Windows Support Forum

AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)"

Q: AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)"

General info winxp pro sp all updates applied except sp AVG free with virus db zonealarm needs replacing malwarebytes no old traces or other protection software was installed at reported (1112)" EXPLOIT PHOENIX "PHOENIX AVG type the time of thisincident AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)" While browsing with FireFox my wife did a google search The link she wanted to take was marked quot safe quot by avg with a green check mark She selected the link which was taking a long time to load so she switched windows to an open game of Solitaire and made a move All of a sudden she got an AVG alert which stated quot Threat was Detected quot the next line said quot Phoenix AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)" Exploit Phoenix type quot The offending application was Firefox exe and it also listed a file name which was not visible as the path was AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)" too long It appeared to be pointing inside of one of the firefox profiles The alert popped up on top of the solitaire window and she sort of panicked and just hit her quot google button quot to get the page off the suspect one so she didn t see anything going on in the browser tab I got home she left everything just like it was - except she locked ZA and all I could see was the alert box over a google search page When I looked at the AVG events log scan results virus vault nothing indicated anything out of the ordinary had happened Also I have not had any trouble with browser redirection which seems to be a hallmark of this exploit or any other malware performance type problems at this time These are the steps I have taken so far and the results I ran an AVG full system scan which returned with no infections warnings possibly because the freeware version doesn t scan for rootkits or at least the option is greyed out I updated and ran MBAM which returned with no infections found I downloaded installed then ran the current free version of Sophos Anti-Rootkit which returned with some unknown files like mfc mfc u dll - all seemed to check out ok but nothing it recommended deleting I noticed after the fact that since it isn t the quot paid sophos av product quot that it doesn t do quot extensive quot rootkit scanning I downloaded installed updated the trial version of AVG Anti-virus then ran the specific scan for rootkits which returned with infections then ran a full system scan which returned reporting infections warnings I posted to the AVG forum and was asked to provide gmer outputs which I did Because following their instructions I had to run an older version of gmer locked up machine they told me they couldn t be sure but thought that I might be infected They suggested I try combofix and basically said good luck That lead me here to BleepingComputer Per posted instructions I have BC Backed up and imaged the drives BC Checked out the resources regarding slow computers but I am not having any performance problems BC and Joined enabled topic reply and certainly will keep a firewall up when I go to post all this BC Downloaded Defogger disabled CD emulation and will keep it disabled until this process is completed BC Downloaded ran the DDS script copied the results of DDS txt below and attached attach txt BC Downloaded ran gmer according to specific instructions and attached the resultant ark txt I am concerned with this because others have had similar alerts with various products but were not able to find anything until weeks later when they found out the hard way that they had this rootkit I am very grateful for any and all help Thank you DavidDDS Ver - - - NTFSx Run by Jessamyn at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus On-access scanning disabled Updated DDD - FF- F- E B- D D BF FW ZoneAlarm Firewall disabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exesvchost exeC Program Files AVG AVG avgwdsvc exec Program Files Roxio BackOnTrack File Backup FileBackupSVC exeC WINDOWS Explorer EXEC Program Files Java jre bin jqs exeC WINDOWS system nvsvc exeC Program Files AVG AVG avgam exeC Program Files AVG AVG avgnsx exeC WINDOWS system svchost exe -k imgsvcC Program Files AVG AVG avgemc exeC WINDOWS system RUNDLL EXEC WINDOWS RTHDCPL EXEC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC Program Files Logitech MouseWare system em exec exeC Program Files AVG AVG avgcsrvx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system wscntfy exeC Documents and Settings Jessamyn Desktop dds scr Pseudo HJT Report uStart Page hxxp www songsmyth com uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dlluURLSearchHooks H - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dllTB A A -BACC- D - - A E E - No FileuRun ctfmon exe c windows system ctfmon exemRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun Logitech Utility Logi MwX ExemRun AVG TRAY c progra avg avg avgtray exeIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE FB F -F - d -BB E- C F - c program files messenger msmsgs exeIE A- - f c- - EE C C - E -E D - - C-F F E C - c progra micros office ONBttnIE dllIE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLLDPF B BCA- F C- CF- - - hxxp fpdownload macromedia com pub shockwave cabs director sw cabDPF C - A - A - -F F D - hxxp fpdownload macromedia com pub shockwave cabs director sw cabDPF B-B - D-A D -FCFDF E C - hxxp www update microsoft com windowsupdate v V Controls en x client wuweb site cab DPF E A- D- EE - C-DC FA D FC - hxxp update microsoft com microsoftupdate v V Controls en x client muweb site cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current ultrashim cabDPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabDPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabHandler avgsecuritytoolbar - F DDE B - - A - D -E E B C - c program files avg avg toolbar IEToolbar dllHandler linkscanner - F C- F - D -A D -FBDDE F D - c program files avg avg avgpp dllNotify avgrsstarter - avgrsstx dll FIREFOX FF - ProfilePath - c docume jessamyn applic mozilla firefox profiles u h hqr default FF - prefs js browser search selectedEngine - GoogleFF - prefs js browser startup homepage - hxxp www songsmyth comFF - component c program files avg avg firefox components avgssff dllFF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dllFF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dllFF - component c program files avg avg toolbar firefox avg igeared components IGeared tavgp xputils dllFF - component c program files avg avg toolbar firefox avg igeared components xpavgtbapi dllFF - HiddenExtension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation dotnetassistantextension FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA SERVICES DRIVERS R AvgRkx avgrkx sys c windows system drivers avgrkx sys - - R AvgLdx AVG AVI Loader Driver x c windows system drivers avgldx sys - - R AvgMfx AVG On-access Scanner Minifilter Driver x c windows system drivers avgmfx sys - - R AvgTdiX AVG Network Redirector c windows system drivers avgtdix sys - - R vsdatant vsdatant c windows system vsdatant sys - - R avg emc AVG E-mail Scanner c program files avg avg avgemc exe - - R avg wd AVG WatchDog c program files avg avg avgwdsvc exe - - R CEEBC A-FDED- C -B - B Roxio File Backup Service c program files roxio backontrack file backup FileBackupSVC exe - - S RoxLiveShare LiveShare P P Server c program files common files roxio shared sharedcom RoxLiveShare exe - - S RoxWatch Roxio Hard Drive Watcher c program files common files roxio shared sharedcom RoxWatch exe - - S AVG Security Toolbar Service AVG Security Toolbar Service c program files avg avg toolbar ToolbarBroker exe - - S MEMSWEEP MEMSWEEP c windows system f tmp -- c windows system F tmp S RoxMediaDB RoxMediaDB c program files common files roxio shared sharedcom RoxMediaDB exe - - S vsmon TrueVector Internet Monitor c windows system zonelabs vsmon exe -service -- c windows system zonelabs vsmon exe -service Created Last - - ----a-w- c documents and settings jessamyn defogger reenable - - d-----w- c program files Runtime Software - - d-----w- C AVGGmer - - d-----w- C AVGGmer - - d-----w- c docume jessamyn applic AVG - - d--h--w- C AVG - - ----a-w- c windows system drivers avgrkx sys - - d-----w- c docume alluse applic avg - - ------w- c windows system dllcache iedvtool dll - - d-----w- c program files Sophos - - d-----w- c docume jessamyn applic Malwarebytes - - ----a-w- c windows system drivers mbamswissarmy sys - - d-----w- c docume alluse applic Malwarebytes - - ----a-w- c windows system drivers mbam sys - - d-----w- c program files Malwarebytes Anti-Malware Find M - - ----a-w- c windows system drivers avgtdix sys - - ----a-w- c windows system drivers avgldx sys - - ----a-w- c windows system avgrsstx dll - - ----a-w- c windows system dllcache helpsvc exe - - ------w- c windows system dllcache ie uinit exe - - ----a-w- c windows system win k sys - - ----a-w- c windows system dllcache win k sys - - ----a-w- c windows system dllcache atmfd dll - - ----a-w- c windows system atmfd dll FINISH

Relevancy 100%
Preferred Solution: AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)"

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: AVG reported "PHOENIX EXPLOIT PHOENIX type (1112)"

Hi songsmyth,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.STEP 1 - MBAMNote: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.STEP 2 - GMERPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.STEP 3 - OTLDownload OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.In the Custom Scans box, copy and paste the following:CODEnetsvcsdrivers32 /all%SYSTEMDRIVE%\*.*%systemroot%\system32\*.wt%systemroot%\system32\*.ruy%systemroot%\Fonts\*.com%systemroot%\Fonts\*.dll%systemroot%\Fonts\*.ini%systemroot%\Fonts\*.ini2%systemroot%\system32\spool\prtprocs\w32x86\*.tmp%systemroot%\system32\Spool\prtprocs\w32x86\*.dll%systemroot%\REPAIR\*.bak1%systemroot%\REPAIR\*.ini%systemroot%\system32\*.jpg%systemroot%\*.scr%systemroot%\*._sy%APPDATA%\Adobe\Update\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\user32.dll /md5%systemroot%\system32\ws2_32.dll /md5%systemroot%\system32\ws2help.dll /md5HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.STEP 4 - ReplyPlease reply with the following logs:MBAM LogGMER LogOTL Log

http://www.bleepingcomputer.com/forums/t/332648/avg-reported-phoenix-exploit-phoenix-type-1112/
Relevancy 130.2%

My PC's been running wierd for about a week now and in that time numerous infections have been found, quarantined and removed. Last virus scan came back clear 'hooray!'... or so i thought...I use AVG free 8.5 and within the space of 45 mins i have received two seperate threat alerts. The first one was exploit phoenix exploit kit type 1112and the second one was exploit rogue scanner type 1148 The next step was unplugging it and drop kicking it out the window until these threat alerts popped up as it proves the machine is still under the influence of something. Can someone please advise me on the 'whats', 'hows' and 'whens' to restore my PC back to how it should be?Many much thanks in advance!

http://www.bleepingcomputer.com/forums/t/337954/exploit-phoenix-exploit-kit-type-1112-and-exploit-rogue-scanner-type-1148/
Relevancy 127.41%

A small child got on my computer and was playing games over the weekend and must have downloaded a virus. I have Windows XP. The first issue was my keyboard was not responding. It still does not work, except for the standby button. However it does fully function in Safe Mode.

Next problem when I rebooted was that I had the virus "antivir soloution pro". I think I have successfully removed it by following some guidelines posted on your website in another post. However when I run an AVG virus scan, it shows the following infection "Exploit Phoenix Exploit Kit (type 1112)" and it shows it in two different files with no option to remove them.

My keyboard still does not respond with Windows either.

Any help would be apreciated.

A:Exploit Phoenix Exploit Kit (type 1112) virus?

