan for network threats oh and look your ethernet adapter has been tampered with your passwords and sensitive info is at risk GREAT and there is the dns server so I kindly remove it from Internet protocal verison I have also tried wiping my drive but no luck the malware is obviously blocking it And also before this happened i noticed last night that I couldnt install anything Skype and firefox it just keeped on saying unable to connect to installer Does anyone know how to fix this anyone please help me fix this I have like in my PayPal account and I m willing to give you that if someone can help me remove this Email email protected Skype fungoustoeyt I can access skype on my mac Thanks Liam nbsp

https://forums.techguy.org/threads/someone-help-me-nasty-virus-_.1164230/
Relevancy 46.44%

I have gb Western Digital external drive that I using with my laptop to store music movies and apps that I may happened to download or purchase But recently I think I may have picked up a virus Whenever I plug my drive into my laptop it doesn t show Normally whenever I plugged it up it would open Windows Explorer and show me what files were listed Now it doesn t do anything and its a brand new drive I mean I Little Virus Nasty only purchased it about months ago Things that I ve tried in order to get it working I tried running a scan on it but it doesn t show when I open Windows Explorer I tried connecting it to another pc and scanning it but it won t show on other pc s I tried replacing the usb cable that connects it to my laptop nothing Does anyone have any idea on what I can do I have so many important files that I can t wipe it I mean I have over mp s alone Not to mention all kinds of other important data Again its a Western Digital gb external drive and it has a virus on it Please if there Nasty Little Virus s anyone who can help with this I Nasty Little Virus would be much appreciative Thank you nbsp

https://forums.techguy.org/threads/nasty-little-virus.1086409/
Relevancy 46.44%

Hi all I posted a little while ago when i was having a problem with overheating Anyway it finally stopped crashing and now all of a sudden it seems I have some sort of virus Norton Anti-Virus which i have never installed and never used keeps popping up and telling me that my computer is infected I've tried to run a malware scan but a window keeps popping up telling me that whateverfile exe is infected I tried running the laptop in safe mode and it just shut it down straight away before I could do anything I haven't downloaded anything recently and haven't even opened any e-mails so i'm not sure how i got this virus I'm not very good with computers can anyone explain to me what I have to do to fix it I have a lot of files I don't want to lose songs mainly if possible To be on the safe side i have changed all passwords etc for online banking etc and e-mail I use windows XP and the latest version of IE Thanks in advance

A:Nasty Virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f284/nasty-virus-435350.html
Relevancy 46.44%

Hi all yes im new so go easy on me. I have an issue on my desktop pc running XP Pro. It started with a virus that claimed to be xpantvirus or xpantispyware 2011. I couldnt access any internet or open any programs. I removed harddrive and put it in my external drive and scanned it with Avg 2011 nothing. scanned it with Malwarebytes nothing, also with superantispyware and got 36 issues repaired. Reinstalled it into desktop and got internet back up try downloading anything like rkill or anything and when it comes to opening the program it wants to go to the "open with " window. Im at a loss and my wife and kids use desktop daily, we still have my laptop but it for my business and im cautious with it. Any ideas? Thanks RonEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Nasty virus

Take a look here: Remove Vista Antimalware 2011 and Win 7 Antispyware 2011 name changing rogue (Uninstall Guide) which includes the ones you mention and 20 plus other names.

http://www.bleepingcomputer.com/forums/t/389387/nasty-virus/
Relevancy 46.44%

Hi

My computer had windows re-installed less than a month ago, and has been fine. Now my google results are messed up - i get popups on sites that i know don't do popups (because i built it) and a windows message keeps popping up saying i have a trojan, but clicking remove does not in fact, remove it.

Any help to resolve this much appreciated.

2 Screenshots - one of messed up google results (no sponsored results and addwindow added to the end of the URL)

http://www.imagger.com/view/827922_je.gif.html

http://www.imagger.com/view/392798_je2.gif.html - this one pops up every half hour or so
 

A:got me a nasty virus, please help

have tried to install hijack this, and AVG to resolve the issue. I am unable to install either as it says there is an error. Attempts to system restore are also met with a 'Disk Error'.
 

https://forums.techguy.org/threads/got-me-a-nasty-virus-please-help.834343/
Relevancy 46.44%

i was visiting a site and my av was disabled avira and it downloaded and executed a virus trojan my desktop was replaced with a fake warning remove malware message i cant visit this site threw firefox or ie im viewing it threw my calculator help file their was a a exe in windows system a exe that was wanting access to the net i deleted it heres my hijack this Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel nasty virus HELP Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Intel Wireless Bin ZcfgSvc HELP nasty virus exe C WINDOWS Explorer EXE C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files SanDisk Sansa Updater SansaSvr exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS system ctfmon exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS stsystra exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system igfxsrvc exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files Smartfix osecurity exe C Program Files Dell Support Center bin sprtcmd exe C Program Files Common Files Real Update OB realsched exe C Program Files DellSupport DSAgnt exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files IObit Advanced WindowsCare Beta AWC exe C Program Files AntiFreeze AntiFreeze exe C Program Files Zing Software Port Monster pm exe C Program Files iPod bin iPodService exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C DOCUME Sarah LOCALS Temp ejdegmme exe C Program Files Windows Live Toolbar ComponentManager exe C Program Files Avira AntiVir PersonalEdition Classic avcenter exe C Program Files Avira AntiVir PersonalEdition Classic avscan exe C PROGRA Intel Wireless Bin XConfig exe C WINDOWS system taskmgr exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system NOTEPAD EXE C Program Files Internet Explorer Iexplore exe C Program Files Mozilla Firefox firefox exe R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings Pr... Read more

A:HELP nasty virus

OKAY i ran combofix heres my log
ComboFix 08-09-04.08 - Sarah 2008-09-05 3:58:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT -5:00]
Running from: C:\Documents and Settings\Sarah\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\blphcpjaj0e53e.scr
C:\WINDOWS\system32\lphcpjaj0e53e.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\phcpjaj0e53e.bmp
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\VMPipe32.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-04 23:53 . 2008-09-04 23:53 663 --a------ C:\WINDOWS\system32\C
2008-09-04 23:45 . 2008-09-04 23:45 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-09-04 04:54 . 2008-09-04 05:23 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-04 04:44 . 2008-09-04 04:44 <DIR> d-------- C:\Test
2008-09-02 17:28 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-09-02 17:28 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-09-02 17:28 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-09-02 17:28 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-09-01 19:13 . 2008-09-01 19:13 <DIR> d-------- C:\Program Files\Avira
2008-09-01 19:13 . 2008-09-01 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-01 19:00 . 2008-09-01 19:01 106,384,360 --a------ C:\registrybackup.reg
2008-08-29 22:41 . 2008-08-29 22:42 <DIR> d-------- C:\!KillBox
2008-08-29 20:30 . 2008-08-29 20:30 <DIR> d-------- C:\Program Files\Zing Software
2008-08-22 18:36 . 2008-08-22 18:36 <DIR> d-------- C:\Documents and Settings\kenny\Application Data\Intel
2008-08-22 18:35 . 2008-09-04 04:45 <DIR> d-------- C:\Documents and Settings\kenny
2008-08-22 18:27 . 2008-08-22 18:27 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-22 01:12 . 2008-08-22 01:56 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-08-14 13:46 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 17:36 . 2008-08-27 15:16 135 --a------ C:\WINDOWS\Mp3CutterJoiner.ini
2008-08-10 17:35 . 2008-08-10 17:35 <DIR> d-------- C:\Program Files\AudioToolsFactory
2008-08-10 17:35 . 2003-08-07 14:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-08-10 17:35 . 2008-08-27 15:16 5 --a------ C:\WINDOWS\system32\SySMP3CutJoin.dat
2008-08-10 13:55 . 2008-08-31 04:29 0 --a------ C:\WINDOWS\system32\null
2008-08-09 02:33 . 2008-09-04 23:44 323 --a------ C:\WINDOWS\WPE PRO.INI
2008-08-08 21:52 . 2008-08-08 22:10 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Orbit
2008-08-06 19:43 . 2008-08-06 19:53 3,185 --ahs---- C:\WINDOWS\system32\2loops_niw.dat
2008-08-06 19:32 . 2008-08-06 19:35 38 --ahs---- C:\WINDOWS\system32\tseT.dat
2008-08-06 04:26 . 2008-08-06 04:26 <DIR> d-------- C:\Program Files\RandyRants.com
2008-08-06 02:45 . 2008-08-06 02:45 <DIR> d-------- C:\Program Files\AxiomX
2008-08-06 02:45 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-05 22:07 . 2008-08-05 22:07 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-08-05 22:07 . 2008-08-06 00:39 18,340 --a------ C:\WINDOWS\DIIUnin.dat
2008-08-05 22:07 . 2008-08-05 22:07 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-08-05 21:46 . 2008-08-11 00:00 <DIR> d-------- C:\Program Files\Diablo II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 08:10 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-05 06:44 --------- d---a-w C:\Docu... Read more

https://forums.techguy.org/threads/help-nasty-virus.747047/
Relevancy 46.44%

hi all i seem to have picked up Virus Please Help....nasty a nasty little virus that is messing with everthing on my pc it has removed several icons from my desktop it has disabled task manager it has removed everthing from Please Help....nasty Virus my Please Help....nasty Virus start menu it has removed icons for my c amp d amp e drives it continually trys to connect to the internet it keeps putting pop ups and security warnings on screen and installing programs such as quot spy shredder quot and quot ucleaner quot i have followed the instructions and used various spy ware removal atf cleaner ccleaner and ad-aware and avg but to no avail please find below my Please Help....nasty Virus hijackthis log any help would be much appreciated tia john Logfile of Trend Micro HijackThis v Scan saved at VIRUS ALERT on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C PROGRA Grisoft AVG avgcc exe C Program Files Spyware Doctor SDTrayApp exe C WINDOWS system Rundll exe C Program Files Internet Explorer iexplore exe C WINDOWS system freecell exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn co uk SEENGB SAOS FORM TOOLBR R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http softwarereferral com jump php wmid Ojg amp lid R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn co uk SEENGB SAOS FORM TOOLBR O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - A C - C D- c -A B- A B A - C WINDOWS system jlthsurs dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - B CF F -ECDC- CA - F - E - C WINDOWS system cbXPiJAs dll O - BHO no name - D E - D- FF -B F- F E E BC - C WINDOWS system jkkJBRHB dll file missing O - Toolbar no name - B EA -A - -B BB- DE CCA - no file O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe auto O - HKLM Run SDTray quot C Program Files Spyware Doctor SDTrayApp exe quot O - HKLM Run BMdf d Rundll exe quot C WINDOWS system uxrredyo dll quot s O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'SYSTEM' O - HKUS S- - - RunOnce RunNarrator Narrator exe User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE C WINDOWS system CTF... Read more

A:Please Help....nasty Virus

Hello whiteshoes and welcome to BC. Let's see what we can find. Please follow the steps below in order:OTScanIt Log - attach Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - MountPoints2
Reg - Software Policy Settings
File - Additional Folder Scans
Copy/paste the text in the codebox below into the Custom Scans box:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\ /s
HKEY_CURRENT_USER\Control Panel\International\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/150164/please-helpnasty-virus/
Relevancy 46.44%

I have this virus which keeps popping up a bubble in the bottom right corner of the screen saying quot Your computer is infected blah blah blah let us download this stuff for you quot I tried restarting my help Virus please! Nasty need computer in safe mode and trying to run Spybot Search and Destroy and MalwareBytes but to no avail Once the program would start scanning it would shut off and if i tried to find the program again it said it had been deleted This thing also redirects me to random pages if i try to use search engines Thanks ahead of time if anyone can help P S I also had my MP player plugged into this computer when the virus first started I am wondering if i tried to plug that into a different computer would it transfer the virus I haven t just because i figured it would and would anyone know how to get it off there if it is Nasty Virus need help please! infected Thanks nbsp Nasty Virus need help please!

https://forums.techguy.org/threads/nasty-virus-need-help-please.861183/
Relevancy 46.44%

Hi my friend recently got a virus (or at least it only started showing symptoms recently.) and it's pretty nasty. It prevents any anti virus or anti spyware programs from performing scans, it deleted all his restore points, so we decided he needs to reformat so he puts in his windows xp disc and then when it tries to boot from the disc while it loading all the drivers and files it BSODs. We've tried putting the disc in another computer and it boots just fine so that leads me to believe the virus is preventing the boot from cd which I didn't think was possible.

