Windows Support Forum

# SpyQuake removed, Virus Alert in toolbar still showing

Q: SpyQuake removed, Virus Alert in toolbar still showing

Relevancy 100%
Preferred Solution: SpyQuake removed, Virus Alert in toolbar still showing

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

A: SpyQuake removed, Virus Alert in toolbar still showing

WinsockFix- Save it to your desktop. It is unlikely that you will need this program, but in the event you lose internet access after uninstalling WebHancer, double click on this program to run it.

combofix.exe-Save it to your Desktop, we will need this later.
smitRem.exe - Run it and extract it to it's own folder on the Desktop.
Ewido Anti-MalwareInstall Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.
Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Save it in the same folder you made earlier (c:\BFU).

After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Select the first option, to run Windows in Safe Mode.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
WebHancer
NewDotNet or New.Net
AxVenore
GreatMemo
EQArticle
Tclock

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {787F2874-6AF9-1527-F377-116E0F61BB89} - C:\WINDOWS\fmtmvnkh.dll
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\system32\icda0wpw5.dll
O3 - Toolbar: Search - {DD3F7DA6-F6D7-3374-90D5-2E2BE4BF6CE8} - C:\WINDOWS\fmtmvnkh.dll
O4 - HKLM\..\Run: [{91-17-75-54-ZN}] C:\windows\system32\qqdsregs.exe CORN001
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Zack\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [sys022190882010] C:\WINDOWS\sys022190882010.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinrrag.exe CORN001
O4 - HKCU\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Program Files\EQArticle\EQArticle.exe"
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02b35038...p/RdxIE601.cab
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\Documents and Settings\Zack\Application Data\Microsoft\Protect.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\fmtmvnkh.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\LMU.exe
C:\WINDOWS\sys022190882010.exe
C:\WINDOWS\system32\icda0wpw5.dll
C:\windows\system32\qqdsregs.exe
C:\WINDOWS\system32\pwinrrag.exe
C:\WINDOWS\system32\pshwr.exe
C:\WINDOWS\system32\ichckupd.exe
C:\Program Files\webHancer
C:\Program Files\NewDotNet
C:\Program Files\TClock
C:\Program Files\EQArticle
C:\Program Files\GreatMemo

Tools

Tools
Please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it?s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:"Security Info"
"Warning Message"
"Security Desktop"
"Warning Homepage"
"Desktop Uninstall"
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Reboot your system in Normal Mode.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Ewido Log
Combofix Log
A new Hijackthis log

Relevancy 73.53%

A:Spyquake 2.3 Still Not Removed

Hello.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/60082/spyquake-23-still-not-removed/
Relevancy 72.24%

A:Toolbar 888, Smitfraud-c, Spyquake 2, Etc

Hello Angel D,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

Regards,

Rosty.

http://www.bleepingcomputer.com/forums/t/67632/toolbar-888-smitfraud-c-spyquake-2-etc/
Relevancy 68.8%

Relevancy 68.8%

is there any way in which i can know whether a particular website contain virus or not?
I'm currently using Firefox 3.
thanks u so much in advance..

A:Is there any way in which i can get a virus alert in my toolbar?

Relevancy 67.94%

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Relevancy 67.51%

A:security toolbar 7.1 and other virus alert popups

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Relevancy 67.51%

I have a message next to the clock saying virus alert, and pop ups appearing for internet explorer regarding homepage changes. i have run smitfraudfix superantispyware and spyhunter (subsequently finding the dll's which apparently were causing issues) and removed them, however the system still runs slowly and the message on the clock is still there ? your help is very much appreciated!
(and also the original pop up which no longer appears was a worm.win32.netbooster warning which i have understood to be a fake warning to con people into buying adaware software?)

(os is windows xp sp3)

A:Virus Alert Message On Toolbar Clock

Relevancy 67.51%

A:VIRUS ALERT! on toolbar with clock, Smitfraud-C.

Hi

I'm sorry it took so long to get a reply. Forums have been very busy

If you still need help with this post a fresh hjt log, please.

Relevancy 67.51%

Hi, I have a blue circle with a ? in it that alternates to a red circle with a slash in it in my icon tray on the bottom right of my screen. Also, my homepage has been changed to //www.syssecuritysite.com/
on top of that, I have three new shortcut icons on my desktop, which I have already deleted.
ewido didn't find anything, and I don't see anything new in my startup menu through msconfig.
I did remove the program with the same icon through the controll panel, but it is still there.
The circle in the icon tray occasionally comes up with a red and gray screen that says "your computer is infected... click here.."

What is this, and how do I get rid of it, and why didn't ewido see it?

//Mod edit to modify URL above to protect others

A:Annoying Virus Alert Icon In Toolbar

Relevancy 67.08%

Relevancy 66.65%

A:Virus Alert! Bottom Right Of Toolbar, My Computer Missing

Relevancy 66.65%

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Select the first option, to run Windows in Safe Mode, then press Enter

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Relevancy 66.65%

A:VIRUS ALERT! bttom right of screen on toolbar where time normally is

ran malware after reading more threads on this forum..this is the report

Malwarebytes' Anti-Malware 1.12
Database version: 799
Scan type: Quick Scan
Objects scanned: 45144
Time elapsed: 14 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{54192079-8e8a-43d8-bcbc-3874916159af} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5f10624-5bca-45ed-98d6-302fa3f25bb2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ee62603-9bb7-462b-8a8d-e9f4bf11be49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ee62603-9bb7-462b-8a8d-e9f4bf11be49} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bnmt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\DelayLoad (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\818646 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\818646\818646.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Resources\ChkRam.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\xmpstean.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\boqnrwdmvdr.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Relevancy 65.79%

A:Virus Alert Bottom Right Toolbar, My Computer/my Documents Missing

Sorry, just realised I am not supposed to post hijack this logs in forum. I will repost in appropriate forum.