Hello a couple more to run..Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

http://www.bleepingcomputer.com/forums/t/335096/exploit-phoenix-exploit-kit-type-1112-virus/
Relevancy 124.93%

Dear Sirs Last week the infection began by diverting my google or bing searches to websites other than those listed For example if I searched for quot adjustable wrenches quot and and I clicked on one of the companies listed as sellers my computer would be directed to another website When I ran scans with SuperAntiSpywar and Malwarebytes both pulled up scads of infections which I then removed But the next day both programs would find many more When I ran scans AVG warnings or what looked like legitimate AVG warnings would sometimes pop up mentioning infection by Exploit Phoenix Exploit type Eventually the problem grew and the infection seized control of my computer such that I couldn t open any problems I took the computer to a shop and they seemed to have removed the problem but today the misdirection of searches has begun again Apparently the shop didn t completely remove the problem In addition I again can t open up any programs in normal mode but I can enter Safe Mode with Editing and open programs up I ve posted my dds txt below RegardsP S I ve edited this post to mention that I ran TDS Killer but it didn t find anything DDS Ver - - - NTFSx Run by HP Administrator at on Exploit Exploit 1112)? (type Phoenix Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost Exploit Phoenix Exploit (type 1112)? exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS system RUNDLL EXEC Program Files Adobe Reader Reader Reader sl exeC WINDOWS system rundll exeC Exploit Phoenix Exploit (type 1112)? Program Files Windows Desktop Search WindowsSearch exesvchost exeC Exploit Phoenix Exploit (type 1112)? Program Files LSI SoftModem agrsmsvc exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exesvchost exeC Program Files UPHClean uphclean exeC WINDOWS system SearchIndexer exeC WINDOWS system wuauclt exeC WINDOWS system dllhost exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Mozilla Firefox firefox exeC Documents and Settings HP Administrator YOUR- DACD EA Desktop Virus dds scr Pseudo HJT Report uStart Page hxxp qwest live comuDefault Search URL hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktopmSearch Bar hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktopuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Search Helper ebf - f- bff-a f-b e aac b - c program files microsoft search enhancement pack search helper SEPsearchhelperie dllBHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c progra micros office GROOVEEX DLLBHO aaae a- fff- - c f- d dcb - hpWebHelper ClassBHO Office Document Cache Handler b f a - e - -ba - b e ff - c progra micros office URLREDIR DLLBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB FA EF- D- D - B F- A D - No FilemRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot StartupFolder c docume alluse startm programs startup window lnk - c program files windows desktop search WindowsSearch exeIE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE Se amp nd to OneNot... Read more

A:Exploit Phoenix Exploit (type 1112)?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/336673/exploit-phoenix-exploit-type-1112/
Relevancy 124.93%

My AVG free has put the file in question in qurantine but I haven t been able to delete it from there I don t know what else my be active I don t have much experience here I ran the progs suggested in this thread to others posted below DDS Ver - - - NTFSx Run by Compaq Owner at on Sat Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning disabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC ( Exploit Exploit type 1112) Phoenix Kit Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exesvchost exeC WINDOWS system Ati evxx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exesvchost exeC Program Files AVG AVG avgwdsvc exeC Program Files Common Files Exploit Phoenix Exploit Kit ( type 1112) LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files AVG AVG avgnsx exeC WINDOWS sm hlpr exeC WINDOWS system svchost exe -k imgsvcC hp drivers hplsbwatcher lsburnwatcher exeC Program Files HP HP Software Update HPwuSchd exeC PROGRA AVG AVG avgtray Exploit Phoenix Exploit Kit ( type 1112) exeC Program Files QuickTime qttask exeC WINDOWS system ctfmon exeC Program Files Sony Corporation Picture Package Picture Package Menu SonyTray exeC Program Files Sony Corporation Picture Package Picture Package Applications Residence exeC Program Files AOL waol exeC Program Files Common Files AOL ACS AOLacsd exeC Program Files AOL shellmon exeC WINDOWS ALCXMNTR EXEC Program Files ATI Technologies ATI Control Panel atiptaxx exec windows system hpsysdrv exeC Program Files Java jre bin jusched exeC Program Files iPod bin iPodService Exploit Phoenix Exploit Kit ( type 1112) exeC Program Files AWS WeatherBug Weather exeC Program Files AVG AVG avgui exeC Documents and Settings Compaq Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google comuDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf desktop amp parm seconduseruDefault Search URL hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf desktop amp parm secondusermSearch Bar hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf desktop amp parm seconduseruInternet Connection Wizard ShellNext iexploreuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com ieBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllTB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dlluRun ctfmon exe c windows system ctfmon exeuRun swg quot c program files google googletoolbarnotifier GoogleToolbarNotifier exe quot uRun Weather c program files aws weatherbug Weather exe uRun AOL Fast Start quot c program files aol AOL EXE quot -bmRun PCDrProfiler mRun HPBootOp quot c program files hewlett-packard hp boot optimizer HPBootOp exe quot runmRun SMSERIAL sm hlpr exemRun LSBWatcher c hp drivers hplsbwatcher lsburnwatcher exemRun HP Software Update c program files hp hp software update HPwuSchd exemRun AVG TRAY c progra avg avg avgtray exemRun QuickTime Task quot c program files quicktime qttask exe quot -atboottimeStartupFolder c docume alluse startm programs startup hpdigi lnk - c program files hp digital imaging bin hpqtra exeStartupFolder c docume alluse startm programs startup pictur lnk - c program f... Read more

A:Exploit Phoenix Exploit Kit ( type 1112)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/334823/exploit-phoenix-exploit-kit-type-1112/
Relevancy 124.93%

Hi there I m new to this forum and really need help with my computer I m basically a computer illiterate I know how to use it and that s about it I have an eMachine T and I have Windows XP It s been getting slower and slower over the past months then last week I got a link through Yahoo Messenger trying to get me to open up a picture in Facebook Yes I was stupid enough to fall for it I m afraid to say Since then it s really been wiggin out I ve run my AVG (type 1112) Exploit Kit Phoenix Exploit and it came up with this Exploit Phoenix Exploit Kit type but before that I got xgukxzrvux exe cleansweepupd exe TrojanHorseSHeue ANKU To me this is all jibberish and means nothing I have also been having a problem of clicking on a website and being taken to a totally different site I downloaded and ran the HijackThis program and have copied and pasted the result of that If there is any way you guys could help me I d be so grateful I m on disability and so home alot of the time and I have a year old daughter and a year old son so they like to be on here alot too I appreciate your help in advance Lisa Logfile of Trend Exploit Phoenix Exploit Kit (type 1112) Micro HijackThis v Scan saved at PM on Platform Windows Exploit Phoenix Exploit Kit (type 1112) XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss Exploit Phoenix Exploit Kit (type 1112) exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C WINDOWS system svchost exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files Common Files ArcSoft Connection Service Bin ACService exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS Explorer EXE C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINDOWS system HPZipm exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C WINDOWS system svchost exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files AVG AVG avgnsx exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files mobile PhoneTools WatchDog exe C WINDOWS system VTTimer exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system RunDll exe C Program Files Google Quick Search Box GoogleQuickSearchBox exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files Napster napster exe C Program Files Common Files ArcSoft Connection Service Bin ACDaemon exe C PROGRA AVG AVG avgtray exe C PROGRA MYWEBS bar bin mwsoemon exe C Program Files Common Files Adobe ARM AdobeARM exe C Program Files Logitech QuickCam Quickcam exe C Program Files Common Files ArcSoft Connection Service Bin ArcCon ac C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C PROGRA Yahoo Messenger YahooMessenger exe C Program Files Logitech Logitech Vid vid exe C Program Files Skype Phone Skype exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files FrostWire FrostWire exe C Program Files Microsoft Office Office OSA EXE C Program Files iPod bin iPodService exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files Skype Plugin Manager skypePM exe C Program Files Logitech Logitech Vid LU LULnchr exe C Program Files Logitech Logitech Vid LU LogitechUpdate exe C Program Files AVG AVG avgui exe C Program Files Intern... Read more

https://forums.techguy.org/threads/exploit-phoenix-exploit-kit-type-1112.938619/
Relevancy 124.31%

Earlier today I got a starts Google to pages (type (Phoenix it Kit on Exploit redirect and ad own results IE 1112)) pop-up (Phoenix Exploit Kit (type 1112)) Google results redirect to ad pages and IE starts on it own saying my computer was infected and that I should run my quot AntiVirus quot This was followed by another popup offering to install quot AntiVirus quot I ran AVG which had the following results quot C WINDOWS system spoolsv exe quot quot Virus found Win Heur quot quot Reboot is required to finish the action quot quot C DOCUME UserXP LOCALS Temp tmp quot quot Virus found Win Heur quot quot Moved to Virus Vault quot quot C Documents and Settings UserXP Desktop Cryptload router FRITZ Box nc exe quot quot Potentially harmful program RemoteAdmin BX quot quot Moved to Virus Vault quot quot C Documents and Settings UserXP Desktop Cryptload rar router FRITZ Box nc exe quot quot Potentially harmful program RemoteAdmin BX quot quot Potentially dangerous object quot quot C Documents and Settings UserXP Desktop Cryptload rar quot quot Potentially harmful program RemoteAdmin BX quot quot Potentially dangerous object quot quot C OFFICE MSDE MSDE KS EXE quot quot The file is signed with a broken digital signature issued by Microsoft Corporation quot quot quot I then rebooted This did not fix the problem I had the same issue but now when I tried to run any program I would get a popup saying that that program was infected and could not be opened Somehow I got AVG to run again and got the following results quot C downloads ujfnh pdf quot quot Virus identified Exploit PDF quot quot Moved to Virus Vault quot I ran SpyBot after this which had no results I ran Malwarebytes which had the following resultsMalwarebytes Anti-Malware www malwarebytes orgDatabase version Windows Service Pack Internet Explorer AMmbam-log- - - - - txtScan type Quick scanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CLASSES ROOT platrium stock Adware Zango - gt Quarantined and deleted successfully HKEY CLASSES ROOT platrium stock Adware Zango - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings ed e - a- a a- a -d cfe a Adware Gamevance - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings a faf - e- cf- - f a d Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings b ea -a - -b bb- de cca Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats ed e - a- a a- a -d cfe a Adware Gamevance - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats a faf - e- cf- - f a d Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats b ea -a - -b bb- de cca Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT AppID mozillaps dll Adware ClickPotato - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE AppDataLow HavingFunOnline Adware BHO FL - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Internet Explorer Low Rights RunDll Policy f ScrCtr dll Adware MyWebSearch - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Multimedia WMPlayer Schemes f pss Adware MyWebSearch - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Image File Execution Options MpCmdRun exe Security Hijack - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOF... Read more