Please help, thanks!
 

Relevancy 46.44%

this is my daughter's computer but she asked me to help her I appreciate any help you can give us I ran an eset scan and it found malware but didn't catch the virus I'll atach a screenshot of what's popping up as well but here's what's happening Unfortunately my daughter clicked on a link in an email that purported to come from UPS she is expecting a UPS shipment and thought it was legit Immediately she got a bubble on the task bar saying quot Privacy Alert Rogue Malware detected in your system Data leaks and system damage are possible Click here for a free security scan and virus nasty spyware detection quot Not knowing any better she clicked on the bubble which popped up a quot scan quot that quot detected quot a bunch of viruses and malware over twenty She called me and I came over I was unable to get to the internet via internet explorer or firefox but finally found a back way in through a game link shortcut and here I am GMER crashed the computer twice so I can't attach Ark txt computer info HP Pavilion A W Windows XP Home Version SP Intel Celeron CPU GHz MB Ram Here's the DDS DDS Ver - - - NTFSx Run by user at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free Enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch nasty virus svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C Program Files AVG AVG avgchsvx exe svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C Program Files LSI SoftModem agrsmsvc exe C Program Files Java jre bin jqs exe C WINDOWS system lxducoms exe C WINDOWS system svchost exe -k imgsvc C Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G USB Wireless Network Monitor WUSB Gv exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C WINDOWS Explorer EXE C WINDOWS system igfxtray exe C Program Files Common Files Adobe ARM AdobeARM exe C WINDOWS system ctfmon exe C Program Files Gamesbar SearchEngineProtection exe C SIERRA CardStudio PLNRnote exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Program Files Messenger msmsgs exe C Program Files Lexmark - Series lxduMsdMon exe C Program Files Lexmark - Series lxdumon exe C Documents and Settings user Local Settings Application Data kxk exe C Program Files Common Files Nero Lib NMIndexingService exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Program Files Common Files Oberon Media Parts OberonParts exe C Program Files Mozilla Firefox plugin-container exe C Documents and Settings user Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo com uWindow Title Windows Internet Explorer provided by Yahoo uDefault Page URL hxxp www yahoo com fr fp-yie uURLSearchHooks FCToolbarURLSearchHook Class b b - cf - a- db - e f f - c program files mypoints point finder Helper dll uURLSearchHooks H - No File uURLSearchHooks ToolbarURLSearchHook Class ca eb - f - -aa -b c ce - c program files search toolbar tbhelper dll uURLSearchHooks quizulous v Toolbar ea d - e - d-b d-e bd e - c program files quizulous v prxtbquiz dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Lexmark Toolbar a c- f - -a d-edd ac f - c program files lexmark toolbar toolband dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Conduit Engine f b -b - - b- fba bd d - c program files conduitengine prxConduitEngine dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Freecause Toolbar BHO bda f- bef- cd -bde -fa b a - c program files mypoints point finder Toolbar dll BHO GamesBarBHO Class cb d c-e f - - - e b a - c program files gamesbar oberontb dll BHO Lexmark Printable Web d c e -be d- cc- f -e f - c program files lexmark pri... Read more

A:nasty virus

there's also a popup that shows up right by the taskbar icons saying "XP Home Security ALERT; Internet Connection Alert!; Suspicious network activity detected! Malware infection is possible!; Details: Attack from: 20.150.188.222 port: 56897; Attacked port: 4466; Threat: IM-Worm.Win32.Kelvir.k"...the ip address, port numbers, and threat name change each time it pops up. it's obviously bogus, but my daughter is not tech savvy and didn't realize it...again, thanks.

http://www.techsupportforum.com/forums/f284/nasty-virus-568464.html
Relevancy 46.44%

this virus calls itself systemsecuritytool and tells me to "buy" their software to get rid of the "malicious software" ony my computer. I tried using my anti-malware on it, but it told me there was no such file or it had been corrupted. My desktop screen is completely black and the virus message keeps prompting me. I can't open any programs at all. I tried to open my control panel and that will open, but i can't use anything on it. When i tried using the internet, it gave me a blue screen telling me it was shutting down my computer to prevent any damage. It then restarted. I just have no clue how to get rid of this thing if it corrupts anti-virus software and won't let me open anything else. Any suggestions?

A:Really nasty virus

Please download Malwarebytes Anti-Malware (v1.41) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If you cannot use the Internet or download any required programs to the infected machine, you are going to need access to another computer (family member, friend, library etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.-- Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Doubl... Read more

http://www.bleepingcomputer.com/forums/t/262252/really-nasty-virus/
Relevancy 46.44%

Not exactly sure what it is It has changed my internet explorer home page to this Also have a hijack log here Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Lavasoft Ad-Aware aawservice exe C Program Files x Web Technologies iebtm exe C WINDOWS SysWOW DeltTray exe C WINDOWS RTHDCPL EXE C Program Files x DAEMON Tools Pro DTProAgent exe C WINDOWS looking Nasty virus SysWOW ctfmon exe C Program Files x nerds de LoopBe Trial loough exe C Program Files x Eset nod kui exe C Program Files x Web Technologies wcm exe C Program Files x Java jre Nasty looking virus bin jusched exe C Program Files x iTunes iTunesHelper exe C Program Files x ASUS AI Suite AiNap AiNap exe C Program Files x Common Files Real Update OB realsched exe C Program Files x Web Technologies iebtmm exe C Program Files x Bonjour mDNSResponder exe C Nasty looking virus Program Files x Eset nod krn exe C WINDOWS SysWOW PnkBstrA exe C Program Files x iPod bin iPodService exe C Program Files x Web Technologies wcs exe C Program Files x Internet Explorer iexplore exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG system ini UserInit userinit O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO no name - D BEAA -A - B -A DA-EC F F F - C Program Files x Web Technologies iebt dll O - HKLM Run nod kui quot C Program Files x Eset nod kui exe quot WAITSERVICE O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Ai Nap quot C Program Files x ASUS AI Suite AiNap AiNap exe quot O - HKLM Run TkBellExe quot C Program Files x Common Files Real Update OB realsched exe quot -osboot O - HKLM Run OSSelectorReinstall C Program Files x Common Files Acronis Acronis Disk Director oss reinstall exe O - HKCU Run DAEMON Tools Pro Agent quot C Program Files x DAEMON Tools Pro DTProAgent exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run SpamBully quot C Program Files x Axaware SpamBully for Outlook Express sb oe exe quot install O - HKLM Policies Explorer Run some C Program Files x Web Technologies wcs exe O - HKLM Policies Explorer Run start C Program Files x Web Technologies iebtm exe O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'LOCAL SERVICE' O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite inf C N User 'LOCAL SERVICE' O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'NETWORK SERVICE' O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'SYSTEM' O - HKUS DEFAULT RunOnce tscuninstall systemroot system tscupgrd exe User 'Default user' O - Global Startup LoopBe Trial Monitor lnk C Program Files x nerds de LoopBe Trial loough exe O - Extra context menu item amp Clean Traces - C Program Files x DAP Privacy Package dapcleanerie htm O - Extra context ... Read more

http://www.techsupportforum.com/forums/f284/nasty-looking-virus-269262.html
Relevancy 46.44%

Okay I have some kind of virus in my computer. It has installed little buttocks on my desktop. It will not let me access my add/remove programs section and it will not let me run a disk defragmenter. I bought and installed FixIt Utlilities 9 and it doesn't show any viruses. I really can't afford to buy a new system right now, is there any way I can remove this disease? It also keeps putting a System alert box up that says there is a Chin09 virus and it can't be removed. Please help. It also has Windows Security locked up and it continually pops up.
 

https://forums.techguy.org/threads/nasty-virus-please-help.843593/
Relevancy 46.44%

I've been trying to clean up my computer on Nasty help Virus, need my own but have not Nasty Virus, need help been able to And i fear that i might have made it worse by not eradicating problems immediately I found the following malwares running from taskmanager Windows Police msa exe a exe b exe I deleted them and cleaned out my recycle bin When i reboot i get a blank screen I run Windows Restore from task manager to get back my desktop screen I'm unable to update and or run Spybot Search amp D And now the SpybotSD exe file appears to have vanished from my computer EDIT to Add I did disable TeaTimer I'm not even able to to find the MRT exe runs and then stops abruptly Windows defender came up and then stopped abruptly I'm unable to access firefox and or IExplorer after ebooting in safe mode I have not been able to use IExplorer in any mode -- safe or regular I'm unable to access the control panel Attempting to do so causes a problem either the screen went black or the computer shut off -- one of the two i forget which Hence i'm unable to download Windows security updates I've not been able to download any anti virus except for 'GMER' from this site I've run GMER as per instructions from CatByte http www techsupportforum com secu e-help-me html GMER produced the following warning WARNING GMER has found system modification caused by ROOTKIT activity I have not yet pressed OK Can someone advise me Worse case scenario i'll have to get a hold of an antivirus disk from someone else's computer and run that Thanks in advance GMER - http www gmer net Rootkit scan - - Windows Service Pack Running gmer exe Driver C DOCUME Owner LOCALS Temp pwliapoc sys ---- Devices - GMER ---- Device FileSystem Fastfat FatCdrom tfsnifs sys Direct Access Component VERITAS Software Inc ---- Processes - GMER ---- Library globalroot Device max gt CCD EC x dll hidden C WINDOWS System alg exe x Library globalroot Device max gt CCD EC x dll hidden C Program Files Mozilla Firefox firefox exe x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS system svchost exe x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS system svchost exe x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS System svchost exe x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS System svchost exe x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS Explorer EXE x Library globalroot Device max gt CCD EC x dll hidden C WINDOWS system spoolsv exe x ---- Disk sectors - GMER ---- Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Harddisk DR sector copy of MBR Disk Device Hardd... Read more

A:Nasty Virus, need help

Problem solved.