Relevancy 65.36%

I always laughed at "those people", you know the ones who will just click on any random email attachment and infect thier computer monthly. Well, it is payback time. I don't know how but I created a monster. I was infected with Privacy_Danger, Ultimate Cleaner 2007, Winfixer & Vista Antivirus2008. After running Mcafee and SpyHunter3 multiple times in Safe mode as well as normal, I believe I have cleaned all the infected files EXCEPT. I am missing my "Programs" Link, control panel, local drive, I display an Active Desktop recovery background and the system tray time shows in Military time with VIRUS ALERT! attached. What have I done, what can I do?

A:Infection Showing Virus Alert! In Sys Tray

Relevancy 65.36%

Hi

My first post here, so here we go...

Laptop was infected a couple of days ago, windows security alert pop ups, and constant warnings that windows explorer has stopped responding and crashing whatever program that was running

I ran malwarebytes, avg, trojan killer (all in safe mode) all programs reported infections but after removal I was unable to run the laptop 'normally', the only way I could run was in safe mode, but still had the window explorer had stopped working and crashes problem.

I have done a system restore, and everything seems to be working, but slowly!! i have also noticed that i have 'tango' in my add/remove programs which a can't get rid of, I have run malwarebytes but the log is clean.

hijackthis.log   6.72KB

A:windows security alert virus, tango toolbar, slow computer

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT

Relevancy 64.07%

Relevancy 60.2%

A:Removal of "VIRUS ALERT!" message embedded in toolbar clock???

I made a post (below) about this earlier- but I just realized that the Virus Alert is also embedded in the Date and Time Properties, in the Internet Time tab- next to the time as described below:::

Is there anyway to reinstall the clock and nothing else? I think it's harmless now- but very annoying-

(previous post)

I got a virus that changed registry switches, windows graphics, and disabled many functions- most of this has been fixed (I think), using AVG Anti-Virus and various other tools-

But now- there is still a "VIRUS ALERT!" message embedded in the toolbar clock at the bottom right, basically the clock is followed by a colon and the message- if I hide the clock, the message goes away with it- I ran Hijack this if that helps:

------------------------------

Relevancy 59.77%

This persistent message attached itself to all my files using system clock display.
I cannot remember what Virus/trojan horse it was, but at the time of infection I was running the following:

Spybot resident, Zone Alarm, AVG virus protection.

I ran AD-Aware and it detected some Trojan Horses that were removed.
Unfortunately the "virus alert" display is still active.

A:"Virus Alert" display in toolbar clock

Update.

Finally got rid of nasty " virus alert" pop-up after after the 5 basic steps for virus/spyware removal procedure posted on this site.
Although I had to run and re-run them all about 4 times each to detect all malware.
I think my biggest mistake was failure to update my spyware software on a regular basis.
One question remains:
I have the latest editions of Zone Alarm Firewall with Spy Blocker( free edition), Avast Pro 4.8, Spybot S&D with resident, Spyware Blaster and Hijack This.
Seems my boot-up time slowed down somewhat.
Should I be running all these or could I unistall some?
One final comment:
Without this forum's help , my first thought was to reformat all hard drives and start new ... 2 weeks worth .
Kudos to you all for keeping this going.

Relevancy 59.77%

Iv been, for two weeks, trying to fix my parents computer and am at wits end. I have run 2 virus programs, 3 spyware removal programs, 2 registry clean up programs and... I think that's it.

Still have the alert. I don't in safemode though. My virus scans and spyware scans are coming up clean, but it's obvous that something is still there... I think (why else would we have that stupid alert which I'm assuming IS the virus?)

Here's my Log:

Thanks in advance for any help.

A:"VIRUS ALERT!" in toolbar + yellow ! triangle

I see no log.

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.
---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Relevancy 59.34%

I have a toolbar on my taskbar titled "Programs". It has about eight folders in it. I made another toolbar, and placed it directly adjacent to the Programs toolbar, to obscure the eight folders and force it to be a dropdown menu.

Trouble is, as soon as I lock my taskbar, right next to the arrow that displays the eight items of my Programs toolbar in menu-form, one of the eight items is showing up as an icon, as if the other toolbar isn't close enough to the Programs toolbar in order to completely obscure the eight items.

Here's what I mean in graphic form:

It's bugging me to no end. Anyone else had this problem/resolved it?

A:Toolbar on taskbar should only be showing an arrow but is showing icon

Hello thewonkits, and welcome to Seven Forums.

I notice this happens when using small icons for a toolbar. If you like, you could unlock the taskbar, right click on the dotted separator line to the left of the two top far left toolbars (one at a time) click on View and Large Icons, then lock the taskbar to see if that may look ok to you. It will make the top row a bit bigger though.

Hopefully someone may know a better way to hide that bit of icon poking out when locked.

Relevancy 59.34%

A:Security Toolbar 7.1 / Security Alert: [email protected]

Relevancy 58.05%

Hi guys,

I installed something on my computer which infected it with virus (dumb). I already cleaned them all, including brower hijackers, spyware and viruses. But there is one thing that i can't clean no matter how i try. I used avast! Antivirus Home 4, microsoft antispyware and Spyware Doctor all to search for malware. Spyware doctor found some and deleted them, and I deleted some manualy. I can't get rid of this though. Click on this link to see what I mean - http://img317.imageshack.us/img317/2774/virusjo8.jpg

Thanks,

Relevancy 55.9%

its been long enough I can bump right?

Relevancy 53.75%

A:Security Toolbar 7.1 removed....i think.

Hello and Welcome, jabu32. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

That HijackThis log looks clean. HijackThis is somewhat limited, however.

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

---------------------------------------------------------------------------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

http://www.techsupportforum.com/forums/f284/security-toolbar-7-1-removed-i-think-300854.html
Relevancy 53.75%

I am using Outlook 2003 and I accidently removed one of the Toolbars as shown below.

The bottom one I can no longer see in Outlook. How do I get it back. I have tried turning all the toolbars on and off under View-->Toolbars and none those turn that tool bar back on.

Help would be greatly appreciated.