A:(Phoenix Exploit Kit (type 1112)) Google results redirect to ad pages and IE starts on it own

Scratch that....still being redirected."C:\WINDOWS\system32\drivers\ipsec.sys";"Virus identified Win32/Patched.DX";"Object is white-listed (critical/system file that should not be removed)""C:\Documents and Settings\UserXP\Local Settings\Temp\smss.exe";"Trojan horse Clicker.AKBZ";"Moved to Virus Vault""C:\Documents and Settings\UserXP\Local Settings\Temp\loader.exe";"Trojan horse Clicker.AKBZ";"Moved to Virus Vault"I reran malwarebytes also in safemode which found the followingMemory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljkujpta (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljkujpta (Trojan.Downloader) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\LocalService\Local Settings\Application Data\jjenaryln\btiqojstssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Program Files\mIRC\Cryptload_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.C:\Program Files\Robokill - Titan Prime\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.C:\Program Files\Robokill 2 - Leviathan Five\Uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP198\A0039808.dll (Adware.EcoBar) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP198\A0039809.exe (Adware.Zugo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP250\A0053946.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP252\A0054024.exe (Adware.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP285\A0060328.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP286\A0064399.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP286\A0065628.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{A2640A06-2B1A-473F-A5D3-CE7E431E10C1}\RP286\A0065770.exe (Malware.Packer) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\ceb10693.exe (Trojan.Downloader) -> Quarantined and deleted successfully.I also searched for the specific fake antivirus popup (AV Security Suite) and found an uninstall guide and a program called rKill which didn't seem to do anything.Processes terminated by Rkill or while it was runnin... Read more

http://www.bleepingcomputer.com/forums/t/331029/phoenix-exploit-kit-type-1112-google-results-redirect-to-ad-pages-and-ie-starts-on-it-own/
Relevancy 97.96%

Hi For the past week I ve been having redirecting issues on Google links and as of today it takes multiple reloads before I can get to the Google site applications I scanned my PC with AVG Free and I m told I have Trojan Horse Crypt ANVH which is whitelisted by AVG Late last night I started getting messages about Exploit Phoenix Exploit Kit Type which was located in svc host SVC HOST randomly goes from k mem usage to k- million usage I m also getting tons of random cookies which I think the trojan is the cause just from being connected to the internet though I won t have any applications open at the time When I ran Gmer like the Welcome Guide 769) Infected Horse Exploit (Type with: Trojan and Crypt.ANVH Phoenix Kit Exploit said to the application kept freezing in the middle of scanning so I had to download the EXE file instead of the ZIP but that didn t work Infected with: Trojan Horse Crypt.ANVH and Exploit Phoenix Exploit Kit (Type 769) either Infected with: Trojan Horse Crypt.ANVH and Exploit Phoenix Exploit Kit (Type 769) st try froze computer nd try computer froze then randomly rebooted I am currently rerunning Gmer under the name iexplorer exe but I want to get this post up as soon as possible to get this fixed I ll post the data if I can get it from Gmer when it pops up down below One last thing -phew- My windows firewall when I double-click to activate it gives me a message quot Windows Firewall settings cannot be displayed because the associated service is not running Do you want to start the Windows Firewall Internet Connection Sharing ICS service quot When I click yes I then get the message quot Windows cannot start the Windows Firewall ICS service quot If I click No nothing happens And that s it I believe I hope y all can help if you can get through my wall of text first DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Ecky at on - - Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free Edition Enabled Updated DDD - FF- F- E B- D D BF AV Lavasoft Ad-Watch Live Anti-Virus Enabled Updated A C F E - FDE- -AFAE- EFC EDE Running Processes C PROGRA AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exe -k DcomLaunchsvchost exesvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC Program Files Common Files logishrd LVMVFM UMVPFSrv exeC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files DeviceVM Browser Configuration Utility BCUService exeC Program Files Bonjour mDNSResponder exeC Program Files GIGABYTE EnergySaver GSvr exeC Program Files LogMeIn Hamachi hamachi- exeC Program Files Java jre bin jqs exeC WINDOWS Explorer EXEC WINDOWS system PnkBstrA exeC WINDOWS system PnkBstrB exeC Program Files DeviceVM Browser Configuration Utility BCU exeC Program Files AVG AVG avgtray exeC Program Files Google Google Talk googletalk exeC Program Files AVG Secure Search vprot exeC WINDOWS system WTClient exeC Program Files iTunes iTunesHelper exeC Program Files Logitech LWS Webcam Software LWS exeC Program Files Steam steam exeC Documents and Settings Ecky Local Settings Application Data Google Update GoogleUpdate exeC Program Files VERIZONDM bin sprtsvc exeC Program Files Ventrilo Ventrilo exec Program Files ATI Technologies ATI ACE Core-Static MOM exeC WINDOWS system svchost exe -k imgsvcC Program Files AVG AVG avgnsx exeC Program Files AVG AVG avgemcx exeC Program Files Logitech LWS Webcam Software CameraHelperShell exeC Program Files VERIZONDM bin tgsrvc exeC Program Files Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exeC WINDOWS System Drivers WTSRV EXEC Program Files AVG AVG AVGIDSAgent exeC Program Files Common Files Logishrd LQCVFX COCIManager exec Program Files ATI Technologies ATI ACE Core-Static ccc exeC Program Files iPod bin iPodService exeC Program Files Lavasoft Ad-Awar... Read more

A:Infected with: Trojan Horse Crypt.ANVH and Exploit Phoenix Exploit Kit (Type 769)

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.It would also be wise to contact those same financial institutions to appraise them of your situation.I highly suggest you take a look at the two links provided below:1. How Do I Handle Possib... Read more

http://www.bleepingcomputer.com/forums/t/440105/infected-with-trojan-horse-cryptanvh-and-exploit-phoenix-exploit-kit-type-769/
Relevancy 97.03%

Hello good people. On any computer when I try to open a site called Free Docs (Documentaries)I always get
the message "AVG has blocked the Phoenix Exploit Kit Type 769". I like the site and haven't been able to log onto it for almost two months. I suppose I should be trying to contact the webmaster but I wanted to try Bleeping first.
ky
Great site, this is my first time on it. If anyone has dealt with this can you let me know if you were able to resolve it?

Thanks so very much~ Funky

A:Phoenix Exploit Kit Type 769

Phoenix exploit kitAVG detects this somewhat active Webthreat and its 6 known variants. http://www.avgthreatlabs.com/webthreats/info/phoenix-exploit-kit/Phoenix exploit kit is a threat that is spreading. It is currently ranked 10 in the world for online threats. Phoenix exploit kit has been detected by AVG on victims' machines in 180 countries during the last month. There are currently 190 websites in 26 countries that host Phoenix exploit kit.Are you sure the website is safe?Roger

http://www.bleepingcomputer.com/forums/t/460557/phoenix-exploit-kit-type-769/
Relevancy 96.72%

I am having problems with the Exploit Phoenix type and my computer is exploit 1691 kit phoenix redirecting and type exploit redirecting to random links AVG gave a threat warning on this and the filename was airlinoe com makoppskq ypxvfzhmfo php it says the threat was blocked then the Generic host process for win encounters a prob and has exploit phoenix exploit kit type 1691 and redirecting to close I cannot open the windows firewall because the windows firewall settings and internet connection sharing ICS services are not running but they will not start This is my first time here asking for help so I really don t know what other information you need but here are the log files Thanks for your help DDS exploit phoenix exploit kit type 1691 and redirecting Ver - - - NTFSx Run by dds at on Fri Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe svchost exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe svchost exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe svchost exe C Program Files AVG AVG avgwdsvc exe C Program Files Symantec pcAnywhere awhost exe C Program Files Java jre bin jqs exe C WINDOWS System nvsvc exe C Program Files AVG AVG avgemc exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS Explorer EXE C Program Files Microsoft Hardware Mouse point exe C PROGRA AVG AVG avgtray exe C Program Files Common Files Java Java Update jusched exe C Program Files Gadwin Systems PrintScreen PrintScreen exe C WINDOWS system ctfmon exe C Program Files Adobe Acrobat Distillr acrotray exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system msiexec exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings dds Desktop dds scr Pseudo HJT Report BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AcroIEToolbarHelper Class ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll TB amp Yahoo Toolbar ef bd -c fb- d - f- d f - EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll EB - a - b-a - c a a - No File uRun Gadwin PrintScreen c program files gadwin systems printscreen PrintScreen exe nosplash uRun ctfmon exe c windows system ctfmon exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe installquiet mRun DIGStream c program files digstream digstream exe mRun POINTER point exe mRun AVG TRAY c progra avg avg avgtray exe mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot StartupFolder c docume alluse startm programs startup acroba lnk - c program files adobe acrobat distillr acrotray exe StartupFolder c docume alluse startm programs startup cfdupd lnk - c program files dubuque data services CFDUpdate exe StartupFolder c docume alluse startm programs startup micros lnk - c program files microsoft office office OSA EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF PrintTemplateViewerCab - hxxp salespointv dealerconnection com Components PrintTemplateViewer cab DPF A BB - - EC-ACCB- EAE B - hxxp support dell com systemprofiler SysPro CAB DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab... Read more

A:exploit phoenix exploit kit type 1691 and redirecting

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logCasey

http://www.bleepingcomputer.com/forums/t/361719/exploit-phoenix-exploit-kit-type-1691-and-redirecting/
Relevancy 96.1%