I found one more malware file running which i did not delete earlier; b.exe. I deleted it and then found i was able to download and install anti spyware updates.

So it appears as though i'm now on my way to solving this problem on my own. I'll soon do full anti-virus scans.

Let me say that i am very impressed with what i've read on this site and i'm grateful for having access to it. A friend of mine said HP wanted 250 dollars from her to fix her computer. I see that that volunteers here fix computers and ask only that one have a little patience -- a very small price to pay, IMO.

Keep up the good work.

Thanks again.

http://www.techsupportforum.com/forums/f50/nasty-virus-need-help-423152.html
Relevancy 46.44%

Hi guys I have what I suspect might be a nasty virus and I've got no idea how to get rid of it it seems to attack through the Internet I've got broadband b c it shuts down my firewall and after that all my programs lock and my computer restarts other than that my internet often just randomly starts working after a short while On average this all happens after about minutes of starting my computer What's worse is I've run ad-aware and norton and they Nasty Virus? don't pick up a single thing I've run the microsoft malicious software removal Nasty Virus? too with no luck my computer often says its low on virtual memory and the strange thing is whenever i try to restart it often says a program called 'nbnock exe' is not responding and I have to end it before it can properly shut down The point is I don't wanna format but this virus is really causing me problems with my study any idea what i should do Btw my computer is AMD Athlon GB HD gig ram etc ie it isn't because of the incompetence of my computer that this is happening

A:Nasty Virus?

nbnock32.exe doesn't show up in any databases I've searched.
Try runing Spybot S&D (with the TX update).
http://www.majorgeeks.com/download4392.html
http://www.majorgeeks.com/download2471.html

Norton has lost my respect, so run "Avast!4Home" and see if it finds anything.
http://www.majorgeeks.com/download1968.html

How secure is your site? That is, have you secured the local logins? Can you little brother walk up to it and start using it without you knowing? I'm wondering becasue the problem you describe makes me think you've been hacked.

Do you have a real firewall, or just the Windows Firewall.

http://www.techsupportforum.com/forums/f284/nasty-virus-48421.html
Relevancy 46.44%

Hi, Thank you for taking time to review my thread...

I recently tried to install a download from Emule, it was "Astonshell 1.9.3. With Crack" and when I double clicked the "Exe." file, my computer restarted on its own, and then I realized that I had no Internet connection, my Internet is wireless, and windows is not detecting any wireless routers, now I know I have Internet, because I'm writing this from my Sisters computer , and my laptop is connecting up fine, so it's not a problem with my Internet Router or connection. I also noticed that I have no Audio at all on music or Video files, and when I tried opening AVG virus Scanner I got a Win32 error.

Could someone please help me? I don't know what to do...

A:Nasty little Virus...

I guess you got this from a P2P?. File sharing is dangerous. Most of the files you come across are infected and not the original program but rather virus's designed to change your pc settings and eventually or/aleast potentially, take over you pc.

Apart from this your in the wrong section.

Go here - http://www.techsupportforum.com/secu...oval-help.html

http://www.techsupportforum.com/forums/f10/nasty-little-virus-239423.html
Relevancy 46.44%

My sons computer has windows xp and runs Norton Anti Virus. He has a Virus that is stopping him from getting on the internet so he can have Norton fix the problem and wont let him run anti virus program on the computer. At first it was putting up random websites on his computer and it gets worse every time he turns it on. Would crashing it out and putting the Operating System and everything back in work? Norton says if he cant get on the internet they cant fix it. Any help would be appreciated, if crashing it would help how would i do that?Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Nasty Virus

Do you have access to a different computer and a thumb drive or CD burner?If so, ----------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.---------------------------------If mbam won't installSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

http://www.bleepingcomputer.com/forums/t/191926/nasty-virus/
Relevancy 46.44%

My friend gave me his computer and told me If I fix It, I can have it, he said there is something wrong with it though.

Well one problem is, the desktop is completely disabled somehow. The Icons are hidden but are there. I can drag two shortcuts on it and it asks me is it ok to copy it. The desktop wallpaper is visible.

Another Problem is, I started uninstalling junk off the computer like , everything toolbar ever created But anytime I tried to uninstall certain things like from AOL the computer just shuts off.

I've ran Hijackthis and got rid of all the bad stuff, I ran virus scan from AVG but freezes, but then shuts off. I've also ran Enditall and set the computer as bare-bones and tried to Uninstall and the virus scan both without luck.

Any one got an Idea?
 

Relevancy 46.44%

So I got this really nasty virus the other day Normally Combofix has cleaned me up in the past well it seemingly has disabled it and no matter what I help Nasty Virus.. try it will not run and deletes itself after I re-download it Malwarebytes just closes down completely and Spybot isn Nasty Virus.. help t deleting everything I m pretty new to all this but here is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE Nasty Virus.. help C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system svchost exe C Program Files Nasty Virus.. help Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS system FastNetSrv exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINDOWS System nvsvc exe C Program Files Viewpoint Common ViewpointService exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Java jre bin jusched exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Dell Media Experience PCMService exe C WINDOWS system dla tfswctrl exe C Program Files Common Files Sonic Update Manager sgtray exe C Program Files Common Files Symantec Shared ccApp exe C Program Files MusicMatch MusicMatch Jukebox mmtask exe C WINDOWS system RUNDLL EXE C Program Files iTunes iTunesHelper exe C Program Files AIM aim exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files AIM aim exe C Program Files LimeWire LimeWire exe C Program Files AIM aolsoftware exe C Program Files UltimateZip uzqkst exe C Program Files Common Files AOL ee aolsoftware exe C Program Files iPod bin iPodService exe C WINDOWS system svchost exe C WINDOWS system rundll exe C WINDOWS svchost exe C WINDOWS svchust exe C WINDOWS system rundll exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook no name - EA - - DB- F -D CA FB C D - no file O - Hosts test com O - Hosts test com O - Hosts -open-davinci com O - Hosts securitysoftwarepayments com O - Hosts privatesecuredpayments com O - Hosts getantivirusplusnow com O - Hosts secure-plus-payments com O - Hosts www getantivirusplusnow com O - Hosts www secure-plus-payments com O - Hosts www securesoftwarebill com O - Hosts google ae O - Hosts google as O - Hosts google at O - Hosts google az O - Hosts google ba O - Hosts google be O - Hosts google bg O - Hosts google bs O - Hosts google ca O - Hosts google cd O - Hosts google com gh O - Hosts google com hk O - Hosts google com jm O - Hosts google com mx O - Hosts google com my O - Hosts google com na O - Hosts google com nf O - Hosts google com ng O - Hosts google ch O - Hosts google com np O - Hosts google com pr O - Hosts google com qa O - Hosts secure privatesecuredpayments com O - Hosts www getavplusnow com O - Hosts safebrowsing-cache google com O - Hosts urs microsoft com O - Hosts secure paysecuresystem com O - Hosts paysoftbillsolution com O - Hosts protected maxisoft... Read more

https://forums.techguy.org/threads/nasty-virus-help.879856/
Relevancy 46.44%

help virus trouble my computer wont go to safe mode due to a virus after pressing f and selecting safemode my comp just restarts but i can go in normal mode the virus also corupted my avira antivirus cause I get an error the av guard has been deleted or destroyed tried everything i know i even used combofix but still had the problem heres my hjt logLogfile of Trend nasty help virus Micro HijackThis v Scan help nasty virus saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes H WINDOWS System smss exeH WINDOWS system winlogon exeH WINDOWS system services exeH WINDOWS system lsass exeH WINDOWS system svchost exeH WINDOWS System svchost exeH WINDOWS system spoolsv exeH Program Files eBoostr EBstrSvc exeH WINDOWS System GEARSec exeH Program Files Java jre bin jqs exeH Program Files HHVcdV Sys VC SecS exeH WINDOWS system ctfmon exeH WINDOWS system wscntfy exeH Program Files HHVcdV Sys VC Play exeH Program Files Java jre bin jusched exeH WINDOWS RTHDCPL EXEH Program Files Ray Adams ATI Tray Tools atitray exeL Internet Download Manager IDMan exeH Program Files eBoostr eBoostrCP exeH Program Files MagicDisc MagicDisc exeL Internet Download Manager IEMonitor exeH Program Files Virtual CD v System VC Tray exeH WINDOWS explorer exeH Program Files SmartBRO USB Modem exeH Program Files Mozilla Firefox firefox exeH Program Files Malwarebytes' Anti-Malware mbam exeH DOCUME kyo KYO LOCALS Temp Rar EX HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - BHO IDM Helper - C - - B-A BF- B C A A - L Internet Download Manager IDMIECC dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - H Program Files Yahoo Companion Installs cpn yt dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - H Program Files Java jre bin ssv dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - H Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - H Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - H Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run IMJPMIG quot H WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run IMEKRMIG H WINDOWS ime imkr IMEKRMIG EXEO - HKLM Run VC Player H Program Files HHVcdV Sys VC Play exeO - HKLM Run SunJavaUpdateSched quot H Program Files Java jre bin jusched exe quot O - HKLM Run Ptipbmf rundll exe ptipbmf dll SetWriteCacheModeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM RunOnce Malwarebytes' Anti-Malware H Program Files Malwarebytes' Anti-Malware mbamgui exe install silentO - HKCU Run AtiTrayTools quot H Program Files Ray Adams ATI Tray Tools atitray exe quot O - HKCU Run ctfmon exe H WINDOWS system ctfmon exeO - HKCU Run IDMan L Internet Download Manager IDMan exe onbootO - HKUS S- - - Run CTFMON EXE H WINDOWS system ctfmon exe User 'SYSTEM' O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User 'SYSTEM' O - HKUS DEFAULT Run CTFMON EXE H WINDOWS system ctfmon exe User 'Default user' O - HKUS DEFAULT RunOnce tscuninstall systemroot system tscupgrd exe User 'Default user' O - Startup MagicDisc lnk H Program Files MagicDisc MagicDisc exeO - Global Startup eBoostr Control Panel lnk H Program Files eBoostr eBoostrCP exeO - Extra context menu item Download all links with IDM - L Internet Download Manager IEGetAll htmO - Extra context menu item Download FLV video content with IDM - L Internet Download Manager IEGetVL htmO - Extra context menu item Download with IDM - L Internet Download Manager IEExt htmO - Extra context menu item E amp xport to Microsoft Excel - res H PROGRA ... Read more

A:help nasty virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/201602/help-nasty-virus/
Relevancy 46.44%