A:Accidently Removed A Toolbar

Hi,
Right click on a blank spot to the right of Help
Check the unchecked items.

http://www.sevenforums.com/browsers-mail/396864-accidently-removed-toolbar.html
Relevancy 53.75%

A:System Alert In Toolbar Not Related To Pc

Relevancy 53.75%

I use windows xp and I keep getting this fake system alert on my tool bar how do i get rid of it please help

Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Relevancy 53.32%

Apparently my system is infected with the adware Powersearch toolbar.http://www.pctools.com/en/mrc/infections/i...arch%20Toolbar/Here is more information on this type of adware.I scanned with Spyware Doctor a few days ago and got this result. I removed it. I then scanned the following day and Spyware Doctor once again detected Powersearch Toolbar. I removed it once again. I repeated this process yesterday- same result. Now I scanned today and it is still there. Evidently Spyware Doctor cannot remove it. Can someone please help?

A:Powersearch Toolbar Not Fully Removed

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modehttp://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

http://www.bleepingcomputer.com/forums/t/97107/powersearch-toolbar-not-fully-removed/
Relevancy 53.32%

This isn't a problem, just a point of info.

The MSN toolbar magically appeared on my IE browser today.

I removed it w/ the add/remove function in the control board.

I don't know if it's related to the recent upgrades in Microsoft Windows XP, but that's the only thing I've done recently that I can think of.

I noticed there's another program, labeled "MSN" but w/ no support info. Does anyone know if this is related to instant messaging (which I've tried to shut down on my computer)?

Can it, & should it, be safely removed?

A:FYI, MSN toolbar appeared in IE browser (& removed)

MSn toolbar comes installed with alot of applications. when you install MSn messenger it also installs MSn toolbar if i remeber

http://www.techsupportforum.com/forums/f56/fyi-msn-toolbar-appeared-in-ie-browser-and-removed-322994.html
Relevancy 53.32%

A:Removed Ask toolbar but still acting strange

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3.let me know of any problems you may have had[/list]Gringo

Relevancy 53.32%

I thought these notes on my recent experience may help othersSymptoms Malware it how I Antivirus removed Alert - Pro System Antivirus System Pro Alert is running on the start screen with multiple error messages saying the PC is infected Attempting to run any other programs results in an error message stating Antivirus System Pro Alert Malware - how I removed it that the program is infected This meant that task manager and the current virus scan cannot be run This is a malware virus and seems to initiate at PC start up The PC was re-started in safe mode by pressing F during re-boot The current virus scan was run with no viruses found The PC was re-started and the same problem was present The PC was re-started in safe mode Using the bleeping com web site suggestions I downloaded two programs rkill and malwarebytes These were downloaded on a good PC and copied to the faulty PC Both programs were run and malwarebytes reported multiple worm allaple infections which were removed After re-starting the PC the same problem was seen The malwarebytes program was run again this time in extended scan mode and a further infected file was found and removed I then copied Revo Uninstaller to the affected PC Looking at the list of programs that start up on the PC I could see two that I did not recognise They were both called qsorynfs which pointed to location documents admin local settings application data hvhuvw and to program vcmsysguard exe i e each time the PC starts up this program would be run I deleted the vcmsysguard exe program and the folder hvhuvw I also disabled qsorynfs using Revo Uninstaller The PC was re-started and there were no re-occurrences of the error messages I re-ran the current virus protection and further copies of worm allaple infections were found and removed The PC was restarted again and the current virus protection run and no further infections were found I hope these notes help ThanksRayEDIT Moved to a more appropriate forum

Relevancy 53.32%

I have this exact same problem, could someone please help? i know it says not to follow the previous instuctions because they are user specific, but it's tempting!!!

Here's a copy of my MBAM log

Malwarebytes' Anti-Malware 1.43
Database version: 3486
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/01/2010 12:31:10
mbam-log-2010-01-03 (12-31-10).txt

Scan type: Quick Scan
Objects scanned: 154944
Time elapsed: 1 hour(s), 54 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\friendlyname (Trojan.FakeAlert) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

thanks

A:MBAM trojan fake alert not removed.

Hello,

I moved your post to a separate topic. Posting about your problem in someone elses topic is considered hijacking a thread and is not allowed. Furthermore, its a lot simpler to have your own topic, as people will only reply to your issues

Please let me know if you are having any problems with your computer besides this MBAM detection.

Relevancy 52.89%

A:System Alert Pop Up In Toolbar. Homepage Hijacked

Hello SpaceGhost618,Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Relevancy 52.89%

A:Spyware Alert! on toolbar and annoying popups! HELP!!!

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Relevancy 52.89%

A:System Alert:malware Threats In The Toolbar

Relevancy 52.89%

Relevancy 52.89%

Relevancy 52.89%

A:ShopAtHome Toolbar removed, Laptop Slow

Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/483612/shopathome-toolbar-removed-laptop-slow/
Relevancy 52.89%

A:Solved: security toolbar 7.1, how do i know if i have removed it correctly

Relevancy 52.89%

I but Toolbar WhiteSmoke persists slowness Removed have an Asus Eee PC he running Windows XP Pro SP Computer was running slowly Audio Removed WhiteSmoke Toolbar but slowness persists unable to play normally Always choppy Programs take very long to open etc Did scan with SUPERAntiSpyware and removed everything Removed WhiteSmoke Toolbar but slowness persists it found I did not write down what it found and removed as I falsely assumed that the removal would solve the slowness problems Uninstalled the WhiteSmoke Toolbar using the steps found here http malwaretips com blogs remove-whitesmoke-toolbar This included removing WhiteSmoke Toolbar extension from FireFox using AdwCleaner to removed WhiteSmoke Toolbar registry entries running a computer scan with Malwarebytes Anti-Malware and finally running a computer scan with HitmanPro I followed all of these steps Problem persists even though antivirus progams avast and AVG and antispyware antimalware programs SUPERAntiSpyware MalwareBytes show clean reports Because of the connection between WhiteSmoke Toolbar and TDSS rootkit infection reported here http www bleepingcomputer com forums t whitesmoke-toolbar I downloaded and ran TDSSKiller No threats were found I have also defragmented the hard drive which took hours even though it's only a gb drive divided into two equally-sized partitions and run scandisk I have heard that System Restore can cause problems when systems are infected and the only restore point that was listed was recent since the issue arose so I turned off System Restore I can't think of any other steps I've taken that I should list that might be relevant helpful for you to know What next steps can I take to investigate further Thank you in advance for your help

A:Removed WhiteSmoke Toolbar but slowness persists

http://www.bleepingcomputer.com/forums/t/498777/removed-whitesmoke-toolbar-but-slowness-persists/
Relevancy 52.46%

A:Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Relevancy 52.46%

A:Solved: System Alert Message in Taskbar (Pop-Up) - Need Help Getting It Removed

Relevancy 52.46%

Hi,

So, a while ago I had a mess with this thing, constant popups, etc. I found advice on this site re how to remove it, and all the popups stopped!!! It was great. This was a few weeks ago.