First problem I noticed Phoenix 769) (type Kit Exploit infection was my Google reader feed going to a when Phoenix Exploit Kit (type 769) infection all other pages loaded fine Then Google Phoenix Exploit Kit (type 769) infection started redirecting AVG has picked up a few things and MBAM has gotten rid of a Trojan but none Phoenix Exploit Kit (type 769) infection of these have solved the problem Last night I started getting Blue Screens as well Not the traditional BSOD that I m used to where quot Fatal Exception has occurred quot but one where Windows has stopped working and it needs to shut down to save data Any advice assistance and help with this would be most appreciated I followed the preparation guide and am posting the DDS log Per its instructions given that I am running Win x I have not created a GMER log Thanks in advance for any help Ralph DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by Andrew at on - - Microsoft Windows Home Premium GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files IDT WDM STacSV exe C Windows system AUDIODG EXE C Windows system svchost exe -k LocalService C Windows system atieclxx exe C Windows system svchost exe -k NetworkService C Windows system Dwm exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskhost exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x Common Files Adobe ARM armsvc exe C Windows Explorer EXE C Program Files ATI Technologies ATI ACE Fuel Fuel Service exe C Program Files x AVG AVG avgwdsvc exe C Windows SysWOW ezSharedSvcHost exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Hewlett-Packard HP Client Services HPClientServices exe C Program Files x Hewlett-Packard Shared HPDrvMntSvc exe C Program Files x Hewlett-Packard HP Quick Launch HPWMISVC exe C Program Files x Realtek Realtek PCIE Card Reader RIconMan exe C Program Files x iolo Common Lib ioloServiceManager exe C Windows SysWOW PnkBstrA exe C Program Files x AVG AVG avgemca exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Roxio RoxioNow Player RNowSvc exe C Program Files x Microsoft BingBar SeaPort EXE C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x AVG AVG AVGIDSAgent exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Logitech SetPointP SetPoint exe C Program Files IDT WDM sttray exe C Program Files x Pando Networks Media Booster PMB exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files x Hewlett-Packard HP Quick Launch HPMSGSVC exe C Program Files x Hewlett-Packard HP On Screen Display HPOSD exe C Program Files x AVG AVG avgtray exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files x OpenOffice org program soffice exe C Program Files x OpenOffice org program soffice bin C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Windows system wbem wmiprvse exe C Windows system SearchIndexer exe C Program Files x Hewlett-Packard Shared hpqWmiEx exe C Windows system taskeng exe C Program Files Logitech SetPointG SetPointII exe C Program Files x CyberLink YouCam YCMMirage exe C Program Files Windows Media Player wmpnetwk exe C Windows System svchost exe -k LocalServicePeerNet -netsv... Read more

A:Phoenix Exploit Kit (type 769) infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/442885/phoenix-exploit-kit-type-769-infection/
Relevancy 94.86%

Hi I hope i ve come to the right place I have been having recurring trojan malware problems causing my desktop PC to run at a snails pace on and off for the past month or so As the post suggests the latest find was Exploit Phoenix Exploit Kit Type My PC is running Windows XP I think service pack My web browser was internet explorer but I believe my engineer friend has now changed it to Google Chrome on my behalf Currently not liking it to be honest Firewall Zone AlarmThe anti-virus software I am running is AVG anti-virus free edition This blocks a threat everyday pretty much Spybot Search amp Destroy which today found adware such as adviva doubleclick mediaplex amp webtrends live Malware Bytes regularly finds trojan s viruses etc I also had emisoft a-squared although i believe this has now been removed by an engineer that I occasionally use for my PC help I m not sure where these viruses spawned from but I Kit Phoenix Exploit 1450) (Type Exploit stupidly opened an email that I believe was called something along the lines of Canadian pharmacy something-or-other And since Exploit Phoenix Exploit Kit (Type 1450) then I ve had no end of issues The most noticeable problem I am having is constant - CPU usage mostly being eaten up by servicehost exe Which basically renders my PC useless at some point every time I use it No idea what extra information to add to be honest Whatever info you need just ask and I will provide Thankyou in advance P s I have also posted this question for a second time in this discussion thread under recurring viruses servicehost exe pain I m sure i m not supposed to do this but can t figure out how to delete that post Can someone please let me know so I don t have of the same posts running Thankyou Mod Edit Deleted duplicate Hamluis

A:Exploit Phoenix Exploit Kit (Type 1450)

Hello and welcome. Let's get a current log.We need to disable Spybot S&D's "TeaTimer" if running.TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click Mode > Advanced Mode.
You may be presented with a warning dialog. If so, click YesClick on Tools and then Resident
Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"Close/Exit Spybot Search and DestroyNext run ATF and SAS:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please ask any needed questions,post logs and Let us know how the PC is running now.EDIT: Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

http://www.bleepingcomputer.com/forums/t/409930/exploit-phoenix-exploit-kit-type-1450/
Relevancy 94.86%

I found this threat blocked alert on my screen thismorning from AVG Firefox wasn t even open at the time I have had problems for the past week or so with page redirection and also some kind of sys error which pixelates my screen and tells me to restart my computer I m running window XP sp have AVG antivirus plus it is full version but a friend downloaded it for free somehow and i not sure it is lagit Even though the alert is sayin the treat is blocked i am still having problems with page redirection it happened again min ago Does any no about this exploit kit and can some help me find and remove this problem Also Exploit 1122 Kit Exploit type Phoenix just this second a generic host process for Win problem occurred not sure if its part of the same prob or not but i have the error signature this error did not mess up the screen and ask me to reboot Cheers Ant

A:Exploit Phoenix Exploit Kit type 1122

Hello,it's not legit and probably what carried the malware. that's the free part,thay give you software and steal your identity,Let's do this and get a log...Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log resu... Read more

http://www.bleepingcomputer.com/forums/t/336272/exploit-phoenix-exploit-kit-type-1122/
Relevancy 91.45%

So in short, AVG, whenever I search from there and go to conceptart.org, it says this warning: Exploit Phoenix Exploit Kit 769 and then lists the forum link I was attempting to go to through that search engine as the source. Not sure how I'm supposed to deal with this? I am extremely tech illiterate, and the little I did search didn't yield much.

Does anyone have any idea what I should do to make sure the forum is safe to go on? Thanks.

A:Exploit Phoenix Exploit type 769?

Hello and welcome, kittycat732. I'd like to run these.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1 <<<== Use this one first.Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware EDIT:Phoenix Exploit's Kit, also known as PEK, dates back to 2007, which makes it one of the older and more successful exploit kits available on the black market. The kit is implemented using PHP and a MySQL back end database. The database is used to collect statistical data gathered from visitors of the attack page.WEbsenseAs it is a malware I asked for the other scans. I would not cosider that site safe.

http://www.bleepingcomputer.com/forums/t/442289/exploit-phoenix-exploit-type-769/
Relevancy 80.6%

Hi there hope you can help me with this My PC has been a little slow for the Problem Center Kit Exploit Disabled.Security Phoenix Exploit and past week And yesterday my AVG Free Version bleeped a threat of Exploit Phoenix Exploit Kit on Mozilla Firefox I ran a scan through Malwarebytes and it informed of Disabled Security Center I have pasted and attached the log below Please advise Thanks Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer -Nov- AM mbam-log- - - - - txt Scan type Full scan C D X Objects scanned Time Exploit Phoenix Exploit Kit and Disabled.Security Center Problem elapsed minute s second Exploit Phoenix Exploit Kit and Disabled.Security Center Problem s Memory Processes Infected Memory Exploit Phoenix Exploit Kit and Disabled.Security Center Problem Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Security Center AntiVirusDisableNotify Disabled SecurityCenter - gt Bad Good - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Security Center FirewallDisableNotify Disabled SecurityCenter - gt Bad Good - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Security Center UpdatesDisableNotify Disabled SecurityCenter - gt Bad Good - gt No action taken Folders Infected No malicious items detected Files Infected No malicious items detected

A:Exploit Phoenix Exploit Kit and Disabled.Security Center Problem

Info, http://malwaredisasters.blogspot.com/2010/08/phoenix-exploits-kit-and-pay-per.html .

Moving this to Am I Infected forum.

Louis

http://www.bleepingcomputer.com/forums/t/360619/exploit-phoenix-exploit-kit-and-disabledsecurity-center-problem/
Relevancy 110.94%

So i just cam back form Best Buy a few hours ago and set up my NEW Envy Phoenix, and i noticed the LEDs didnt turn on "oh well" i thought a few hours and a few restarts later the LEDs wont turn on and HP Phoenix Control is not doing anything Please Help other wise no other probs with the computer

A:HP Envy Phoenix 860-019 LEDs wont turn on and HP Phoenix Con...

Hi @JakeRaines, I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post serial numbers and case details.If you are unfamiliar with how the Forum's private message capability works, this post has instructions.

http://h30434.www3.hp.com/t5/Desktop-Software-and-How-To-Questions/HP-Envy-Phoenix-860-019-LEDs-wont-turn-on-and-HP-Phoenix/td-p/5549050
Relevancy 108.36%

Hi there This is a continuation from this thread http www bleepingcomputer com forums topic html In short my PC was slow and AVG alerted me that my PC was infected with the Exploit Phoenix Kit and I want to know if I have any other malware hiding in my rootkit The DDS txt file DDS Ver - - - NTFSx Run by Dell at on -Nov- Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Kit Phoenix Exploit Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system spoolsv exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Xbox Accessories XboxStat exe Exploit Phoenix Kit C Program Files Apoint Apoint exe C PROGRA AVG AVG avgtray exe C Program Files Common Files Java Java Update jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Adobe Reader Reader Reader sl exe C Program Files Common Files Adobe ARM AdobeARM exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files Apoint Apntex exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system SearchIndexer exe C Program Files AVG AVG avgnsx exe C WINDOWS system wuauclt exe C Program Files iPod bin iPodService exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Dell Desktop dds scr Pseudo HJT Report uStart Page res c program files iepro IEProRs dll easyhome html uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local BHO IE Pro BHO -e - df-a - fcd b bf - c program files iepro iepro dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dll BHO Skype Plug-In ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll uRun ctfmon exe c windows system ctfmon exe uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun ATIPTA quot c program files ati technologies ati control panel atiptaxx exe quot mRun IntelWireless c program files intel wireless bin ifrmewrk exe tf Intel PROSet Wireless mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun XboxStat quot c program files microsoft xbox accessories XboxStat exe quot silentrun mRun Apoint c program files apoint Apoint exe mRun AVG TRAY c progra avg avg avgtray exe mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun GrooveMonitor quot c program files microsoft office office GrooveMonitor exe quot mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot StartupFolder c docume alluse startm programs startup win... Read more

A:Exploit Phoenix Kit

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle

http://www.bleepingcomputer.com/forums/t/361790/exploit-phoenix-kit/
Relevancy 108.36%

Sigh my nd temp computer is infected too I ve recently posted about my main computers Rootkit System Check infection now the computer I m using in it s place is in the same boat The past few days I ve noticed it going slower than it should have been It s a fairly nice machine so I thought maybe it was just clutter and needed a good thorough cleaning and defrag After cleaning the computer up Exploit 769 Phoenix of it s clutter unneeded programs and running Malwarebytes I expected it to run better but it didn t not at all I have been paying very close attention to the Phoenix Exploit 769 processes running and noticed that a Svchost exe was almost always using the most memory usually between k- k I suspected there was something fishy about that because I know that Svchost is a legit process but even still shouldn t soak up that much Yesterday I was forced to perform a System Restore because the computer was lagging so bad that it would have taken hours just to check my FB After the restore it seemed to do fine until I turned it on today and it lagged again I reset the computer and it seemed okay again I was browsing Facebook for about minutes when an AVG alert popped up saying quot Exploit Phoenix Exploit Kit Type quot and said that a certain file was infected I let out a big quot AHAH quot when I clicked quot More Details quot and saw that the infected process was Svchost exe I read this prior thread first and thought it was relevant http www bleepingcomputer com forums topic html I do have a third computer in another room which I m using to type this and will be using it from now on until these computers are healed I must note that I have a hard time figuring out how to run this nd computer in Safe Mode as it s a HP and I m used to using a Dell F doesn t bring up the same menu apparently F brings up some type of config menu and Esc just basically reboots it like normal after it asks me what hardware to use to boot it Which really confused me