Not exactly sure what it is It has changed my internet explorer home page to this Also have a hijack log here Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Lavasoft Ad-Aware aawservice exe C Program Files x Web Technologies iebtm exe C WINDOWS SysWOW DeltTray exe C WINDOWS RTHDCPL EXE C Program Files x DAEMON Tools virus looking Nasty Pro DTProAgent exe C WINDOWS SysWOW ctfmon exe C Program Files x nerds de LoopBe Trial loough exe C Program Files x Eset nod kui exe C Program Files x Web Technologies wcm exe C Program Files x Java jre bin jusched exe C Program Files x iTunes iTunesHelper exe C Program Files x ASUS AI Suite AiNap AiNap exe C Program Files x Common Files Real Update OB realsched exe C Program Files x Web Technologies iebtmm exe C Program Files x Bonjour mDNSResponder exe C Program Files x Eset nod krn exe C Nasty looking virus WINDOWS SysWOW PnkBstrA exe C Program Files x iPod bin iPodService exe C Program Files x Web Technologies wcs exe C Program Files x Internet Nasty looking virus Explorer iexplore exe C Program Files x Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Nasty looking virus Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local F - REG system ini UserInit userinit O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO no name - D BEAA -A - B -A DA-EC F F F - C Program Files x Web Technologies iebt dll O - HKLM Run nod kui quot C Program Files x Eset nod kui exe quot WAITSERVICE O - HKLM Run SunJavaUpdateSched quot C Program Files x Java jre bin jusched exe quot O - HKLM Run QuickTime Task quot C Program Files x QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files x iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files x Adobe Reader Reader Reader sl exe quot O - HKLM Run Ai Nap quot C Program Files x ASUS AI Suite AiNap AiNap exe quot O - HKLM Run TkBellExe quot C Program Files x Common Files Real Update OB realsched exe quot -osboot O - HKLM Run OSSelectorReinstall C Program Files x Common Files Acronis Acronis Disk Director oss reinstall exe O - HKCU Run DAEMON Tools Pro Agent quot C Program Files x DAEMON Tools Pro DTProAgent exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run SpamBully quot C Program Files x Axaware SpamBully for Outlook Express sb oe exe quot install O - HKLM Policies Explorer Run some C Program Files x Web Technologies wcs exe O - HKLM Policies Explorer Run start C Program Files x Web Technologies iebtm exe O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User LOCAL SERVICE O - HKUS S- - - RunOnce nltide rundll advpack dll LaunchINFSectionEx nLite inf C N User LOCAL SERVICE O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User NETWORK SERVICE O - HKUS S- - - RunOnce tscuninstall systemroot system tscupgrd exe User SYSTEM O - HKUS DEFAULT RunOnce tscuninstall systemroot system tscupgrd exe User Default user O - Global Startup LoopBe Trial Monitor lnk C Program Files x nerds de LoopBe Trial loough exe O - Extra context menu item amp Clean Traces - C Program Files x DAP Privacy Package dapcleanerie htm O - Extr... Read more

Relevancy 46.44%

Cannot access desktop icons via shortcuts desktop icons are messed up When I click on any desktop icon it will not execute IE sits at non responding Basically double clicks on the desktop do not work If I add a short cut to the desktop such as Google Chrome and double click it will not execute have to PC Pro Nasty Virus right click and then open for Chrome to work When I added the new shortcut to the desktop it was not the correct icon Outlook is also giving error msgs The infection added Weatherbug and PC Pro the PC Pro seems to be gone or hiding but not the Weatherbug I have tried to uninstalled via control panel it gives the following error Windows installer service could not be accessed This can occur if running Windows in safe mode or if the Windows Installer is not correctly installed The PC will not allow me to go to restore points either Suggestions Defogger file defogger disable by jpshortstuff Log created Nasty Virus PC Pro at on ldery Checking for autostart values HKCU Run values retrieved HKLM Run values retrieved Checking for services drivers - E O F - DDS file DDS Ver - - - NTFSx Internet Explorer Run by ldery at on - - Microsoft Windows XP Professional GMT - AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA Running Processes C WINDOWS system svchost exe -k DcomLaunch svchost exe c Program Files Microsoft Security Client MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C WINDOWS system svchost exe -k netsvcs C Program Files DefaultTab DefaultTabSearch exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files LEAD Technologies Inc LEADTOOLS ePrint Bin LPSVS N EXE c Program Files Java jre bin jqs exe C Program Files Microsoft SQL Server MSSQL RETSDATA Binn sqlservr exe C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C Program Files Viewpoint Common ViewpointService exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Google Update GoogleUpdate exe C WINDOWS System svchost exe -k imgsvc C WINDOWS system rdpclip exe C WINDOWS Explorer EXE C PROGRA LEADTE LEADTO bin EPRINT EXE C Program Files Analog Devices Core smax pnp exe C Program Files Microsoft Security Client msseces exe C Program Files AWS WeatherBug Weather exe C WINDOWS system ctfmon exe C WINDOWS system wuauclt exe Pseudo HJT Report uStart Page hxxp www google com uURLSearchHooks H - No File uURLSearchHooks H - No File BHO D -C F - efb- B - ECA - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB C B - - D - B - A CD F - No File EB - a - b-a - c a a - No File uRun YouSendIt exe c program files yousendit express YouSendIt exe -ui none uRun Weather c program files aws weatherbug Weather exe uRun ctfmon exe c windows system ctfmon exe mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun vptray c progra symant symant vptray exe mRun ePrint Service c progra leadte leadto bin EPRINT EXE mRun SoundMAXPnP c program files analog devices core smax pnp exe mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun APSDaemon quot c program files common files apple apple application support APSDaemon exe quot mRun MSC quot c program files microsoft security client msseces exe quot -hide -runkey IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Google Sidewiki - c program files google google toolbar component GoogleToolbarDynamic mui en D B AC dll cmsidewiki html IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - ... Read more

A:Nasty Virus PC Pro

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===I suggest we run these tools and make sure all traces of this infection is removed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlDo not mouse click ComboFix's window while it's running. That may cause it to stallNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please download AdwCleaner by Xplode onto your Desktop.Please close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.===Please post the logs and let me know if the problem persists.

http://www.bleepingcomputer.com/forums/t/471381/nasty-virus-pc-pro/
Relevancy 46.44%

So, I have this problem. My computer got infected with trojans and malware a few days before, and i ran a scan with AVG and one with malwarebytes anti-malware. When i wanted to update windows yesterday, it wouldn't work.
Appearently it has to do with BITS (background intelligent transfer service). In services.msc i couldn't start it manually so i started to look in th registry. There i found in HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/BITS/ that one of the registry keys 'Imagepath' is '%fystemroot%\svchost.exe -k netsvcs'. So i changed to fystemroot to systemroot. However, it immediately changed back to fystemroot. Then i tried replacing fystemroot with C:\WINDOWS, but that was immediately changed to Cf\WINDOWS\. I'm in desperate need of help.

I have an XP media center edition, if that helps.

Thanks in advance

A:Help with nasty virus

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;

IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help Forum.

http://www.techsupportforum.com/f50/

Please ensure that you create a new thread in the Virus/Trojan/Spyware Help Forum; not back here in this one.

IMPORTANT - Read This Before Posting For Malware Removal Help

When carrying out the instructions for malware removal,

If you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.

However, it is extremely important to make mention of the fact that you could not complete all of the steps in your post in the Virus/Trojan/Spyware Help Forum.

http://www.techsupportforum.com/f50/

Where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

http://www.techsupportforum.com/forums/f10/help-with-nasty-virus-364561.html
Relevancy 46.44%

Hello My Wife seems to have encountered a nasty little virus associated with istsvc trojan I managed to remove this with symantec s tool however it has other problems It Virus Little Nasty originally came with McAfee s onlline virus program but she never registered or updated it Since we have SBC Yahoo I ve been trying to install and use their virus software The problem is I can t remove the McAfee program It won t auto-uninstall and this virus prevents access to the Nasty Little Virus taskmanager among numerous other things I ve tried booting to safe mode changing file attributes to unhide everything and running a third party virus program to uninstall it but it reports it can t find anything it won t run regedit exe or anything allowing me access to the registry some of the things I ve seen include Pokapoka exe ypager exe dll eetu exe dll campanion exe dll folders include surfaccuracy Igetnet searchassistant programs on the C drive When I tried to get updates from Microsoft I got messages saying the ActiveX control was off instructions to turn them on don t work or are disabled for sbc yahoo browser I use What to do

A:Nasty Little Virus

I suggest you post a HijackThis log for examination.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

http://www.bleepingcomputer.com/forums/t/36122/nasty-little-virus/
Relevancy 46.44%

My computer is infected with a virus I ran AVG and several infected files kept showing up with win virut I have looked this up amp it seems that this is a type virus! Help nasty a with of virus When I start my computer all Help with a nasty virus! that i'm getting is my desk top wallpaper amp the taskbar with the start internet explorer amp firefox quick launch icons amp the clock After a min wait I get a speech Help with a nasty virus! bubble pop up from the bottom right of the screen telling me that Help with a nasty virus! my firewall may be turned off After this pops up all my icons appear but my wallpaper dissappears amp turns to a white background I have ran a tool by AVG for removing the win virut virus but it doesn't seem to have worked properly I can still access the internet use all my programs amp access all my files I have a HijackThis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system svchost exe C WINDOWS eHome ehRecvr exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS eHome ehSched exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C Program Files Google Update GoogleUpdate exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system svchost exe C PROGRA COMMON X Common x nets exe C WINDOWS system ctfmon exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main First Home Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system drivers smss exe O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files HP Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO AVG Security Toolbar BHO - A BC A - F - -AA - D C - C Program Files AVG AVG Toolbar IEToolbar dll O - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files HP Digital Imaging Smart Web Printing hpswp BHO dll O - Toolbar AVG Security Toolbar - CCC A -B CA- -B A - F DD - C Program Files AVG AVG Toolbar IEToolbar dll O - HKLM Run C Documents and Settings Lee tmp exe O - HKLM Run Gqipitigokidon rundll... Read more

http://www.techsupportforum.com/forums/f284/help-with-a-nasty-virus-425901.html
Relevancy 46.44%

hi was wondering if virus Nasty help please anyone could help please i have been asked to fix a friends laptop and its riddled with viruses It blocks internet access to any mircosoft site and avast and knocks of the windows firewall I managed to get malwarebytes on it and it found infected items removed most of these but that has not fixed the problem on performing another scan and another it seams that this virus it duplicating every time i access IE here is the log from the last scan Malwarebytes' Anti-Malware Database version Windows Service Pack Internet Explorer mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Nasty virus please help Memory Modules Infected No malicious items detected Registry Keys Infected HKEY USERS DEFAULT SOFTWARE Microsoft Windows CurrentVersion Explorer ad - b- f -c -b baa f Backdoor Bot - gt Quarantined and deleted successfully HKEY USERS DEFAULT SOFTWARE Microsoft Windows CurrentVersion Explorer bf cd -c d - - bb - f c b dc Backdoor Bot Nasty virus please help - gt Quarantined and deleted successfully HKEY USERS S- - - SOFTWARE Microsoft Windows CurrentVersion Explorer Nasty virus please help ad - b- f -c -b baa f Backdoor Bot - gt Quarantined and deleted successfully HKEY USERS S- - - SOFTWARE Microsoft Windows CurrentVersion Explorer bf cd -c d - - bb - f c b dc Backdoor Bot - gt Quarantined and deleted successfully Registry Values Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Network uid Malware Trace - gt Quarantined and deleted successfully Registry Data Items Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Userinit Spyware Zbot - gt Data c windows system sdra exe - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Userinit Spyware Zbot - gt Data system sdra exe - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon Userinit Hijack Userinit - gt Bad C WINDOWS system userinit exe C WINDOWS system sdra exe Good Userinit exe - gt Quarantined and deleted successfully Folders Infected C WINDOWS system lowsec Stolen data - gt Delete on reboot Files Infected C WINDOWS Temp tmp Spyware Zbot - gt Quarantined and deleted successfully C WINDOWS system lowsec local ds Stolen data - gt Delete on reboot C WINDOWS system lowsec user ds Stolen data - gt Delete on reboot C WINDOWS system sdra exe Spyware Zbot - gt Delete on reboot thanks to anyone who can help hi was wondering if anyone could help please i have been asked to fix a friends laptop and its riddled with viruses It blocks internet access to any mircosoft site and avast and knocks of the windows firewall I managed to get malwarebytes on it and it found infected items removed most of these but that has not fixed the problem on performing another scan and another it seams that this virus it duplicating every time i access IE here is the info DDS Ver - - - NTFSx Run by user at on Internet Explorer Microsoft Windows XP Professional GMT Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS Explorer EXE C WINDOWS system spoolsv exe svchost exe quot C WINDOWS system adsldpcv exe quot C WINDOWS system wscntfy exe C WINDOWS System alg exe C Program Files NETGEAR MA Wireless PC Card Config exe C Program Files NETGEAR WG v WG v exe svchost exe C WINDOWS TEMP VRT tmp C WINDOWS System svchost exe -k HTTPFilter C Program Files Internet Explorer iexplore exe svchost exe C WINDOWS TEMP VRTF tmp C WINDOWS system NOTEPAD EXE svchost exe C WINDOWS TEMP VRT tmp C DOCUME USER LOCALS Temp Temporary Inter... Read more