However, I just noticed now that it is still in the "add revome programs" list (285 MB!), and when I click to remove it I get a message saying it might have already been removed, and asking me if I want to remove it from the list.

How do I know if it was really removed or not? There are certainly NO popups.

THANKS!!

A:"system Alert Popup" Removed But Still In Programs List?

Welcome to Bleeping Computer veggiegirl,Try removing it from your Add/Remove Program list in Safe Mode.

Relevancy 52.46%

A:I cannot open programs such as google toolbar, ebay toolbar and my Norton anti-virus

Relevancy 52.46%

I found this topic that seems related to my issue, though i don't want to do anything that may be unnecessary/harmful for my particular situation.http://www.bleepingcomputer.com/forums/lof...5B/t107817.html

Relevancy 52.46%

A:Diagnose This Please - Was Originally Security Toolbar 7.1 And Now Is Fake Alert Pop Ups

Relevancy 52.46%

Recently on my computer I have had these warnings pop up. One is a flashing triangle with an exclamation point in it and it says "System Alert: Popups - Your computer is infected with spyware managing pop-up malware (OHPE ver 4.12_23). Click the icon to learn more on what you can do about pop-up windows and other unwanted software." and then there is another icon that is a flashing red warning circle that turns into a green arrow. It opens up the SpyFalcon website. My HJT log has been moved to the HJT Forum.

I hope someone can help me.
Thanks.

Relevancy 52.46%

I am screwed...my kids got this virus on my work laptop.
It just keeps popping up

Can anyone help please get rid of this virus..
Thanks,
Stephen

Relevancy 52.03%

Running IE6.0 and Windows XP on a Dell 2400 with 512MBRAM. Recently infected with Prosearch toolbar. Followed instruction on various other posts to customize Adaware search settings, install Spybot S&D and Spyware. Sucessfully ran revised Adaware and Sypbot, removed many files (must have had more hijackers than I knew) but still have Prosearch toolbar (and perhaps others).

Looks like my next step might be a HJT posting, which I'm ready to do. Already have log, but don't want to clog post unless necessary.

Any direction would be greatly appreciated.

KAT

Relevancy 52.03%

Hi

I'd really appreciate some help with this.

I put my machine online for the first time the other day and within 24 hours it was infected! I have now got the firewall on (!) and upped my security settings.

I used smitfraudfix as demonstrated on this website (thank you) and all seems to be back to normal except for the annoying pop up flashing away in the toolbar. Can anyone help me get rid of it???? I have tried just about every virus/spyware scan known to man and it still remains!

I am new to this so any help will have to be idiot proof!

Thanks
Oliver.

A:I Have Removed Spylocked But The Flashing Toolbar Icon Remains..

Assuming it is one of the smitfraud infections, Super Antispyware should take care of it. Use both programs.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html

http://www.bleepingcomputer.com/forums/t/89920/i-have-removed-spylocked-but-the-flashing-toolbar-icon-remains/
Relevancy 52.03%

In this computer the internet toolbar is not showing up the whole time. The only time it shows up is when you roll your mouse over the top of the screen where it's supposed to be. Please tell me how to fix it.

A:Internet Toolbar Not Showing Up

Wrong section.
I don't quite remember what key to push, but it's one of the F buttons.
(F1, F2, etc.)

http://www.techsupportforum.com/forums/f56/internet-toolbar-not-showing-up-285346.html
Relevancy 52.03%

this PC I have I rarely use. do very little web surfing on it. almost never. today I run spybot SD, and it's showing malware and adware entries...

Montera.toolbar
Delta.toolbar.

delta.toolbar I've seen many times on multiple PCs...

my question is, where is this coming from? I don't install or use toolbars, so why is this here? I use firefox... is their some setting I can use to stop this junk from installing? (if it's coming from the web or web surfing that is)?. it's got to be coming from the very little web surfing I do since I also rarely install programs on this machine. only programs I've installed recently were IMGburn and CDBurnerXP. could it have came from those programs?

thanks.

A:toolbar malware keeps showing up? how?

Unfortunately installing anything can try to install other software such as toolbars.
You must read each screen in the installation process and make sure to uncheck anything that is checked by default to install other software.
In some cases in the Terms it states other software will be installed...I would cancel the install if I ever see that.
It can also make a difference where you downloaded the installer from.
Some sites may package the installer with things you don't want.

http://www.sevenforums.com/system-security/293345-toolbar-malware-keeps-showing-up-how.html
Relevancy 52.03%

hey, so i was online and everything was working fine. i always turn my comp off at night and then start it back up the next day. when i started it back up, all my internet settings were different. the toolbar at the top is no longer there. there are no options like file, edit, tools, address bar, etc. i have been trying to search my comp settings to figure it out, but i can't. can you help?