A:Phoenix Exploit 769

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/439840/phoenix-exploit-769/
Relevancy 108.36%

Sorry I found this site while searching google for solutions and I don t know who to turn to for help First things first I am by no means a genius with computers I m a year old high school student However I do know Help? Kit. Exploit Phoenix basics of computers and can get around one easily enough Therefore I would much prefer detailed and simplified explanations and instructions I was running AVG this morning when it warned me of something called quot Phoenix Exploit Kit quot or something to that effect It has infected my Google Chrome I done some research and I discovered that it has something to do with botnets etc This morning just before I found this I bought some things on eBay Are my personal details vulnerable Is some twat in Antarctica going to be buying sunbeds using my credit card I m panicing as you can see and I would like to know What does this mean Can my AVG Free take care of it What should I do Please help I m extremely worried at the moment And sorry if I posted something wrong or somewhere Phoenix Exploit Kit. Help? I shouldn t have but could you please help me first Much appreciated

http://www.bleepingcomputer.com/forums/t/321011/phoenix-exploit-kit-help/
Relevancy 107.07%

I m trying to run though the Preparation Guide and I m running Possible infection Phoenix pev.dat/ Kit Exploit dds scr Commodo shows that it asks pev.dat/ Possible Phoenix Exploit Kit infection to run a couple of files with a DAT extension e g SWREG DAT which I tell it to allow Then it asks to run PEV DAT - I allow that aswell but the Windows pops up a message box saying Windows can not open this fileFile PEV DATTo open this file Windows needs to know what program you want to use to open it What do I do here I am running Vista Should I be running this as an Administrator at the moment I am running as a standard user When you right-click on the dds scr file there is no quot Run as Administrator quot entry on the menu OK It seems to work OK when I log into an Adminstrator account I was doing some web browsing when a AVG antivirus box popped up sayingAccessesd file is infectedThreat DetectedFile name h hcgtrimline com god bmkldukt phpThreat name Exploit Phoenix Exploit Kit type This is the first time I have ever had one of these message boxes I ve run DDS and GME and the logs are pasted below Is there any sign that my PC has been infected Thanks in anticipation GMER - http www gmer netRootkit scan - - Windows Service Pack Harddisk DR - gt Device Ide IAAStorageDevice- WDC WD rev Running WIBBLE exe Driver C Users Admin AppData Local Temp kxryqpob sys---- System - GMER ----SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwAdjustPrivilegesToken x C F SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwAlpcConnectPort x C F E SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwAlpcCreatePort x C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwConnectPort x C EC SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwCreateFile x C BE SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwCreatePort x C CE SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwCreateSection x C A SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwCreateSymbolicLinkObject x C C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwCreateThread x C E SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwDuplicateObject x C CC SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwLoadDriver x C A SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwMakeTemporaryObject x C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwOpenFile x C DC SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwOpenProcess x C F SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwOpenSection x C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwOpenThread x C B E SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwRequestWaitReplyPort x C B SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwSecureConnectPort x C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwSetSystemInformation x C A SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwShutdownSystem x C A SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwSystemDebugControl x C F SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO ZwTerminateProcess x C SSDT SystemRoot System DRIVERS cmdguard sys COMODO Internet Security Sandbox Driver COMODO Z... Read more

A:pev.dat/ Possible Phoenix Exploit Kit infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logCasey

http://www.bleepingcomputer.com/forums/t/361707/pevdat-possible-phoenix-exploit-kit-infection/
Relevancy 106.21%

Hello and thanks in advance Possible Exploit Kit JS/Redir Phoenix infection? or for all your help I have a problem with my computer and I suspect it might possibly be an infection but I m not sure On May Sunday I received an AVG notification saying that they had blocked a quot Phoneix Exploit Kit quot virus The infected file in question was quot grovoyange com index php quot which was probably a redirect or a popup ad of some sort since I Possible Phoenix Exploit Kit or JS/Redir infection? wasn t surfing that site Ever since then I get AVG warnings of a blocked quot JS Redir quot infection every now and then So far I have received these notifications a couple of times a day and it seems to pop up every now and then regardless of what sites I visit I could just be checking Gmail or Hotmail when the notification appears which makes me worry if my computer is already infected somehow The infected file in question has Possible Phoenix Exploit Kit or JS/Redir infection? been files in my Temporary Internet Files usually htm files named with random letters and numbers although there was a randomly named php file once However other than receiving the JS Redir warnings my computer seems to be functioning normally AVG still runs and doesn t pick up anything and Spybot only picks up a few tracking Possible Phoenix Exploit Kit or JS/Redir infection? cookies I am using IE and Windows XP Pro Version Service Pack If anyone could provide any advice I would be grateful Thank you again

A:Possible Phoenix Exploit Kit or JS/Redir infection?

Hello and welcome. Let's run a couple things and be sure all is gone.Start with Please download CKScanner and save it to your Desktop. <-Important!!!Double-click on CKScanner.exe and click Search For Files.If using Vista, right-click on it and Run As Administrator.After a very short time, when the cursor hourglass disappears, click Save List To File.A text file will be created on your desktop named ckfiles.txt. Click OK at the file saved message box.Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.Run TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.So... Read more

http://www.bleepingcomputer.com/forums/t/319148/possible-phoenix-exploit-kit-or-jsredir-infection/
Relevancy 106.21%

About a week ago I got an AVG pop-up quot Threat detected warning - Exploit Phoenix Exploit Kit Type quot after clicking on what I thought was a safe google search result I immediately ran Malwarebytes SpyBot and an Eset online scan kit Hupigon phoenix trojan & exploit none of which found any problems My computer was acting erratic and running slow some of the time after that warning Several days later I discovered that AVG had found files infected with Trojan Horse BackDoor Hupigon CBOV but was unable to quot Heal quot any of the infected files Here is my dds report DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Owner at on - - Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus phoenix exploit kit & Hupigon trojan Free Enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost exe -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C phoenix exploit kit & Hupigon trojan WINDOWS system spoolsv exe svchost exe C WINDOWS System CTsvcCDA exe C Program Files Java jre bin jqs exe C Program Files Palm Inc novacom x novacomd exe C phoenix exploit kit & Hupigon trojan PROGRA PANASO LocalCom lmsrvnt exe C WINDOWS System svchost exe -k imgsvc C Program Files Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C WINDOWS System MsPMSPSv exe C WINDOWS System wbem wmiapsrv exe C WINDOWS Explorer EXE C WINDOWS System hkcmd exe C WINDOWS System svchost exe -k HTTPFilter C PROGRA AVG AVG avgtray exe C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system hphmon exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Panasonic MFStation PCCMFSDM exe C Program Files Panasonic MFStation PCMFSMLM exe C Program Files Verbatim MediaShare Desktop Applications HipServAgent HipServAgent exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system PCCMFLPD exe C Program Files AVG Secure Search vprot exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS system ctfmon exe C WINDOWS system wuauclt exe C Program Files HP Digital Imaging bin hpqgalry exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C PROGRA AVG AVG avgnsx exe C Program Files AVG AVG avgui exe C Program Files Mozilla Firefox firefox exe C Program Files AVG AVG avgcsrvx exe C Program Files Mozilla Firefox plugin-container exe C Program Files Microsoft Office Office WINWORD EXE Pseudo HJT Report uStart Page hxxp www att net uURLSearchHooks H - No File mURLSearchHooks H - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO AVG Security Toolbar b c- c f- bf -b - a - c program files avg secure search AVG Secure Search toolbar dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB CCC A -B CA- -B A - F DD - No File TB AVG Security Toolbar b c- c f- bf -b - a - c program files avg secure search AVG Secure Search toolbar dll e df bff- a - eb -a - ed e d EB - a - b-a - c a a - No File uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun ctfmon exe c windows system ctfmon exe uRunOnce FlashPlayerUpdate c windows system macromed flash FlashUtil c Plugin exe -update plugin mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun UpdReg c windows UpdReg EXE mRun AVG TRAY c progra avg avg avgtray exe mRun HPHUPD c program files hp aac fc - f - - dd -ebc c d hphupd exe mRun HP Software Update quot c program files hp hp software update H... Read more

A:phoenix exploit kit & Hupigon trojan

Hello, my name is Elise and I'll assist you with this issue.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/440683/phoenix-exploit-kit-hupigon-trojan/
Relevancy 104.92%

I need some help here.

I'm running IE7 and/or Firefox on Windows XP on a wireless home connection. My other laptop seems to be unaffected.

On May 25th, I somehow downloaded the Antisoft-Spyware virus. Both manually and using Spyware Doctor and CCCleaner, I managed to remove the virus. About a week later, the virus re-appeared and I performed the same removal process. Unfortunately I must not have gotten all of it (or something!)

After that point, I started having major issues with pop-up and google search re-directs. I also am unable to even open the pages www.windowsupdate.com or www.windowsupdate.microsoft.com.

Obviously I have some sort of malware, but I don't have the slightest idea how to find it (nothing shows up on Spyware Doctor or AVG seems limited in how it deals with supposedly infected files) let alone how to remove any of it.

Please help!

Thanks!

A:Search Engine Re-direct (Phoenix Exploit Kit?)