A:Nasty virus please help

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

http://www.techsupportforum.com/forums/f50/nasty-virus-please-help-439778.html
Relevancy 46.44%

Hey guys I amp m new here and I was wondering if there was anything that could be done for my PC It is so badly infected that I am writing this letter from another computer So here is what happened The other day I was browsing the Virus!!!! One NASTY web when all of the sudden my PC tries to open Acrobat Sensing that something funny was going on I immediately went and tried to do a system restore Well the virus had disabled system restore I then tried running both Malwarebytes and McAfee virus scan The virus disabled Malwarebytres and McAfee would only run for One NASTY Virus!!!! about seconds and then would freeze up Well I then attempted to do a couple of online scans and while they were being run all my windows closed my icons disappeared from my desktop and my taskbar disappeared Well I then restarted my computer and it gave me the amp blue screen of death amp windows error message I think that is what it is called like I said I amp m new here I am able to log on to windows from safe mode but when I do it just gives me a black screen with the words amp safe mode amp in all corners It still won amp t show my icons or my task bar I am able to get task manager to run by hitting ALT CONTROL Delete but it does little good because every time I try to run McAfee Panda Security Adaware or BitDefender it will immediately close these programs down Also if I try to run Malawarebytes Internet Explorer or Windows Defender it gives me a message saying Windows cannot access the specified device path or file You may not have the appropriate permissions to access the item I was able to enable system restore again using regedit but it will not let me actually turn it on in Safe Mode and I cannot log on to Windows regularly because of the error message So pretty much in summary I can only log on to Windows using safe mode And when I do all I get is a black screen with no icons and no task bar I can bring up task manager but when I try to run ANY One NASTY Virus!!!! antivirus or anti-malware One NASTY Virus!!!! program it will either immediately close the program or give me a message that says Windows cannot access the specified device path or file You may not have the appropriate permissions to access the item It also gives the above error message when I try to run internet explorer I cannot run a system restore because even though I have re-enabled it using regedit I have to be logged onto Windows normally to turn it on Whew I know that was a lot but I am just trying to give you guys all the info that you need I have a Dell PC and my operating system is Windows XP Home Edition although I am not sure what version Is there ANYTHING that can be done to save my PC What do you guys think Thanks in advance for the help nbsp

A:One NASTY Virus!!!!

Nevermind guys, I had to reformat the hard drive.
 

https://forums.techguy.org/threads/one-nasty-virus.865578/
Relevancy 46.44%

I have some nasty stuff on my computer that is making it run slower then a snail there is Help! Virus! Nasty Please also a window that pops up every time i do anything on my computer and it says quot system error i have an unknown trojan quot then it of i click on it it takes me to a random Nasty Virus! Please Help! antivirus website or it shuts down IE Please Help I use this computer for my home business Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP Nasty Virus! Please Help! WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS Nasty Virus! Please Help! system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Intel Wireless Bin RegSrvc exeC Program Files CyberLink Shared Files RichVideo exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS system wdfmgr exeC WINDOWS System alg exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC WINDOWS AGRSMMSG exeC Program Files Apoint K Apoint exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Apoint K HidFind exeC WINDOWS system ctfmon exeC PROGRA SYMANT VPTray exeC Program Files Apoint K Apntex exeC Program Files Java jre bin jusched exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Adobe Acrobat Acrobat Acrotray exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files iTunes iTunesHelper exeC Program Files Enigma Software Group SpyHunter SpyHunter exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC PROGRA MICROS rapimgr exeC Program Files Microsoft Office OFFICE OUTLOOK EXEC Program Files iPod bin iPodService exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Internet Explorer iexplore exeC Program Files Microsoft Office OFFICE WINWORD EXEC WINDOWS system rundll exeC Program Files Adobe Acrobat Acrobat Acrobat exeC Documents and Settings tmauser Local Settings Temporary Internet Files Content IE G C YML HiJackThis v exeC WINDOWS system NOTEPAD EXEC Documents and Settings tmauser Local Settings Temporary Internet Files Content IE G C YML HiJackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http phoenix cox net cci homeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDH... Read more

A:Nasty Virus! Please Help!

Hello tmauser1,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

http://www.bleepingcomputer.com/forums/t/135785/nasty-virus-please-help/
Relevancy 46.44%

The problem is when I attempt to visit antiviral websites such as Help!!! Got I've a Nasty Virus norton pctool etc my browser will Help!!! I've Got a Nasty Virus not connect also I finally got around to installing day norton trial and the blasted thing won't let it download updates at all infact it seems to disable my ability to do anything related to antivrus software also it enables me to install remove new old programs I need help my pc is my lifeline for the work that i do from home if ci can't get this thing under control i may lose my job Thanks here are the things you've guys requested i think it's really great for you all to Help!!! I've Got a Nasty Virus do this for free not too many people would DDS Ver - - - NTFSx Run by Uncanny at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - AV Norton Internet Security On-access scanning enabled Updated E A - - -B - C C F SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP Norton Internet Security enabled Updated CBB EE - - DAB- B -D C AA E A FW Norton Internet Security enabled C A C -F F- AC -B -A E C F Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows system Ati evxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows SYSTEM WISPTIS EXE C Program Files Common Files microsoft shared ink TabTip exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe c Program Files Common Files Symantec Shared ccSvcHst exe C Windows system Ati evxx exe C Windows system taskeng exe C Windows SYSTEM WISPTIS EXE C Program Files Common Files microsoft shared ink TabTip exe C Windows system Dwm exe C Windows Explorer EXE C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows RtHDVCpl exe C Program Files NewTech Infosystems NTI Backup Now BkupTray exe C Acer Empowering Technology SysMonitor exe c Program Files Common Files Symantec Shared ccSvcHst exe C Acer Empowering Technology eDataSecurity x eDSLoader exe C Program Files Microsoft Office Communicator communicator exe C Program Files Java jre bin jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Acer Arcade Live Acer HomeMedia Connect Kernel DMS CLMSServer exe C Acer Empowering Technology ePerformance MemCheck exe C Program Files Windows Sidebar sidebar exe C Acer Empowering Technology eRecovery ERAGENT EXE C Program Files Bonjour mDNSResponder exe C Program Files NewTech Infosystems NTI Backup Now Client Agentsvc exe C Acer Empowering Technology eDataSecurity x eDSService exe C Program Files Common Files LightScribe LSSrvc exe C Program Files NewTech Infosystems NTI Backup Now BackupSvc exe C Program Files NewTech Infosystems NTI Backup Now SchedulerSvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files CyberLink Shared Files RichVideo exe C Windows system svchost exe -k imgsvc C Windows system Tablet exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Acer Empowering Technology eRecovery eRecoveryService exe C Acer Empowering Technology eSettings Service capuserv exe C Windows system WUDFHost exe C Windows system WTablet TabUserW exe C Windows system Tablet exe C Windows system wbem wmiprvse exe C Program Files Internet Explorer ieuser exe C Windows System mobsync exe C Program Files Common Files Microsoft Shared Ink InputPersonalization exe c Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Internet Explorer iexplore exe C Windows system Macromed Flash FlashUtil e exe C Users Uncanny Desktop dds scr Pseudo HJT Report uStart Page hxxp www VigRX com clicks clickthrough html a adx mStart Page hxxp en us acer ... Read more

A:Help!!! I've Got a Nasty Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/help-ive-got-a-nasty-virus-396343.html
Relevancy 46.44%

Good Morning I am facing a problem with probably a virus since a few days I am getting messages from my computer a software that I am trying to install for a hardware is not passing the Windows Logo testing Before this message was pointing at an Activity Monitor and is currently mentioning an Antivirus program I tried to make a scan Nasty Virus with McAffee but this virus seem to stop all efforts to use this program I then tried Hijackthis which Nasty Virus finds a Nasty file as followed C DOCUME ALLUSE APPLIC McAfee MSC Updates Installs msc mcinst exe I tried to delete this file but it cannot be found on the Hijckthis virus removal tool and therefor cannot be fix checked I tried loading down other free malware softwares but this effort seems to be impossible Nasty Virus due to the virus Is there any way to get rid of this virus Shall I uninstall McAffee since the virus seems to be connected Any help would be appreciated

A:Nasty Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/504859 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/504859/nasty-virus/
Relevancy 46.44%