A:internet toolbar not showing up

Hi,
Select view at the top of the explorer window. then Tools bars.

http://www.techsupportforum.com/forums/f10/internet-toolbar-not-showing-up-122371.html
Relevancy 51.6%

A:Removed System Repair, Certified Toolbar & Protected Search, now have 0 kb fil

http://www.bleepingcomputer.com/forums/t/488800/removed-system-repair-certified-toolbar-protected-search-now-have-0-kb-fil/
Relevancy 51.6%

Every time I try for firefox, I get a yahoo toolbar.  I do not have yahoo.  It started with Mydialsearch malware which has been removedEdit: Moved from Windows 7 to AII. ~ Computerxpds

A:unable to uninstall yahoo toolbar. it started with mydialsearch(removed)

Hi john holden Let's take a closer look at this issue.MiniToolBoxDownload MiniToolBox and move the executable file to your Desktop;Execute MiniToolBox and check the following options:Flush DNS;Report IE Proxy Settings;Reset IE Proxy Settings;Report FF Proxy Settings;Reset FF Proxy Settings;List content of Hosts;List Installed Programs;List Last 10 Event Viewer Errors;List Devices - Only Problems;List Users, Partitions and Memory size;Once this is done, click on Go and wait for the scan to complete;Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

http://www.bleepingcomputer.com/forums/t/571336/unable-to-uninstall-yahoo-toolbar-it-started-with-mydialsearchremoved/
Relevancy 51.6%

Sloppy mouse swipe> Favorites folder removed from toolbar (Favorites tab)
and deposited onto desktop (as folder icon w complete contents).
How to "re insert?" back into Favorites on toolbar tab? Tks much. M.

note. the Favorites tab is still on the toolbar and has a couple folders/
links in it incl "Favorites Bar" and "Websites For United States" and my
business folder- just missing the other folders/ subfolders. tks.

http://www.sevenforums.com/general-discussion/400531-sloppy-mouse-swipe-favorites-folder-removed-toolbar.html
Relevancy 51.6%

A:removed windows vista 2012 and now redirects and "resident sheild alert"

Relevancy 51.17%

I just purchased a laptop that comes with Windows Vista SP1. All good, right? Well, sort. I love the operating system. Pretty smooth, the looks are amazing and it runs just fine. I don't see how people are complaining about it, I love how everything is built into another thing and another and so on.

The only thing that annoys me is the UAC, cause it asks me to run some programs that I use often, and it can get very annoying. So, I disabled UAC. All fine and dandy, except for two things:

1. The icon still remains on those programs that have been blocked.
2. The security center icon won't leave me alone, and I don't want to disable alerts from the security center.

Is there anyway to fix these two problems? Thanks!

Relevancy 50.74%

Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user account listed. Any help would be appreciated.

BTW, I cannot login to windows AT ALL!

A:Login name removed after ransom virus removed

I wouldn't trust a used computer without reinstalling Windows.
No telling what is on it or what has been done to it.
If the PC has a valid COA with a readable license you can do a clean install at no cost.
This tutorial has everything needed for a clean install.
Clean Reinstall - Factory OEM Windows 7

Relevancy 50.74%

Relevancy 50.74%

Hello,

I'm using XP Pro with SP3 and I realized today that the drop down menu for customizing my notifcations toolbar isn't "working." That is, when I go into Taskbar and Start Menu Properties >> Customize taskbar, everything is set for "hide when inactive" and the drop down menu doesn't work (ie, if I click the downarrow, nothing happens)

Also, only the "Current Items" are listed (no "Past Items") I've tried clicking restore defaults but no luck. Here's a screen shot -- I'm clicking the down arrow on the menu but only a small black bar appears beneath the field.

I've installed several programs during the past couple of days (Thunderbird for one). Could that be causing this? It's been quite a while since I used that function so I don't know when it went on the blink.

Any suggestions?

Barbara

A:No options showing up in customize notification toolbar

What does the page before that have? Do you have the box checked to get you to that screen you have a screenshot of?

Relevancy 50.74%

A:Ask Toolbar always showing in Malware when ran, Not in Programs to uninstall

Relevancy 50.31%

Please see the picture. (folder names are deleted by me)

OK, yesterday there were those 3 shortcuts in top, 3 directories, and 'notepad, calculator, ms paint', I use all of those everyday, so it's not mistaken.

And today I suddenly discovered that calculator and ms paint shortcuts are gone.

So I checked the directory, and- (as you can see in the picture)
1.calculator shortcut is still there, but hidden in the start menu.
2.ms paint shortcut is removed.

So I googled for information and did what I could, I ran unhide.exe, anti-virus(avast), and anti-malware(malwarebyte), and I think my pc is clean, no virus or malware deteced. and calculator shortcut is still not showing.

I'm afraid if it's a sign of some remote manipulation from some trojan or someone.

How can I solve this?

A:Pinned start menu shortcuts removed/not showing. (win 7)

Hello Juj, and welcome to Seven Forums.

The area in your Start Menu shortcut looks like "recent items" instead of "pinned programs". "Pinned programs" would be above another line above your "recent items".

If able to, what happens when you "Pin to Start Menu" these programs? Are they pinned to the Start Menu afterwards?

Start Menu - Pin or Unpin a Program to

Relevancy 50.31%

Hi there,

I have AVG Free 9.0 and last night it detected Trojan.generic16.ALCQ on my computer. So I deleted the folder from my computer and emptied the recycle bin. However, I ran the scan again and it was picking up the trojan in C:\$recycle.bin\.... I went to this folder but couldn't see anything. Obviously hidden files, I unhid them and deleted that folder and emptied the recycle bin. Ran AVG again and they are STILL showing in the$recyclebin but when I go to that folder, there is NOTHING there.

What do I do?

A:Generic trojan, I've manually removed but still showing on scans

http://www.bleepingcomputer.com/forums/t/299993/generic-trojan-ive-manually-removed-but-still-showing-on-scans/
Relevancy 50.31%

I am running windows Vista home bit I started dos removed router recently showing attack viruses is this because after removing some viruses with MBAM and AVIRA router is showing dos attack viruses recently removed as well as uninstalling norton I have ran the norton removal tool my atheros wireless driver started reporting local only after router is showing dos attack viruses recently removed reinstalling drivers and trying multiple things I started a topic under the windows vista portion of this forum but I have a feeling that there is still a problem with an infection because router is showing dos attack viruses recently removed after checking my router logs again I saw a DOS attack from a listed IP address Please PM me and I can send you my router logs I reset them after working on the laptop so they are fresh I also can explain them as far as which machines are mine and what im worried about I apologize if this is getting out of hand as far as one post one problem im trying to post the related issues together And if anything is confusing or unclear just let me know and I will fix it old wireless post for reference im closing till I handle this first http www bleepingcomputer com forums index php app forums amp module post amp section post amp do reply post amp f amp t -I have ran MBAM malaware anti bytes I also ran this after manually booting to safe mode but my laptop shuts down when doing this during the scan -I have ran AVIRA I also ran this after manually booting to safe mode but my laptop shuts down when doing this during the scan -I have taken the steps listed under the Preparation Guide from your forum and zipped the files for convenice they are attached edit I have also already installed HJT just as well when I take further action with this laptop it will be remotly using a program called quot Teamviewer quot I use the free version I dont install it I just run it I am not sure if that needs to be mentioned or not edit