Hello and welcome... let's see if we can get in like this.You need to do all the steps as some pertain to your issue..Please follow our Removal Guide here Remove Antispyware Soft (Uninstall Guide) You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

http://www.bleepingcomputer.com/forums/t/322159/search-engine-re-direct-phoenix-exploit-kit/
Relevancy 104.92%

Hi Am hoping to get some advice on this here I may have got rid of the problem - the computer is running better - but need expert rootkit malware? Phoenix still / Exploit have Kit) Do I (Poss advice to be sure in case there isn t still something bad in the system To cut a long story short The computer especially the browsers had been a bit slow for at least a couple of Do I still have rootkit / malware? (Poss Phoenix Exploit Kit) weeks I assumed it was because I was having to use a mobile modem so I thought nothing of it IE was worse than Firefox but then IE Do I still have rootkit / malware? (Poss Phoenix Exploit Kit) has always been temperamental on this machine Then just over a week ago I got a couple of AVG alerts showing Exploit Phoenix Exploit Kit type I installed lots of antimalware amp antivirus programs ran various things in safe mode but nothing was ever found I didn t have time to reinstall Windows so put off dealing with the issue All that was happening was that the machine was a bit slow and Firefox would sometimes crash citing the plugin container Avast - which I d just installed - would detect and block threats DCOM exploits or times a day Then today I looked at CPU usage - found the FF plugin container usage was v high So I looked at plugins and found two Coupons Inc Printer Managers Dunno how as I d set Firefox to check with me before installing plugins I disabled these deleted all coupons com software which appeared to have installed itself about months ago from Program Files deleted my Firefox profile uninstalled Firefox and then reinstalled it The computer is performing almost as it used to now although typing in IE is a little more laborious Browsing in Firefox seems fine But I m concerned that there may be something nasty such as a rootkit with ID theft potential Do I still have rootkit / malware? (Poss Phoenix Exploit Kit) still lurking I ve seen AVG mistake files for something else before so I m not sure that it identified the culprit Am hoping the forum can help Logs follow Thank you DDS log I have replaced the real username with the word quot username quot in this log DDS Ver - - - NTFSx Run by username at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT AV AVG On-access scanning enabled Outdated DDD - FF- F- E B- D D BF SP AVG enabled Outdated DDD - FF- F- E B- D D BF SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF SP SUPERAntiSpyware enabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssc Program Files Microsoft Security Essentials MsMpEng exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Program Files Thomson ST service st service exeC Windows system svchost exe -k NetworkServiceC Program Files Alwil Software Avast AvastSvc exeC Windows System LEXBCES EXEC Windows System spoolsv exeC Windows System LEXPPS EXEC Windows system svchost exe -k LocalServiceNoNetworkC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Windows system svchost exe -k bthsvcsC Windows system svchost exe -k hpdevmgmtC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Kontiki KService exeC Windows System svchost exe -k HPZ C Program Files Sony Ericsson Sony Ericsson PC Suite SupServ exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system stacsv exeC Windows system svchost exe -k imgsvcC Program Files Sony VAIO Event Service VESMgr exeC Program Files Common Files Sony Shared VAIO Enterta... Read more

A:Do I still have rootkit / malware? (Poss Phoenix Exploit Kit)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logCasey

http://www.bleepingcomputer.com/forums/t/362094/do-i-still-have-rootkit-malware-poss-phoenix-exploit-kit/
Relevancy 104.92%

I picked up an infection of AntiVir Solution Pro rogue antivirus on my Windows XP laptopand had the popups preventing me from running any executable It also prevented me from dowloading any Windows update or even clicking on the MS Windows update link in Google I cured it I think by Running MalwareBytes in windows safe mode--it found malware files SUPERAntispyware--found several malware registry entries Manually deleting a suspect file in UserProfile Local Settings Application Data random random exeRe-running MalwareBytes in safe mode last showed no infection I get no more AntiVir Solution Pro popups BUT THEN Then I got a popup from my AVG Resident Shield saying quot Exploit Phoenix Exploit Kit type quot Was detected I do get an occasional new tab that opens in my Firefox browser and I m still blocked from accessing the MS Windows update link in Google So I m not sure if it s a remnant of AntiVir Solution AntiVir Solution Phoenix infection Exploit Pro + Pro or the Exploit Phoenix thing I ran DDS and GMER GMER crashed so after three tries I gave AntiVir Solution Pro + Exploit Phoenix infection up on that Attached are the DDS logs though AND Firefox prevented me from posting this forum topic to bleepingcomputer I posted this from another PC by transferring the log files Help Here is DDS txt DDS Ver - - - NTFSx Run by Barry at on Tue AntiVir Solution Pro + Exploit Phoenix infection Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files Intel Wireless Bin S EvMon exesvchost exesvchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files Intel Intel Matrix Storage Manager Iaanotif exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Adobe Reader Reader Reader sl exeC WINDOWS RTHDCPL EXEC WINDOWS system igfxpers exeC Program Files CyberLink PowerDVD PDVDServ exeC Acer Empowering Technology ePower ePower DMC exeC PROGRA AVG AVG avgtray exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Free Desktop Clock DesktopClock exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system igfxsrvc exeC WINDOWS system spoolsv exeC WINDOWS system agrsmsvc exeC PROGRA AVG AVG avgwdsvc exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Intel Wireless Bin RegSrvc exeC Program Files CyberLink Shared Files RichVideo exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wbem wmiapsrv exeC PROGRA AVG AVG avgemc exeC Acer Empowering Technology eLock Service eLockServ exeC Program Files AVG AVG avgcsrvx exeC DOCUME Barry LOCALS Temp RtkBtMnt exeC WINDOWS system wbem unsecapp exeC WINDOWS system wuauclt exeC bbs kill-AntiVirPro combofix et al dds scr Pseudo HJT Report uStart Page hxxp www myway com uSearch Page hxxp us rd yahoo com customize ycomp defaults sp http www yahoo comuSearch Bar hxxp us rd yahoo com customize ycomp defaults sb http www yahoo com search ie htmlmDefault Page URL hxxp en us acer yahoo commStart Page hxxp en us acer yahoo comuInternet Connection Wizard ShellNext hxxp en us acer yahoo com uSearchURL Default hxxp us rd yahoo com customize ycomp defaults su http www yahoo comuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files ja... Read more

A:AntiVir Solution Pro + Exploit Phoenix infection

hi punchedsilly,Your log is a few days old. If you still need help simply post back.

http://www.bleepingcomputer.com/forums/t/335416/antivir-solution-pro-exploit-phoenix-infection/
Relevancy 104.49%

Dear members of BleepingComputer Recently I ve been getting messages from my AVG virus scanner about the Exploit Phoenix Exploit Kit I ve been searching all over the net how to fix this problem But unfortunately it s proving to be too difficult for me to handle So I was hoping that someone could assist me with this issue Any help or suggestions will be much appreciated I ve looked into some posts and I ve done the scans So here they are I ran them in safemode TDSSKiller Phoenix exploit Exploit problem kit s log TDSS rootkit removing tool Apr Current date time SystemInfo OS Version ServicePack Product type Workstation ComputerName LYTRUNGTIN-PC UserName Ly Trung Tin Windows directory C Windows System windows directory C Windows Processor architecture Intel x Number of processors Page size x Boot type Safe boot Drive Device Harddisk DR - Exploit Phoenix exploit kit problem Size x D Gb SectorSize x Cylinders x C Exploit Phoenix exploit kit problem SectorsPerTrack x F TracksPerCylinder xFF Type K Flags x Device Harddisk DR MBR used Device Harddisk DR Partition MBR Type x StartLBA x BlocksNum x Device Harddisk DR Partition MBR Type x StartLBA x BlocksNum xC F Device Harddisk DR Partition MBR Type x StartLBA xC BlocksNum x A B Initialize success Scan started Mode Manual Exploit Phoenix exploit kit problem SigCheck TDLFS ohci b b aa ac bd afe f C Windows system drivers ohci sys ohci - ok ACPI cea c bed aa da febc C Windows system drivers ACPI sys ACPI - ok AcpiPmi efbc abff d d db dcb f C Windows system drivers acpipmi sys AcpiPmi - ok AdobeARMservice a cf b deeb c eff C Program Files Common Files Adobe ARM armsvc exe AdobeARMservice - ok adp xx e ebd dc a aac fb C Windows system DRIVERS adp xx sys adp xx - ok adpahci c bc d b ff abd bbe f C Windows system DRIVERS adpahci sys adpahci - ok adpu c b ee b b ec fe a db C Windows system DRIVERS adpu sys adpu - ok AeLookupSvc b eefeec e d a a c ad C Windows System aelupsvc dll AeLookupSvc - ok AFD ebbba f f fcaa bfa C Windows system drivers afd sys AFD - ok agp c c cef b ee d dd e C Windows system drivers agp sys agp - ok aic xx b d a f b bd d C Windows system DRIVERS djsvs sys aic xx - ok ALG a e cd fea accc f f C Windows System alg exe ALG - ok aliide d bcf ea fc df aeab dea C Windows system drivers aliide sys aliide - ok amdagp c a e a c e ab C Windows system drivers amdagp sys amdagp - ok amdide cd b d d f C Windows system drivers amdide sys amdide - ok AmdK dda d bac bf a db dfd C Windows system DRIVERS amdk sys AmdK - ok AmdPPM cbf f fda dd e df ea b C Windows system DRIVERS amdppm sys AmdPPM - ok amdsata d bf f d fe fc C Windows system drivers amdsata sys amdsata - ok amdsbs ea af c ff f e a bdaba C Windows system DRIVERS amdsbs sys amdsbs - ok amdxata fb b d dea d be a f C Windows system drivers amdxata sys amdxata - ok AppID aea f e ace ee da C Windows system drivers appid sys AppID - ok AppIDSvc a c cb e db e e f C Windows System appidsvc dll AppIDSvc - ok Appinfo fb d ad e df e c C Windows System appinfo dll Appinfo - ok Apple Mobile Device ef b ebe cc d c e C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Apple Mobile Device - ok AppMgmt a d df a da a b a a C Windows System appmgmts dll AppMgmt - ok arc f bd dbc edb ffb C Windows system DRIVERS arc sys arc - ok arcsas d f c fd ae b bd e feb bc C Windows system DRIVERS arcsas sys arcsas - ok AsyncMac add ade c b ab d daaf C Windows system DRIVERS asyncmac sys AsyncMac - ok atapi c c a ab bf e C Windows system drivers atapi sys atapi - ok athr ac adac ab cc b bc a C Windows system DRIVERS athr sys athr - ok AudioEndpointBuilder ce b e d ef fcb be d f C Windows System Audiosrv dll AudioEndpointBuilder - ok Audiosrv ce b e d ef fcb be d f C Windows System Audiosrv dll Audiosrv - ok avg emc aa cd f d ba aba b f C Program Files AVG AVG avgemc exe avg emc - ok avg wd c d db be d ea df d C Program Files AVG AVG avgwdsvc exe avg wd - ok AvgLdx b c d aba dd fdcf fa C Windows System Drivers avgldx sys ... Read more

A:Exploit Phoenix exploit kit problem

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Launch Farbar Service Scanner once again and typeipsec.sys in the search BOX and click on search files.Please post the log.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.Please let me know what problems you are experiencing with this computer.

http://www.bleepingcomputer.com/forums/t/449940/exploit-phoenix-exploit-kit-problem/
Relevancy 104.49%