So I ve tried almost everything Spywareblast Malwarebytes Superantispyware Spybot Dr nasty virus Seriously Web amp Emsisoft yet nothing can get rid of this nasty virus completely Any help that you could possibly give would be greatly appreciated beyond belief I just got it to where it would let me access files amp directories on my computer again but I m sure it s going to come back again MBRCheck version copy AD Command-line Windows Version Windows XP Professional Windows Information Service Pack build Logical Drives Mask x d Kernel Drivers total x D WINDOWS system ntkrnlpa exe x E WINDOWS Seriously nasty virus system hal dll x AA E WINDOWS system KDCOM DLL xBA BC WINDOWS system BOOTVID dll xB F ACPI sys xBA Seriously nasty virus A WINDOWS system DRIVERS Seriously nasty virus WMILIB SYS xB F pci sys xBA A isapnp sys xBA pciide sys xBA WINDOWS system DRIVERS PCIIDEX SYS xBA B MountMgr sys xB F ftdisk sys xBA AA dmload sys xB F dmio sys xBA PartMgr sys xBA pavboot sys xBA C VolSnap sys xB F B atapi sys xB E B iaStor sys xBA D disk sys xBA E WINDOWS system DRIVERS CLASSPNP SYS xB E B fltmgr sys xB E sr sys xB E KSecDD sys xB DEF WudfPf sys xB D Ntfs sys xB D NDIS sys xBA F ohci sys xBA WINDOWS system DRIVERS BUS SYS xB D B Mup sys xB F kl sys xBA SystemRoot system DRIVERS nic sys xB C SystemRoot system DRIVERS intelppm sys xB C B SystemRoot system DRIVERS nv mini sys xB C SystemRoot system DRIVERS VIDEOPRT SYS xB C E SystemRoot system DRIVERS b xp sys xBA SystemRoot system DRIVERS usbuhci sys xB BFA SystemRoot system DRIVERS USBPORT SYS xBA SystemRoot system DRIVERS usbehci sys xB B E SystemRoot system drivers ctaud k sys xB B A SystemRoot system drivers portcls sys xB C SystemRoot system drivers drmk sys xB B SystemRoot system drivers ks sys xB B SystemRoot system drivers ctoss k sys xBA SystemRoot system drivers ctprxy k sys xBA SystemRoot system DRIVERS fdc sys xB B SystemRoot system DRIVERS parport sys xB C SystemRoot system DRIVERS serial sys xB DB SystemRoot system DRIVERS serenum sys xB C SystemRoot system DRIVERS imapi sys xB C SystemRoot system DRIVERS cdrom sys xB C SystemRoot system DRIVERS redbook sys xBA SystemRoot system DRIVERS GEARAspiWDM sys xB BF SystemRoot system DRIVERS klim sys xBA C SystemRoot system DRIVERS audstub sys xB BE SystemRoot system DRIVERS rasl tp sys xBA SystemRoot system DRIVERS ndistapi sys xB AEA SystemRoot system DRIVERS ndiswan sys xB BD SystemRoot system DRIVERS raspppoe sys xBA SystemRoot system DRIVERS raspptp sys xBA SystemRoot system DRIVERS TDI SYS xB AD SystemRoot system DRIVERS psched sys xBA SystemRoot system DRIVERS msgpc sys xBA A SystemRoot system DRIVERS ptilink sys xBA A SystemRoot system DRIVERS raspti sys xBA E SystemRoot System Drivers RootMdm sys xBA B SystemRoot System Drivers Modem SYS xB AA SystemRoot system DRIVERS rdpdr sys xB SystemRoot system DRIVERS termdd sys xBA SystemRoot system DRIVERS kbdclass sys xBA SystemRoot system DRIVERS mouclass sys xBA E SystemRoot system DRIVERS swenum sys xB A B SystemRoot system DRIVERS update sys xBA SystemRoot system DRIVERS mssmbios sys xBA SystemRoot system DRIVERS atmeltpm sys xBA SystemRoot System Drivers NDProxy SYS xBA SystemRoot system DRIVERS usbhub sys xBA F SystemRoot system DRIVERS USBD SYS xB C SystemRoot system drivers ha x k sys xB SystemRoot system drivers emupia k sys xB SystemRoot system drivers ctsfm k sys xB D SystemRoot system drivers ctac k sys xB AA SystemRoot system DRIVERS flpydisk sys xB F SystemRoot System Drivers i omgmt SYS xADE SystemRoot system DRIVERS klif sys xBA SystemRoot System Drivers Fs Rec SYS xBA D SystemRoot System Drivers Null SYS xBA SystemRoot System Drivers Beep SYS xB A SystemRoot system DRIVERS HIDPARSE SYS xB SystemRoot System drivers vga sys xBA SystemRoot System Drivers mnmdd SYS xBA SystemRoot System DRIVERS RDPCDD sys xB A SystemRoot System Drivers Msfs SYS xB SystemRoot System Drivers Npfs SYS xB A A SystemRoot system DRIVERS rasacd sys xB A SystemRoot system DRIVERS kl sys xAED... Read more

A:Seriously nasty virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425361 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/425361/seriously-nasty-virus/
Relevancy 46.44%

So, I'm pretty new to Windows after leaving OSX. I have Win8.1 with all updates.
Last night I was surfing in Chrome and suddenly it crashed. I restarted my machine and Chrome. When I then went onto some websites I was absolutely bombarded with ads and pop-ups (I run adblock). Even worse is when I click on something I want to look at I get taken to a dodgy page in some dark corner of the net. My machine is nearly unusable. Most video players crash and most websites I visit are now not even worth bothering with. Same with Firefox.
I've downloaded Kapersky, Bitdefender and AVG. None of these can find anything - I really don't know what to do.
I have low technical ability so please be patient with me if you do decide to help.
I'll be happy to answer any questions, provide screenshots, anything.
Thank you so much.
Leon.

A:I have a very nasty virus - PLEASE HELP!!

Hi Leon,, Let's first clean out Chrome.Disable all the PluginsDisabling Plugins in Google ChromeNow we'll get all the junk off the machine.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.ESET Online ScannerHold down Control and click on this link to open ESET Online Scanner in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE: Sometimes if ESET finds no infections it will not create a log.

http://www.bleepingcomputer.com/forums/t/572035/i-have-a-very-nasty-virus-please-help/
Relevancy 46.44%

Hello I recently got quite a nasty virus on my computer and do not know how to fix it It hid all my files refuses to let me access the Internet and won t let me open any program I also have no audio it claims that I have Rid Virus!!! of Me Please a Get Nasty Help no speakers regardless of whether try to use my computer s speakers or my headphones Using Safe Mode with Networking I was able to unhide my files I was also able to unhide programs such as Microsoft Word but it won t let me open any of these programs I was unable to unhide my original Malwarebytes program Whenever I try to reinstall Malwarebytes through a flashdrive I get through all of the installation until the very end Then a notice pops up that quot Acess is denied quot and then quot Error Setup was not completed Please correct the problem and run Please Help Me Get Rid of a Nasty Virus!!! Setup again quot None of the forms of Rkill work either however nothing pops up when I run it The regular RKill screen comes up for the blink of an eye Please Help Me Get Rid of a Nasty Virus!!! but before anything happens it is shut right back down I also tried to install Malwarebytes onto my flash drive rather than just downloading the set-up and then installing to my computer and run it directly from the flash drive It did in fact run and found one minor virus Unfortunately it apparently didn t find or was blocked from finding the virus which is causing my problems as absolutely nothing changed in my computer I don t know how it is Please Help Me Get Rid of a Nasty Virus!!! blocking my Internet I tried looking though Tools- gt Internet Options- gt Proxy Server and that wasn t the problem Any possible help even what exactly this virus is would be greatly appreciated I admit that I have no clue what I m dealing with here I ve never dealt with a virus that has blocked literally everything on my computer like this there was always some way to circumvent it Thank you for your time and help

A:Please Help Me Get Rid of a Nasty Virus!!!

Hello and welcome.Your may be bundling the ZeroAccess rootkit along with the rogue malware. This rootkit will terminate any process that scans one of the items it is protecting in the Windows Registry or the file system. It will then change the permissions on that program so that when you attempt to run it again you will receive an access denied message. If you are infected with this Rootkit, then the following guide will not be able to remove the infection unless you first remove the rootkit. You can attempt to remove the rootkit using TDSSKiller as outlined below.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode<<><<><><><><><><><><><><><><><><><><><><><> Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Next run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your... Read more

http://www.bleepingcomputer.com/forums/t/423488/please-help-me-get-rid-of-a-nasty-virus/
Relevancy 46.44%

Basically, I got this thing called Antivirus Soft. I did the stuff listed here: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft and it worked, but I since restarted my computer. Now it's back and that method won't work. Help please.

Edit:The first time, I ran MBAM, then found the bleepingcomputer page. This time, I can't even get MBAM to open. The "Antivirus Soft" says it's infected. Pretty much does it whenever I try to open anything.

Edit 2: I got it to close the Antivirus Soft crap, and I ran MBAM, but it didn't pick up any infections, meaning it's probably still there.
 

https://forums.techguy.org/threads/nasty-virus.907882/
Relevancy 46.44%

I have run Malwarebytes in safe mode Out of safemode my computer will not allow I a have very believe virus. nasty I it to open and run I can download things to my computer but I cannot download and install an antivirus It did finally let me get the antivirus downloaded but it gives me a proxy error when I try to install it Avast will not run enough to complete a scan Neither in safe mode nor out I've tried to run it both ways In safe mode with networking it says it can't connect When ran in normal mode it won't update and when I try to run a scan it will run for a few files then get 'stuck' on one file and not move at all I couldn't even get it to download to my computer at first but a friend of mine finally got it to download When I run a search I have been getting my search results however I'm also getting several additional tabs from 'Hold Page' This also shows up as a 'bar' on the left hand side of my page as though it's an additional search feature Until my friend I believe I have a very nasty virus. did some tweaking to the computer I couldn't 'Google' anything because I got an error message saying I was behind a proxy I don't believe I am behind a proxy and my friend believes its because of a virus of some sort If I try I believe I have a very nasty virus. to shut down my computer it gets stuck on the Logging off screen and will not shut down It does NOT freeze it just won't shut down She my friend has gotten it to shut down some but for the most part it still won't Another issue is that I have is that there is a program called InternetHelper Toolbar that I CANNOT get off my registry I have tried to remove it several times and it just will not delete

A:I believe I have a very nasty virus.

Hello there    
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
   Please download MiniToolBox to your desktop
Double click MiniToolBox.
Select the following and then press go.
Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
  Please download Malwarebytes Anti-Malware to your desktop
Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
On the dashboard, click update now.
After that, click scan now - the scan will now begin.
When the scan's completed, select apply actions - make sure the action is quarantine.
Restart your computer.
How to get the log.
On the dashboard, select the history tab and click application logs.
Select the log which has the time and date of when you did the scan.
Click copy to clipboard and paste it into your reply.
Please also include the other Malwarebytes Anti-Malware log.
 
Please download Security Check to your desktop
Double click SecurityCheck and follow the on-screen instructions.
A log should open, called checkup.txt.
Please post the contents of it in your next reply.
Non-malware removal steps
 
Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup
Thanks and good luck!

http://www.bleepingcomputer.com/forums/t/560623/i-believe-i-have-a-very-nasty-virus/
Relevancy 46.44%

I've got a pretty nasty virus. Internet explorer automatically closes as soon as it is opened, as does AIM, and my p2p program. Everything is running extremely slow, and littlre things seem to slowly be getting worse. I have Kaspersky AV and Spyware doctor. None of which detect anything wrong. I was seeing if anyone could help.

A:Nasty Virus

SoooIccy,

Hello & welcome to TSF!

We will need a HijackThis log from you. This is the program we use to help diagnose & clean your system. Please read and follow all directions posted in the thread entitled "Please, Read this before posting a Hijack This log

Once you have completed these steps & posted a HJT log, someone will be by to help you.