A:router is showing dos attack viruses recently removed

http://www.bleepingcomputer.com/forums/t/423325/router-is-showing-dos-attack-viruses-recently-removed/
Relevancy 50.31%

I have lost an indication in my toolbar area of any running programs or open Internet Explorer Windows. Am using WinXP ..... The only Toolbars seemingly available to me are: Quick Launch, Address Bar, Links, Desktop and MediaPlayer.....I often open multiple copies of IE and I like to see what is open.......Any suggestions or links to interesting task manager type programs that would afford me quick access to what is running on my PC??

Thanks,

LettuceChat in Florida

A:Toolbar not showing running programs or open IE Windows

Try this:
Start/Run type: rundll32.exe setupwbv.dll,IE6Maintenance

A box will open up giving you three options,the one you want is the middle one.
Select it and then ok

Relevancy 47.3%

Hi, I was working on my pc last night. I left the room and when I came back my desktop wallpaper was gone and replaced by a screen stating the following: WARNING - Your're in Danger etc etc. I couldn't open any programmes I just kept getting pop-ups asking me to buy a product to get rid of spyware - it was called system tool? I restarted pc in safe mode and ran Malwarebytes anti-malware. It eventually (after pc crashing a couple of times) found and removed "Trojan.Fake Alert" and "Trojan.zbotR.Gen". I can now use the pc but am worried that it may still be infected I have tried to scan it with AVG but pc keeps shutting down before scan is completed. I'd be grateful for any advice, Thanks

A:MBAM Removed Trojan.Fake Alert and Trojan.zbotR.gen Is my PC Still Infected?

My hubby had this problem. It took me ages to sort it out.
Nothing stays open long enough, if it will open, to sort it out. I had to open XP in safe mode by continuously pressing F8 on start up. I followed instructions on how to use RKill found on this site. RKill stopped the virus from preventing internet etc from being opened.
Don't reboot after using RKill or the virus might return, use Malwarebytes to clean it up first, I did this after I had run RKill in safe mode and also had to use RKill again followed by Malwarebytes in usual windows XP when the virus returned after computer had been turned off completely and restarted. The system is now clean and virus has not returned.
Also, something called BADARemote seems to carry viruses, when I cleaned out the virus, the BADARemote icon was in my start up menu where the icon for the bogus security centre had been. I googled BADARemote and found others had had problems with it too, thinking it was supposed to be on the system. It is easily got rid of, I found instructions in google, will try to find a link for you if you have the same problem as we did.
Best wishes.
K

P.S. trouble started with hubby clicking on a web link so make sure you have your security settings enabled to warn you of potentially danger in real time from such links.

Relevancy 47.3%

A:"Windows Security Alert" continues after XPAntivirus removed

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

=========

P2P

P2P - I see you have P2P software LimeWire 4.18.3 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

=========

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

==========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
C:\Combofix.txt
Hijackthis Log

Relevancy 46.87%

A:Solved: "WinAntiSpyware Alert!" malware? Toolbar? How to get rid of

Relevancy 46.87%

A:Help! Accidentally removed WindowsXP Component Unable to Access Windows Update or See Windows Icons in toolbar

Try reinstalling Avast?

http://www.bleepingcomputer.com/forums/t/359138/help-accidentally-removed-windowsxp-component-unable-to-access-windows-update-or-see-windows-icons-in-toolbar/
Relevancy 46.44%

Relevancy 46.44%

I managed to get another trojan on my computer - - HJT Log Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Spyquake Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss Spyquake exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Spyquake Explorer EXE C WINDOWS ehome ehtray exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C Program Files DISC DiscUpdateMgr exe C Program Files HP HP Software Update HPwuSchd exe C Program Files Java jre bin jusched exe C HP KBD KBD EXE C Program Files Common Files Real Update OB realsched exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Common Files AOL ee services sscAntiSpywarePlugin ver AOLSP Scheduler exe C Program Files mcafee com antivirus mcvsescn exe C Program Files mcafee com personal firewall MPfTray exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C Program Files America Online waol exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files AOL ee services sscFirewallPlugin ver SSCEvtHdlr exe C Program Files Common Files AOL ACS AOLAcsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C Program Files Common Files AOL ee services sscFirewallPlugin ver aolavupd exe C WINDOWS arservice exe C Program Files Common Files AOL TopSpeed aoltpspd exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Firebird Firebird bin fbguard exe C Program Files Intel Intel Spyquake Matrix Storage Manager iaantmon exe C Program Files Common Files LightScribe LSSrvc exe C Program Files HP Digital Imaging bin hpqSTE exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files mcafee com personal firewall MPFService exe C WINDOWS system nvsvc exe C Program Files Spyware Doctor sdhelp exe C Program Files America Online shellmon exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS ehome mcrdsvc exe C Program Files Intel IntelDH Intel R Quick Resume Technology ELService exe C WINDOWS system dllhost exe C Program Files Firebird Firebird bin fbserver exe C WINDOWS System alg exe C WINDOWS eHome ehmsas exe C WINDOWS RTHDCPL EXE C Program Files Mozilla Firefox firefox exe c windows system hpsysdrv exe C Program Files iTunes iTunesHelper exe C Program Files iPod bin iPodService exe C WINDOWS system dcomcfg exe C WINDOWS system atmclk exe C WINDOWS system rundll exe c program files common files aol ee aolssc exe COMPUTER HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com cust www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer SearchURL Default http ... Read more

A:Spyquake

Hello DJ-Zep, and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst,
and I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time

http://www.techsupportforum.com/forums/f100/spyquake-106059.html
Relevancy 46.44%