About a week ago I checked my computer Kit Exploit Exploit Phoenix Removal and found that AVG discovered a Virus This virus was the Exploit Phoenix Exploit Kit I have AVG perform scans daily The most recent things I have done on the computer before AVG had discovered this Exploit Phoenix Exploit Kit Removal were download Google Chrome Update Frostwire and download mp files from Frostwire Anyway when AVG showed I have this virus it gave me no option of removing it Being afraid of anything happening I turned the computer off and manually Exploit Phoenix Exploit Kit Removal unplugged it from power Today I finally ran Windows in Safe Mode with Networking performed a full scan with Malwarebytes ran AVG command line scanner and ran SpyBot Search and Destroy Malwarebytes found files which were adware SpyBot Search and Destroy found a couple of infected files but both of these programs successfully removed what THEY had discovered AVG however did not give me a log or anything Of these scans I had not come across the Exploit Phoenix Exploit Kit Exploit Phoenix Exploit Kit Removal Perhaps these programs are not designed to find viruses Anyway how would I go about removing this Exploit Phoenix Exploit Kit Thank you cheepmeep

A:Exploit Phoenix Exploit Kit Removal

Hello and My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs. Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!P2P - I see you have P2P software ( Frostwire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.Please see this topic for more information:Perils of P2P File Sharing.I would strongly recommend that you uninstall these now. If you choose to leave them on the machine, please refrain from using them while we are cleaning the machine to prevent further infection.Download and Run DDS by sUBsPlease download DDS and save it to your desktop.Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. Save both reports to your desktop.---------------------------------------------------Please Please copy / paste the scan reults.DDS.txtPlease attach the second file; Attach.txt.Scan With RootKitUnHookerPlease choose one link and download Rootkit Unhooker and save it to your desktop.

Link 1
Link 2
Link 3Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers and StealthUncheck the rest. then click OKWhen prompted to Select Disks for Scan, make sure C:/ is checked and click OKWait till the scanner has finished and then click File > Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in your next reply.Note** you may get the following warning, just click OK and continue."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

http://www.bleepingcomputer.com/forums/t/410326/exploit-phoenix-exploit-kit-removal/
Relevancy 103.63%

The problem started with a popup AntiVir Solution Pro windows and a persistent google redirect every time I clicked on the result of a google search I got some shady looking website I'm running windows XP SP and have AVG installed and installed avast and ad-aware after the infection I found this post http www bleepingcomputer com forums t antivir-solution-pro-exploit-phoenix-infection which pretty much exactly describes my problem So in the hope that I could solve my problem without wasting anyone else's time I attempted that post's solution I downloaded Malwarebytes' antimalware ran it and sure enough it and rootkit Phoenix infection AntiVir Solution Exploit, Pro, found several malware files I think I ran a scan with Avast's antivirus AVG and Ad-Aware and all of them found at least some altered registry entries The google redirects and popup tabs in firefox continued though Like the referenced post above then I got a popup from my AVG Resident Shield saying Exploit Phoenix Exploit Kit type Was detected Here's the DDS log I just ran DDS Ver - - - NTFSx Run by Michael Droske at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- AntiVir Solution Pro, Phoenix Exploit, and rootkit infection D D BF AV avast Antivirus On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system nvsvc exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exesvchost exeC Program Files AVG AVG avgcsrvx exeC Program Files Lavasoft Ad-Aware AAWService exeC Program Files Alwil Software Avast AvastSvc exeC WINDOWS system spoolsv exesvchost exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA ESRI License arcgis x lmgrd exeC Program Files AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC PROGRA ESRI License arcgis x ARCGIS exeC Program Files Cobian Backup cbVSCService exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Digidesign Drivers MMERefresh exeC Program Files Google Update GoogleUpdate exeC WINDOWS system tcpsvcs exeC Program Files Google Update GoogleCrashHandler exeC WINDOWS Explorer EXEC Program Files MySQL MySQL Server bin mysqld exeC Program Files AVG AVG avgnsx exeC Program Files Common Files SafeNet Sentinel Sentinel Protection Server WinNT spnsrvnt exeC WINDOWS system SonyIEx exeC WINDOWS system svchost exe -k imgsvcC Program Files RealVNC VNC WinVNC exeC WINDOWS system MsPMSPSv exeC WINDOWS system SearchIndexer exeC WINDOWS system wuauclt exeC Program Files Roxio Roxio DVDMax Player PDVDServ exeC WINDOWS system devldr exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Adobe Acrobat Acrobat Acrotray exeC WINDOWS SOUNDMAN EXEC WINDOWS system RUNDLL EXEC PROGRA AVG AVG avgtray exeC PROGRA ALWILS Avast avastUI exeC Program Files Cobian Backup Cobian exeC Documents and Settings Michael Droske Local Settings Application Data Google Update GoogleUpdate exeC Program Files Steam Steam exeC WINDOWS system ctfmon exeC Program Files Windows Desktop Search WindowsSearch exeC Program Files iPod bin iPodService exeC Program Files Cobian Backup cbInterface exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Java jre bin jucheck exeC WINDOWS system SearchProtocolHost exeC WINDOWS system SearchProtocolHost exeC Documents and Settings Michael Droske Desktop dds scr Pseudo HJT Report uStart Page hxxp search myheritage comuInternet Settings ProxyOverride uURLSearchHooks MHURLSearchHook Class c ab a - f- e -b f-f cce bbd - c program files family toolbar tbhelper dllBHO MHTBPos Class c b -fd - a- e -d ee e f - c program files family toolbar tbcore dllBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files com... Read more

A:AntiVir Solution Pro, Phoenix Exploit, and rootkit infection

Hi Kris.83, thanks a lot for the help. Unfortunately, I did all you said, and I'm still getting tabs popping up in Firefox and Ad-aware keeps catching the process svchost.exe trying to access an IP. Here are all the logs from what I did:Ok, I ran OTM, and here's its log:QUOTEAll processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\Michael Droske\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\Michael Droske\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 41 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: Michael Droske->Temp folder emptied: 122327237 bytes->Temporary Internet Files folder emptied: 503467 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 77242290 bytes->Google Chrome cache emptied: 856432 bytes->Flash cache emptied: 1536575 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 137084570 bytes->Java cache emptied: 55657 bytes->Flash cache emptied: 41165 bytes %systemdrive% .tmp files removed: 1253 bytes%systemroot% .tmp files removed: 4509408 bytes%systemroot%\System32 .tmp files removed: 2577 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 912103 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 2120010243 bytes Total Files Cleaned = 2,351.00 mb Restore point Set: OTM Restore Point (0) OTM by OldTimer - Version 3.1.15.0 log created on 08232010_095550Files moved on Reboot...C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\commonMod[1].css moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\foundation[1].css moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\jquery-1.3.2.min[1].js moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\jquery.corner[1].js moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\js_loader[1].js moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\link_helper[1].js moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\page-blocks[1].css moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XS6TKI0Q\skin[1].css moved successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GFEPESZE\addthis_widget[1].js moved successfully.C:\Documents and Settings\... Read more

http://www.bleepingcomputer.com/forums/t/340776/antivir-solution-pro-phoenix-exploit-and-rootkit-infection/
Relevancy 101.48%

I would like to point out I am by no means an expert with computers this is all new to me so please bare with me I have had my laptop about years amp Phoenix Google Kit related Redirects .. , Exploit ThinkPoint Kit agutekudat.dll , ? Gomeo never had an antivirus firewall etc as I always in the past found them to block all sorts for no apparent reason I Phoenix Kit Exploit Kit , Google Gomeo Redirects , agutekudat.dll .. ThinkPoint related ? also never had a problem until about a month ago I got a fake antivirus add quot ThinkPoint quot one of the ones that tries to sell you something that fixes nothing it appeared as a legit Windows Defender link then when I restarted the program kicked in I am mentioning this as I believe it may be related I found a link somewhere of how to get rid of this virus it was simple enough Afterwards the internet wouldn t load any sites I fixed this through a change proxy settings option in google chrome Phoenix Kit Exploit Kit , Google Gomeo Redirects , agutekudat.dll .. ThinkPoint related ? After this happened though I started to get re-directed to random add sites E G Gomeo co uk from google searches finding I had to right click enter new tab on the links to get around this If that was the only problem I could live with it but things started getting worse over the past week I have re-installed AVG along with a number of other programs SpyBot - Search amp Destroy Malware bites Ad Aware CC Cleaner Everytime I run a scan or fix with any of them they appear to be fixing something but the problem persists A few days ago I started getting an error when I tried to open any programs alter install uninstall anything RunDDL Error Loading C Windows system config systemprofile AppData L ocal agutekudat dll Access Phoenix Kit Exploit Kit , Google Gomeo Redirects , agutekudat.dll .. ThinkPoint related ? is denied I managed to get rid of this error also through simple AVG Malwarebites scans etc but I now get a similar RunDLL error on start up instead it doesnt seem to effect anything though however since I quot fixed quot that error Ive had blue screens in hours for no apparent reason both times I find this odd as I have never had the recurring blue screen problem on my laptop I also noticed in the system tray something called Server SQL it seems to be a legit microsoft thing but I have no idea what it is or does it has the options play pause stop but they re all unresponsive I decided to post on here as I cant really live with blue screens cutting in every few hours for no apparent reason amp I would like to clean amp fix my computer but a complete restore of windows is really out of the question except for a very last resort DSS log DDS Ver - - - NTFSx Run by Andy at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT SP Windows Defender Enabled Updated D DDC A- F- FAE- E -DA C ACF SP SUPERAntiSpyware Enabled Updated A C- - e- F- E AC DA AV Lavasoft Ad-Watch Live Anti-Virus Enabled Updated DAAC C - A - DFE-FC C- C E AV AVG Anti-Virus Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Lavasoft Ad-Watch Live Enabled Updated CDFD D- CAC- -C FC- ACB B Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Program Files Lavasoft Ad-Aware AAWService exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files... Read more

A:Phoenix Kit Exploit Kit , Google Gomeo Redirects , agutekudat.dll .. ThinkPoint related ?