Regards,

RavenMind

http://www.techsupportforum.com/forums/f284/nasty-virus-71185.html
Relevancy 46.44%

I believe my computer was recently compromised HP computer with Windows Home Premium pre-installed I use Avira antivirus I have a bit OS with latest Windows updates etc Recently started receiving prompts popups from Microsoft stating that Windows may not be Nasty Virus? genuine I went to the Windows Validation website has confirmed this Further investigation revealed that the Windows Key was not the same as posted on the sticker Communication was made with Microsoft which has corrected the issue i think But Windows Authentication website still says Windows is not Nasty Virus? genuine HP was also contacted and it was further determined that the partition may have been corrupted I haven t tried to verify that yet I also believe i have some guests listener s on the computer as well Whoever they are may have left some nasty Trojans rootkits bugs Avira anti virus has confirmed multiple viruses revealed in Java as quot Agent quot class variations Also a quot TR Horse TLS quot class Trojan I uninstalled Java and they mysteriously dissapeared see second Avira scan I have another anti virus program which currently detects viruses quot system cmdlineext x dll quot and quot SysWOW CmdLineExt x dll quot which i believe are related to secuROM st run with Avira Avira AntiVir Personal Report file date Monday August Scanning for virus strains and unwanted programs The program is running as an unrestricted full version Online services are available Licensee Avira AntiVir Personal - FREE Antivirus Serial number -ADJIE- Platform Windows x Windows version plain Boot mode Normally booted Username SYSTEM Version information BUILD DAT Bytes AVSCAN EXE Bytes AVSCAN DLL Bytes LUKE DLL Bytes LUKERES DLL Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes VBASE VDF Bytes Engineversion AEVDF DLL Bytes AESCRIPT DLL Bytes AESCN DLL Bytes AESBX DLL Bytes AERDL DLL Bytes AEPACK DLL Bytes AEOFFICE DLL Bytes AEHEUR DLL Bytes AEHELP DLL Bytes AEGEN DLL Bytes AEEMU DLL Bytes AECORE DLL Bytes AEBB DLL Bytes AVWINLL DLL Bytes AVPREF DLL Bytes AVREP DLL Bytes AVREG DLL Bytes AVSCPLR DLL Bytes AVARKT DLL Bytes AVEVTLOG DLL Bytes SQLITE DLL Bytes AVSMTP DLL Bytes NETNT DLL Bytes RCIMAGE DLL Bytes RCTEXT DLL Bytes Configuration settings for the scan Jobname Complete system scan Configuration file C Program Files x Avira AntiVir Desktop sysscan avp Logging low Primary action interactive Secondary action ignore Scan master boot sector on Scan boot sector on Boot sectors C D Process scan on Extended process scan on Scan registry on Search for rootkits on Integrity checking of system files off Scan all files All files Scan archives on Recursion depth Smart extensions on Macro heuristic on File heuristic medium Start of the scan Monday August Starting search for hidden objects HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Applets SysTray BattMeter Flyout b -f - f - -ff bb df e NOTE The registry entry is invisible HKEY LOCAL MACHINE Software Microsoft Windows CurrentVersion Applets SysTray BattMeter Flyout a - - fab-bc -f f b a NOTE The registry entry is invisible The scan of running processes will be started Scan process iexplore exe - Module s have been scanned Scan process iexplore exe - Module s have been scanned Scan process avscan exe - Module s have been scanned Scan process avscan exe - Module s have been scanned Scan process avgnt exe - Module s have been scanned Scan process sched exe - Module s have been scanned Scan process avguard exe - Module s have been scanned Scan process DVDAgent exe - Module s have ... Read more

A:Nasty Virus?

I believe I see Rootkits in there. The 64 bit limits the tools we can use here in AII and we will need to move you. Are you opposed to reinstalling the system as Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:What danger is presented by rootkits?Rootkits and how to combat themr00tkit Analysis: What Is A RootkitIf your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?What Should I Do If I've Become A Victim Of Identity Theft?Identity Theft Victims Guide - What to doAlthough the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Where to draw the line? When to recommend a format and reinstall?Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.

http://www.bleepingcomputer.com/forums/t/338567/nasty-virus/
Relevancy 46.44%

a few days ago someone started to try and login to my gmail account and today they managed to get my password somehow i found a sticky on reddit that ended up leading here to use rkiller in their guide i did all that days ago and they still managed to get my password so i just done a fresh install and decided to use the guide again and rtkiller found things with the incorrect imagepath is this a sign of having a bad virus or malware here is what it says has the wrong imagepath CompositeBus gt SystemRoot System DriverStore FileRepository compositebus inf amd dfdedc d f CompositeBus sys Incorrect ImagePath NgcSvc gt SystemRoot system svchost exe -k LocalSystemNetworkRestricted Incorrect ImagePath swenum gt have nasty a think virus i i might SystemRoot System drivers swenum sys Incorrect ImagePath this is on a fresh reinstall of windows not sure if that matters im currently i nthe process of installing all the updates i think i might have a nasty virus i just ran malwarebytes again and it didnt find anything any help would be appreciated

A:i think i might have a nasty virus

ive also just scanned with adwcleaner,junkware remover, tdsskiller, and hitmanpro and they all came up with nothing except hitman pro pulled up a ask toolbar that i forgot to untick during installation, so should i be good to go?

http://www.bleepingcomputer.com/forums/t/603103/i-think-i-might-have-a-nasty-virus/
Relevancy 46.44%

Logfile of HijackThis v nasty that from help. virus got i Plz MSN Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System ACS exe C WINDOWS system spoolsv exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS System DVDRAMSV exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS Plz help. i got that nasty virus from MSN System system exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files Synaptics SynTP SynTPLpr Plz help. i got that nasty virus from MSN exe C Program Files Synaptics SynTP SynTPEnh exe Plz help. i got that nasty virus from MSN C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C PROGRA Grisoft AVGFRE avgemc exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files eScorcher eScorcher exe C WINDOWS System supporter exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C WINDOWS System ctfmon exe C Program Files Lavasoft Ad-Aware SE Personal Ad-Aware exe C Program Files MSN Messenger msnmsgr exe C Documents and Settings Owner Desktop HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run Windows system exe O - HKLM Run THotkey C Program Files Toshiba Toshiba Applet thotkey exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run SmoothView C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe O - HKLM Run PadTouch C Program Files TOSHIBA Touch and Launch PadExe exe O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run eScorcher C Program Files eScorcher eScorcher exe O - HKLM Run supporter C WINDOWS System supporter exe O - HKLM RunServices Windows system exe O - HKCU Run TOSCDSPD C Program Files TOSHIBA TOSCDSPD toscdspd exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - HKCU Run ctfmon exe C WINDOWS System ctfmon exe O - Extra button no name - B E C - FCB- CF-AAA - C - no file O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - no file O - Extra button Messenger - BBE - E - D -AD - D AD - C Program Files Yahoo Messenger yhexbmes dll O - Extra 'Tools' menuitem Yahoo Messenger - BBE - E - D -AD - D AD - C Program Files Yahoo Messenger yhexbmes dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Extra 'Tools' menuitem Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - DPF B CFB- - -A -C A C Checkers Class - http messenger zone msn com binary r cab cab O - DPF D F C -CB - EA - D - F EACC F B InstallShield Setup Player K - http www jetsetpoker com setup exe O - DPF F E B A- A - CA- - D CB MSN Photo Upload Tool - http spaces msn com PhotoUpload MsnPUpld cab O - DPF E D DE - - -A - DFAD A D MessengerStatsClient Class - http messenger zone msn com binary t cab cab O - DPF C -AD - D - BE- CB - http www escorcher com webone supporter exe O - DPF B E - ECB- DA- C A- F A FF MsnMessengerSetupDownloadControl Class - http messenger msn com download Ms Downloader cab its the v... Read more

A:Plz help. i got that nasty virus from MSN

i had that worm long ago.

i don't even remember how i got rid of it.

try www.trendmicro.com and see if the online scan will clear it up.

if it doesn't, then it's not a worm or a virus, it's some other peice of malware.

http://www.techsupportforum.com/forums/f284/plz-help-i-got-that-nasty-virus-from-msn-52648.html
Relevancy 46.44%

Hello This is my last effort to get help before I turn my laptop into an expensive coaster or a frisbee I have a Windows Sony Vaio i laptop and a very nasty virus My laptop worked perfectly two days ago with virus NASTY Need help Yesterday afternoon I left my computer and came back to find about twenty of the same pop-up on the screen that looked legitimate saying that there was some kind of error Unfortunately I didn t write it down but another pop-up Need help with NASTY virus window came up that looked like an actual Windows message saying to scan now or restart but there were some grammatical Need help with NASTY virus errors so I could tell it was fake I had been getting the blue screen occasionally the past couple of weeks but was always able to return to normal All of my files on the desktop were greyed out hidden but I have my laptop set so I can see hidden files All of my startup items control panel etc were missing from the start Need help with NASTY virus menu Only a few things remained firefox etc but they wouldn t run anyway After researching online I typed quot System Restore quot in start and was able to ignore the many pop-ups to restore to a previous Windows from the th Took a long time but that worked and once I had it up and running I was able to copy pretty much all of my files to an external hard drive quickly I restarted and was able to get into safe mode I ran Malwarebytes and it found more than items Removed them Scanned with Spybot and it found more items Removed them but it said remained Restarted in regular mode Within minutes the pop-ups started again Ran quot system restore quot again overnight Woke up and it had successfully restored Tried to run quot Vaio Care quot so I could do a quot factory reset quot from its built in drive but within minutes of entering Windows I immediately got the pop-ups and all the programs were gone again - Vaio Care disappeared as I was trying to run it Now - I can t get past the blue screen I should be able to push F or Alt F to get to the Vaio Recovery options when rebooting but when I do I get the blue screen I can press F when the Vaio logo comes up and I get the Advanced Boot Options but I tried safe mode safe mode with networking and safe mode with command prompt and I get the blue screen quot BAD SYSTEM CONFIG INFO quot for each In trying to boot to regular Windows mode I get quot UNMOUNTABLE BOOT VOLUME quot Tried to set it to not restart when there s an error - that didn t work Contacted Sony my laptop is out of warranty and they give you minutes free tech support which I tried twice The only thing they could advise me to do was press F and enter the BIOS then reset the BIOS to factory which I did then try to access Vaio Recovery Still get the same blue screen every time PLEASE HELP A Vaio Recovery Disk is too expensive for me right now and I d almost rather go without a laptop until I can buy a new one another thing to mention - this is not your typical SmartHDD virus - no antivirus popped up on the screen when I WAS able to access Windows I did get the C failed messages though and could not run a CD DVD or anything on an external HD or copy any files when the virus was in effect All of my files on the computer were immediately hidden Thanks so much for your time J

A:Need help with NASTY virus

Hello, and sorry for the delay!This certainly should be fixable, but first we need to find out a bit more about what's going on.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

http://www.bleepingcomputer.com/forums/t/460764/need-help-with-nasty-virus/
Relevancy 46.44%