A:Spyquake And Maybe Another

http://www.bleepingcomputer.com/forums/t/48110/spyquake-and-maybe-another/
Relevancy 46.44%

A:How Can I Get Through To My Dad... Spyquake

Here is a new HJT log and activescan log -Logfile of HijackThis v1.99.1Scan saved at 7:01:55 PM, on 7/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\progra~1\softwin\bitdef~1\bdswitch.exeC:\progra~1\softwin\bitdef~1\bdnagent.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ABIT\ABIT uGuru\uGuru.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exeC:\Program Files\AVerTV 6.0\AVerQT.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\WINDOWS\System32\svchost.exeC:\HJT\HijackThis.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Softwin\BitDefender9\vsserv.exec:\progra~1\softwin\bitdef~1\bdmcon.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: BlueSoleil.lnk = ?O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exeO8 - Extra context menu item: E&... Read more

Relevancy 46.44%

Hey Tech Guys I am running an HP Pavilion finally see http forums techguy SpyQuake Help org windows-nt- -xp -xp-bootup-screwup- html and as soon as thething started up SpyQuake took over I ve uninstalled and deleted the programs and its buddies to no avail Shutting down the Windows Messenger didn t even stop it I m tearing my hair out at this point Logfile of HijackThis v Scan saved at PM on Platform Windows SpyQuake Help XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS System tcpsvcs exe C WINDOWS System snmp exe C WINDOWS System wltrysvc exe C WINDOWS Explorer EXE C Program Files Messenger msmsgs exe C WINDOWS System bcmwltry exe C WINDOWS system rundll exe C WINDOWS System dcomcfg exe C Program Files ewido anti-spyware guard exe C WINDOWS System atmclk exe C Documents and Settings Ann My Documents hijackthis HijackThis exe O - BHO no name - f c d -b b - SpyQuake Help f -aa - fee c - C WINDOWS System hp tmp O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run ewido quot C Program Files ewido SpyQuake Help anti-spyware ewido exe quot minimized O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Ibfgx C PROGRA COMMON ECURIT IXPLOR EXE O - AppInit DLLs fast dll O - Winlogon Notify ddcbxxv - C WINDOWS SYSTEM ddcbxxv dll O - Winlogon Notify wintzs - C WINDOWS SYSTEM wintzs dll O - SSODL furnariidae - e aaba- b - b -b - ca c e - C WINDOWS System zlara dll O - Service ewido anti-spyware guard - Anti-Malware Development a s - C Program Files ewido anti-spyware guard exe O - Service WLTRYSVC - Unknown owner - C WINDOWS System wltrysvc exe Thanks in advance nbsp

Relevancy 46.44%

A:spyquake?

Hi, platonjk.

Welcome to TSG.

Extract the content (a folder named SmitfraudFix) to your Desktop.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly
Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware .
While in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

* Go to Control Panel > Internet Options. Click on the Pr... Read more

Relevancy 46.44%

I was Spyquake Still Here wondering if someone could help me with even future removal of SpyQuake I was infected with it as of yesterday evening july nd and got quot rid of it quot supposedly today by using the automated SpyQuake Removal Tutorial Spyquake Still Here in safe mode etc However when I look in my System folder it still seems as though I have bits and pieced from that program and from Yazzle Cowabunga stuff from Oin because it states OIN as the file name or was created yesterday or today or when I look into it s properties those files both show the same system configuration unlike any other file I ve deleted oin files twice already cowabunga twice and yazzle once but the oin file in my documents seems to come back Any help Panda search didn t really help me at all If it helps the file names of these files I suspect are malicious are ishost ismon ikhcore text file wapisvtr c euyjcjlk llsass ddll and oins Please tell me if any of these are linked to the previous programs I mentioned ad how to get rid of them or if they are normal system files Can you help Thanks

A:Spyquake Still Here

http://www.bleepingcomputer.com/forums/t/59756/spyquake-still-here/
Relevancy 46.44%

Relevancy 46.44%

A:Security(System) Alert/Security Toolbar 7.1 - hijackthis log

Umm..Heres the ComboFix log :
omboFix 08-03-27.1 - Conny 2008-03-28 23:58:48.1 - NTFSx86
Running from: C:\Documents and Settings\Conny\Skrivbord\ComboFix.exe
* Resident AV is active

.
-- Script messages for sUBs --
Findstr -MIF:/ sursen
MTEE /+ d-delA.dat

catchme -apx
MTEE /+ d-delA.dat

GREP -Eisf temp00
VFind -tf -s282624 "C:\Program\????????*[0-9].dll"
SED "s/\\/\\\\/g"
MTEE /+ cfiles.dat
SED -r "/^svchost.exe\$/I!d; s/.{37}//"
Handle .exe
Handle .exe
Handle .exe
Handle .exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program\VirusHeat 4.3
C:\Program\VirusHeat 4.3\vpp.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-29 00:18 . 2008-03-29 00:18 0 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-28 21:52 . 2008-03-28 23:22 <KAT> d-------- C:\Program\Enigma Software Group
2008-03-28 18:34 . 2008-03-28 20:55 <KAT> d-------- C:\Program\AntiSpyKit 5.3
2008-03-28 16:23 . 2008-03-28 20:55 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 16:18 . 2008-03-28 16:18 142 --a------ C:\342423.bat
2008-03-28 16:17 . 2008-03-28 16:17 <KAT> d-------- C:\WINDOWS\system32\375013
2008-03-28 16:17 . 2008-03-28 16:17 <KAT> d-------- C:\Program\NetProject
2008-03-05 16:12 . 2008-03-05 16:13 <KAT> d-------- C:\TEMP\avupdate
2008-03-01 19:41 . 2008-03-01 19:41 <KAT> d-------- C:\Program\Eastside UK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 15:25 --------- d-----w C:\Program\New Star Soccer 3
2008-03-28 15:24 --------- d-----w C:\Program\ElastoMania111
2008-03-28 15:21 --------- d--h--w C:\Program\InstallShield Installation Information
2008-03-28 14:52 --------- d-----w C:\Program\Diablo II
2008-03-28 14:40 --------- d-----w C:\Program\Postal2
2008-03-26 18:46 --------- d-----w C:\Program\Sports Interactive
2008-02-26 16:02 --------- d-----w C:\Documents and Settings\Conny\Application Data\Ventrilo
2008-02-26 15:57 --------- d-----w C:\Program\Ventrilo
2008-02-26 15:57 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2008-02-25 10:28 --------- d-----w C:\Documents and Settings\Conny\Application Data\LimeWire
2008-02-22 12:11 13,312 --s-a-w C:\WINDOWS\system32\kknwg.dll
2008-02-20 13:04 --------- d-----w C:\Program\F-Secure Internet Security
2008-02-20 13:04 --------- d-----w C:\Program\F-Secure
2008-01-13 17:32 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-04-04 19:38 1,457,696 ----a-w C:\Program\winamp533_lite.exe
2007-02-19 11:49 11,868,792 ----a-w C:\Program\winamp533_full_bundle_emusic-7plus.exe
2007-02-18 18:42 68 ----a-w C:\Program\listen.pls
.