Hey I m currently having big troubles with malware on my computer Ill try to summarize the problems ive noticed so i appoligize in advance for the messy summary ahead Its even a hazzle to type this as sometimes im unable to type and have to click on the screen to continue typing Internet sometimes quot slows down quot and refuse to load webpages on IE mozilla chrome I often get error messages saying different applications needs to close or stopped working Some of them are DLL files or Exe files Its often Explorer exe for instance or just plain nonsense Like quot unable to launch profile quot or something very similar It does not explain anything at all and seems very malware ish to me Regarding explorer exe Sometimes its very high on memory usage Sometimes the windows layout goes from winXP style to safemode style This even happens in mozilla When this happens im Got nasty virus. a often unable to open different programs skype from the toolbar in the right corner while others work fine If i keep my computer on for some time the sound will disappear If i try to run a mp file i will then Got a nasty virus. get a message saying the drivers are broken After a reboot its all back to normal and im able to play my music or video files Skype is also affected so after some time the sound driver seems to be affected by this problem im having Avira antivirus often find alot of malware but its unable to remove them I tracked one file down wuaucldt exe down and tried to find it in safemode but it wasnt there leaving me to think the file gets created everytime im connected to the internet or running windows normaly I downloaded Malwarebytes and ran it in safemode which found and deleted a few threats including the wuaucldt exe file After rebooting i was unable to reach windows and my PC just kept restarting Couldnt load safemode either I had to load from the last known working state The problems seem to persist after i rolled back I can post the entries Malwarebytes deleted here if you want Ill post the hijackthis log in the next post Thanks Edit Something weird started to happen a few minutes ago and has happened four times now When i open a webpage my computer attempts to download the page or so it seems But lucky for me it it asks for my windows CD so im able to cancel it Its very anoying though nbsp

A:Got a nasty virus.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:21:18, on 11.04.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Games\Steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Benz\Local Settings\Apps\2.0\P7EL9895.XA6\TD9M15J4.CHQ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {B182DADD-BCBA-0351-08E6-67048BE45A77} - c:\windows\system32\hxzgmsfh.dll (file missing)
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 ... Read more

https://forums.techguy.org/threads/got-a-nasty-virus.990789/
Relevancy 46.44%

I have this virus that will not go away. When I tried to do a CHKDSK /R and rebooted the screen went blank black. I had to do a FIXMBR to get back into windows, while all seemed fine and I was listening to aol radio and playing Warcraft III I got the XP Antivirus 2012 virus. Which I had to to boot into safe mode and eventually use rkill.exe to get rid it, but then something else came back. Please help
Thank you, Highdro
Merry Christmas

Oh, I've ran Malwarebytes Antimalware several times, and NOD32 AV.

And System Idle Processs (SYSTEM) in my task manager is using 90-99% of my CPU
 

https://forums.techguy.org/threads/nasty-virus.1032740/
Relevancy 46.44%

My buddy brought me his laptop It Nasty Virus is constantly getting false windows security notices that open to a website to buy a virus scanner It also randomly opens www porno com when left idle Any time you try to install anything it claims that the Nasty Virus administrator has set permissions to not allowed it even in safe mode Most programs and applications including add remove programs msconfig etc give an error saying that the program is infected and wont open This one has me pretty stumped Any way to clear this one out without Nasty Virus wiping it The only virus scanner he had was Avast I tried running mcaffee and spybot over the network and nothing was found Following is the HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE E Programs Hijack This HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http freecodesource com home-page id L R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer http R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run Apoint C Program Files Apoint Apoint exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run Broadcom Wireless Manager UI C WINDOWS system WLTRAY exe O - HKLM Run Dell Wireless Manager UI C WINDOWS system WLTRAY O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe quot tf Intel PROSet Wireless O - HKLM Run PDVDDXSrv quot C Program Files CyberLink PowerDVD DX PDVDDXSrv exe quot O - HKLM Run MP EnsureFileVer C WINDOWS inf unregmp exe EnsureFileVersions O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run kkvmxvny C Documents and Settings Owner Local Settings Application Data viotnn lbuqsftav exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKCU Run kkvmxvny C Documents and Settings Owner Local Settings Application Data viotnn lbuqsftav exe O - Extra button no name - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra 'Tools' menuitem xpsp res dll - - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra button Go PlaySushi - EBD BD -E - FA -A BA-C D CAB - C Program Files PlaySushi PSText dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Options group INTERNATIONAL International O - SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - C WINDOWS system WPDShS... Read more

A:Nasty Virus

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/nasty-virus-459246.html
Relevancy 46.44%

Hey guys my computer has a nasty virus so far i have tried malwarebytes, spybot search and destroy, rkill, hijack this, avg, microsoft security essentials and webroot. I am finding trojan virus's but they are not getting rid of the entire virus. The virus freezes my computer and programs so i am unable to work. When i try to open a program it shuts it down. PLEASE HELP!!

A:Nasty Virus Tried Everything!

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/413914/nasty-virus-tried-everything/
Relevancy 46.44%

Hi i havent been here in a while but now got a different pc with another nasty virus I can't run any scans and spybot help please virus nasty cannot open and a window pops up saying i dont have proper permissions I ran an internet scan and found out a bunch of temporary files are infected This computer is running Windows xp and is a couple years old Thanks in advance DDS Ver - - - NTFSx Run by Rufus at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition nasty virus please help GMT - AV McAfee VirusScan On-access scanning nasty virus please help enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS nasty virus please help system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Juniper Networks Common Files dsNcService exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Program Files Common Files Intuit QuickBooks QBCFMonitorService exe C WINDOWS system svchost exe -k imgsvc C Program Files iPod bin iPodService exe C Program Files HPQ shared hpqwmi exe C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jusched exe C Program Files Java jre bin jqs exe c PROGRA mcafee com agent mcagent exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system wuauclt exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system taskmgr exe C Program Files Opera opera exe C Documents and Settings Rufus Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO ALOT Toolbar BHO ceeaff- dd- -ae -d ecdc c f - c program files alot bin alot dll BHO McAfee Phishing Filter b a- - a -b -be afe ab - c progra mcafee msk mskapbho dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO ADB E- AFF- - AA - DAC DFA - No File BHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Go... Read more

A:nasty virus please help

Hello -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from this location:

Link 1

* IMPORTANT !!! Place it on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.



You can get help on disabling your protection programs here

How to disable McAfee:
Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
and click OK.
Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/...ernalID=222820


How to disable Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.
See this link for a tutorial


Double click on the file you downloaded & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the M... Read more

http://www.techsupportforum.com/forums/f100/nasty-virus-please-help-405404.html
Relevancy 46.44%

i have this horrible virus, trojan dropper.generic_c.mmi. I have no idea how to get rid of if some can please help me I'd very much appreciate it !
 

A:i NEED help getting rid of this nasty virus

...any help please ????
 

https://forums.techguy.org/threads/i-need-help-getting-rid-of-this-nasty-virus.1066598/
Relevancy 46.44%

Virus blocking all virus scans and also wont let me log on windows. I have to open task manager and end a strange looking process and then the black screen disapears and shows my desktop.Ive tried many free scanners they all seem to stop scanning at a certain point. Also Avira wont even install.

A:How to get rid of this nasty virus?

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 6:09:29 PM, on 21-Jan-16Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.18123)FIREFOX: 43.0.3 (x86 en-GB)Boot mode: NormalRunning processes:C:\Program Files (x86)\Company\gupdate\gupdate.exeE:\Steam\Steam.exeE:\Steam\bin\steamwebhelper.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeE:\Steam\GameOverlayUI.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\JK\AppData\Local\Google\Chrome\User Data\SwReporter\5.39.1\software_reporter_tool.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeE:\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?L...R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?L...R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [gupdate] C:\Program Files (x86)\Company\gupdate\gupdate.exeO4 - HKCU\..\Run: [Steam] "E:\Steam\steam.exe" -silentO4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [uTorrent] "C:\Users\JK\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZEDO4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://*.hola.orgO18 - Protocol: skypec2c - {... Read more

http://www.computing.net/answers/security/how-to-get-rid-of-this-nasty-virus/40282.html
Relevancy 46.44%

Just to clarify first of i would like to say that i am far from being a total noob Nasty Virus! in deleting viruses and what not but this may be the worst case scenario With that said I caught my nephew watching porn He turned of the laptop before i confronted him No worries i didn t beat him or anything Problem is a couple of hours later when i went in to check my mail A Nasty Virus! virus confronted ME right at startup screen Would not let me do anything Nasty Virus! but turn of my computer I said to myself quot tis alright i just delete it in safe mode quot Well guess what It did the same thing in safe mode And as i said it wont let me do anything not even open a task manager So i need big help Here s how the window looks like I m pretty sure that s the virus itself disguised as quot antivirus quot Pics taken while the laptop is in safe mode P S I had no antivirus on my laptop Didn t bother to need one since i only check my mail once in a while Until of course my nephew came over Thank you in advance

A:Nasty Virus!

Hello and welcome.I suggest you at least install a free AV and scan with it. ?Avira AntivirIf you cannot use safe mode with networking,then you will need to get the tools onto a USB drive or CD from a clean computer.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, i... Read more

http://www.bleepingcomputer.com/forums/t/340155/nasty-virus/
Relevancy 46.44%

Hey for the past couple of days my computer have been slow and so on and my spybot keeps finding the same virus over and over again but it wont get removed This is my latest spybot search and destroy scan log rid get some cant of! Got virus i nasty please help it says it has removed the viruses but every time i rescan it reappears also tried with malwarebytes but it aint working i - - i - - Product Got some nasty virus i cant get rid of! MS Direct D - - Moving into quarantine HKEY USERS S- - - - - - - Software Microsoft Direct D MostRecentApplication Name - - Successfully cleaned HKEY USERS S- - - - - - - Software Microsoft Direct D MostRecentApplication Name i - - i - - Product Got some nasty virus i cant get rid of! MS DirectInput - - Moving into quarantine HKEY USERS S- - - - - - - Software Microsoft DirectInput MostRecentApplication Name - - Moving into quarantine HKEY USERS S- - - - - - - Software Microsoft DirectInput MostRecentApplication Id - - Successfully cleaned HKEY USERS S- - - - - - - Software Microsoft DirectInput MostRecentApplication Name - - Successfully cleaned HKEY USERS S- - - - - - - Software Microsoft DirectInput MostRecentApplication Id i - - i - - Product Windows Explorer - - Moving into quarantine HKEY USERS S- - - - - - - Software Microsoft Windows CurrentVersion Explorer RecentDocs - - Successfully cleaned HKEY USERS S- - - - - - - Software Microsoft Windows CurrentVersion Explorer RecentDocs i - - i - - Product Cookie - - Moving into quarantine Internet Explorer User gaylord Cookies - - Successfully cleaned Internet Explorer User gaylord Cookies i - - i - - Product Cache - - Moving into quarantine Internet Explorer User gaylord Cache - - Successfully cleaned Internet Explorer User gaylord Cache i - - i - - Summary i - - Errors while cleaning i - - Files moved into quarantine i - - Files successfully cleaned

A:Got some nasty virus i cant get rid of!

No one can help? also some of my programs wont start because of this bleep.. and sorry for the name of my PC.. my friend named it for me and idk how to change it xd

http://www.bleepingcomputer.com/forums/t/588003/got-some-nasty-virus-i-cant-get-rid-of/
Relevancy 46.44%

I have received this computer from my brother, and when I got it, the first thing I did was to run MBAM. MBAM deleted a plethora of viruses, but a few kept coming back, no matter how many times I deleted them. In the end, I decided to try a destructive factory reset, and that seemed to fix the problem. However, just today, five of the viruses I thought were dead and gone have reappeared. I can post an MBAM log if needed, and would really like assistance in getting my task manager back online.

A:Really nasty virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyinformation and logs:In your next post I need the following

.logs from DDSlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/467443/really-nasty-virus/