.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-28 21:37 10240 --a------ C:\Program\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Relevancy 46.01%

I have already completed the guide: Automatic Removal Instructions

here's what my task.txt file says:

------------------------------
REGEDIT4

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

anyone out there willing/able to lend a hand here?

thanks!

A:Spyquake Bug Infection

Hello computer-not

This means the tool worked as it was intended. Are you having any further problems, pop ups or signs of infection?

http://www.bleepingcomputer.com/forums/t/62829/spyquake-bug-infection/
Relevancy 46.01%

A:Cant Remove Spyquake! Help

Rawe is already helping you here: http://www.bleepingcomputer.com/forums/t/55015/cant-remove-spyquake/

http://www.bleepingcomputer.com/forums/t/55018/cant-remove-spyquake-help/
Relevancy 46.01%

A:Can't Remove Spyquake

Welcome aboard.. Please download SmitfraudFix © S!Ri Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/55015/cant-remove-spyquake/
Relevancy 46.01%

By accident I got infected with spyquake i uninstalled it riight away with the uninstalller but my computer still goes slow i ran a lot of spyware and antivirus removers and im not sure if everything is completely gone because it still seems a little slow Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system Smitfraud C, Spyquake lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS system spoolsv exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft Smitfraud C, Spyquake AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Canon CAL CALMAIN exeC Smitfraud C, Spyquake WINDOWS Explorer EXEC Program Files HP hpcoretech hpcmpmgr exeC Program Files HP HP Software Update HPWuSchd exeC Program Smitfraud C, Spyquake Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Java jre bin jusched exeC WINDOWS system RUNDLL EXEC WINDOWS system msiexec exeC Program Files Messenger msmsgs exeC Program Files Common Files AOL ee aolsoftware exeC Program Files Lavasoft Ad-Aware SE Professional Ad-Watch exeC WINDOWS system rundll exeC WINDOWS system ctfmon exeC Program Files Zone Labs ZoneAlarm zlclient exeC Program Files Grisoft AVG Free avgcc exeC Program Files Netscape Netscape Netscp exeC Documents and Settings Gianni Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http aimtoday aol com today aimtoday adpR - URLSearchHook no name - A DA D E- - -B - F DB - C WINDOWS system tbpdoauh dll file missing N - Netscape user pref quot browser startup homepage quot quot my yahoo com quot C Documents and Settings Gianni Application Data Mozilla Profiles default qtozb s slt prefs js N - Netscape user pref quot browser search defaultengine quot quot engine C A CPROGRA E CNETSCAPE CNETSCAPE Csearchplugins CSBWeb src quot C Documents and Settings Gianni Application Data Mozilla Profiles default qtozb s slt prefs js O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - A - - FF- F - C D - C WINDOWS system scqgzqg dllO - BHO no name - E F E-E -AC - A - DD B AE - C WINDOWS system rtaeqyf dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - F DF- E- - F - A ABBD - C WINDOWS system geebx dll file missing O - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dllO - BHO no name - A DA D E- - -B - F DB - C WINDOWS system tbpdoauh dll file missing O - BHO FlashFXP Helper for Internet Explorer - E A B-D - -AD - B EE - C PROGRA FlashFXP IEFlash dllO - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program Files Common Files Viewpoint Toolbar Runtime ViewBar dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run ViewMgr C Program Files Viewpoint Viewpoint Manager ViewMgr exeO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run IPHSend C Program Files Common Files AOL IPHSend IPHSend exeO - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exeO - HKCU Run NvMediaCenter RUNDLL EXE C WINDOWS system NVMCTRAY DLL NvTaskbarInitO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU ... Read more

A:Smitfraud C, Spyquake

http://www.bleepingcomputer.com/forums/t/70912/smitfraud-c-spyquake/
Relevancy 46.01%

A:Spyquake Blues

Hello. Please do the following:Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/58705/spyquake-blues/
Relevancy 46.01%

A:Spyquake Infection

http://www.bleepingcomputer.com/forums/t/56887/spyquake-infection/
Relevancy 46.01%

I've been refered here by a friend who is a fan of this site... did a search to find out how to remove spywarequake, and got smitfraudfix and hyjackthis downloaded. If someone could run me through how to remove this dreaded program I would be greatful!!!Thanks

Relevancy 46.01%

A:Spyquake Or Other? Nothing Is Working To Fix

http://www.bleepingcomputer.com/forums/t/81423/spyquake-or-other-nothing-is-working-to-fix/
Relevancy 46.01%

Apologies for the double-post. I could not see an edit function.
I've cleaned out a couple of nasties with Adaware, although i've not seen much change - still getting the same "VIRUS ALERT!" and popups. Still, I thought it best to update the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Avast\Avast4\ashMaiSv.exe
C:\Program Files\Avast\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: QXK Olive - {65352C87-3458-4CD8-A4A0-EDDAFE7CEDF2} - C:\WINDOWS\vortsgbqrfe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: olnmraew - {BC589E0B-BDE4-4CF5-B052-9E97921302B1} - C:\WINDOWS\olnmraew.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Li... Read more