Hello WynderWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

http://www.bleepingcomputer.com/forums/t/366657/phoenix-kit-exploit-kit-google-gomeo-redirects-agutekudatdll-thinkpoint-related/
Relevancy 96.75%

I ve been having this problem since yesterday As I recall I was reading Exploit Exploit Kit Phoenix email in Yahoo I m not sure if it was with IE or Firefox as I use both and I got a popup I had not clicked on any link nor do I remember going to any site Exploit Phoenix Exploit Kit so I m at a loss as to where it came from The popup said something about the registry and asked me to save the file I know enough about computers to know this was not something I wanted to do so I closed the box Then it happened again Some time later I got an AVG popup box informing me it had blocked an attempt of the Exploit Phoenix Exploit Kit I know there was more to it a number maybe I had to reboot the computer because the GMER program locked up my PC so I lost the popup box Since AVG said they blocked it I didn t think any more about it Then today it happened again It does seem that I have a problem I ve read about in some forums about links going to mysterious places Neither AVG nor Spybot has found anything I tried to run the GMER program twice but both times my PC locked up so I gave up DDS Ver - - - NTFSx Run by Jan at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exeC WINDOWS system spoolsv exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC WINDOWS system igfxtray exeC WINDOWS system igfxpers exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD DX PDVDDXSrv exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Real RealPlayer RealPlay exeC Program Files Adobe Photoshop Elements apdproxy exeC Program Files ScanSoft OmniPageSE OpwareSE exeC WINDOWS system igfxsrvc exeC WINDOWS system spool drivers w x WrtMon exeC Program Files Common Files AOL ee AOLSoftware exeC Program Files Adobe Acrobat Acrobat Acrotray exeC PROGRA AVG AVG avgtray exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files AWS WeatherBug Weather exeC Program Files Skype Phone Skype exeC Program Files America Online aoltray exeC Program Files Digital Line Detect DLG exeC Program Files Western Digital WD SmartWare WD Drive Manager WDDMStatus exeC Program Files Western Digital WD SmartWare Front Parlor WDSmartWare exeC WinZip WZQKPICK EXEC Program Files Microsoft Office Office ONENOTEM EXEsvchost exeC WINDOWS system spool drivers w x WrtProc exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC PROGRA COMMON AOL ACS acsd exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files AVG AVG avgnsx exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Viewpoint Common ViewpointService exeC WINDOWS wanmpsvc exeC Program Files Western Digital WD SmartWare WD Drive Manager WDDMService exeC Program Files Western Digital WD SmartWare Front Parlor WDSmartWareBackgroundService exeC Program Files Yahoo SoftwareUpdate YahooAUService exeC Program Files AVG AVG avgemc exeC Program Files Canon CAL CALMAIN exeC Program Files AVG AVG avgcsrvx exeC Program Files Skype Plugin Manager skypePM exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files iPod bin iPodService exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Mozilla Firefox firefox exeC Program Files Mozilla Firefox plugin-container exeC Documents and Settings Jan Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo comuSearch Page hxxp www goo... Read more

A:Exploit Phoenix Exploit Kit

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt Will be openedExtra.txt Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't ... Read more

http://www.bleepingcomputer.com/forums/t/335310/exploit-phoenix-exploit-kit/
Relevancy 96.75%

Hello I believe that there is something like a virus on my computer but it hasn t wreaked much trouble yet From exploit phoenix exploit kit previous experience of viruses and trojans it feels like there is A few things have happened - I got a message saying quot exploit phoenix exploit kit quot today on AVG exploit phoenix exploit kit Itunes isn t working properly I can t download music into it And some of the icons exploit phoenix exploit kit which appear when I use exploit phoenix exploit kit the internet are mixed up the Amazon icon appears on a tab when I use Bing instead of the Bing icon for instance I would like your advice as I feel there is something odd and would like to prevent it before it does anything I use Windows And here is the DDS log- DDS Ver - - - NTFS AMD Run by at on Internet Explorer Microsoft Windows Home Premium GMT SP SUPERAntiSpyware disabled Updated A C- - e- F- E AC DA Running Processes C Windows system wininit exe C Program Files x AVG AVG avgchsva exe C Program Files x AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf amd neutral afc f cfedd STacSV exe C Windows system svchost exe -k LocalService C Program Files Dell DellDock DockLogin exe C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows system conhost exe C Program Files Dell Dell Wireless WLAN Card WLTRYSVC EXE C Program Files Dell Dell Wireless WLAN Card bcmwltry exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x AVG AVG avgwdsvc exe C Program Files x Bonjour mDNSResponder exe C Program Files x Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files x Dell DataSafe Local Backup sftservice EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x AVG AVG avgemc exe C Program Files x AVG AVG avgnsa exe C Program Files x AVG AVG avgcsrvx exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x Dell DataSafe Local Backup Components scheduler STService exe C Windows system wbem wmiprvse exe C Program Files DellTPad Apoint exe C Program Files IDT WDM sttray exe C Windows System igfxtray exe C Windows system igfxsrvc exe C Windows System igfxpers exe C Program Files Dell Dell Wireless WLAN Card WLTRAY EXE C Program Files Dell QuickSet quickset exe C Program Files x Intel Intel Matrix Storage Manager IAAnotif exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Dell DellDock DellDock exe C Program Files x CyberLink PowerDVD DX PDVDDXSrv exe C Program Files x Roxio Roxio Burn RoxioBurnLauncher exe C Program Files x AVG AVG avgtray exe C Program Files x Napster napster exe C Program Files x iTunes iTunesHelper exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C Windows system conhost exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Windows System vds exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system taskeng exe C Windows System jusched exe C Program Files x Common Files Apple Apple Application Support distnoted exe C Windows system conhost exe C Program Files x internet explorer iexplore exe C Program Files x internet explorer iexplore exe C Program Files x MSN Toolbar Pl... Read more

A:exploit phoenix exploit kit

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logRegards,Georgi

http://www.bleepingcomputer.com/forums/t/363168/exploit-phoenix-exploit-kit/
Relevancy 77.83%

Logfile of HijackThis v Scan saved at PM on Platform Windows XP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Mozilla Firefox firefox exeC Documents and Settings Administrator FAMILY Desktop HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKLM Software Microsoft Internet Phoenix HJT - Explorer Search Default Search URL http www searchv com w search htmlR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - Default URLSearchHook is missingF - REG system ini UserInit C WINDOWS system userinit exe C Windows System wsaupdater exe O - BHO amp EliteBar - CAEFF - F - -B - D BD C A - C WINDOWS EliteBar EliteBar version dllO HJT - Phoenix - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - Toolbar amp EliteBar - CF BD- - -B - C C CA F - C WINDOWS EliteBar EliteBar version dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run HPDJ Taskbar Utility C WINDOWS System spool drivers w x hpztsb exeO - HKLM Run CloneCDElbyCDFL quot C Program Files Elaborate Bytes CloneCD ElbyCheck exe quot L ElbyCDFLO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run LWBMOUSE C Program Files Tech Wheel Mouse MOUSE A EXEO - HKLM Run MbZ C documents and settings dave local settings temp MbZ exeO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run Windows SA C Program Files WindowsSA omniscient exeO - HKLM Run AutoUpdater quot C Program Files AutoUpdate AutoUpdate exe quot O - HKLM Run q nW nW msrncutl exeO - HKLM Run SSC UserPrompt C Program Files Common Files Symantec Shared Security Center UsrPrmpt exeO - Global Startup Billminder lnk C QUICKENW BILLMIND EXEO - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Global Startup Quicken Startup lnk C QUICKENW QWDLLS EXEO - Global Startup Search vbsO - Extra button AIM - AC E - - d -BC D- B D A DE - C PROGRA AIM aim exeO - DPF v cab - http searchmiracle com cab v cab cabO - DPF FA -C - CE-BF - AA A - http www wsel net imcupdatefiles whistlesilent cabO - DPF FF B-CA - D - DD- CInstall Class - http www wildtangent com webdrivers webi ave Install cabO - DPF - F - BB - D -FA D F A AB YInstStarter Class - http us dl yimg com download yahoo com s yinst cabO - DPF B F C -C CF- BC-BB D-DCFA B CABF PopCapLoaderCtrl Class - http zone msn com bingame rock default popcaploader cabO - DPF E F- D - A - DD -E EEEC Symantec RuFSI Utility Class - http security symantec com sscv SharedC n bin cabsa cabO - DPF F - - -A - DE D C Ofoto Upload Manager Class - http www ofoto com downloads BUM BUM WIN IE axofupld cabO - DPF D C- - C -A -EA BE FC D Downloader Class - http www shop intuit com commerce accoun bles ie IDA cabO - DPF AA F -EC - E- A - CD E BC ZoneAxRcMgr Class - http zone msn com binGame ZAxRcMgr cabO - DPF AB A -D B - E -A F -D E FC B A WTHoster Class - http install wildtangent com bgn partner nds install cabO - DPF CA DCC-A - -B F- F C E C Downloader Class - https www stopzilla com download Auto In ller dwnldr cabO - DPF EF BD -C FB- D - F- D F Yahoo Companion - http us dl yimg com download companion ebio cabO - DPF F A AE -A D- D - - C F EF D Hotmail Attachments Control - http by fd bay hotmail msn com activex HMAtchmt ocxO - AppInit DLLs C WINDOWS System samlib b dll

A:HJT - Phoenix

Download the following:http://www.downloads.subratam.org/pv.zipExtract it all into it's own folder. Find the runme.bat, and double click on it. When the window opens, select option 7.Please put HijackThis in its own folder. It makes backups,and it is best to keep them all in one place. Click My Computer, then C:\ In the menu bar, File->New->Folder.That will create a folder named New Folder. Right click on the folder and select 'rename' Rename to something like 'HJT' , and put Hijackthis in there.*********************************************************************** Put a checkmark next to the following entries in HijackThis. Make sure all other windows and browsers are closed before clicking on ?Fix Checked?.R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - Default URLSearchHook is missingO2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 39.dllO3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 39.dllO4 - HKLM\..\Run: [MbZ] C:\documents and settings\dave\local settings\temp\MbZ.exeO4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exeO4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"O4 - HKLM\..\Run: [q7nW3nW] msrncutl.exeO16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webi...ave/Install.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...nds/install.cab *********************************************************************** Boot into SAFE MODE by tapping the f8 key during boot up.Delete the following:C:\Program Files\WindowsSA\<-- folderC:\Program Files\AutoUpdate\<-- foldermsrncutl.exeIf you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.************************************************************************ Reboot.Open notepad and paste in the following lines: del c:\ *.tmp del %temp%\*.tmp /f del %windir%\prefetch\*.* del %windir%\temp\*.* /f Save to desktop as 'clean.bat' , file types as 'all-files'.DoubleClick on the icon, and say yes when prompted.************************************************************************Post a new log.

http://www.bleepingcomputer.com/forums/t/2232/hjt-phoenix/
Relevancy 76.97%

I have a Averatec 7100 series laptop.
I need to return the hard drive to the factory beginning.
I have done this in the past put i cant find the program that does that.
Recovery Pro.
i have tried pushing F4 during post but nothing happenings and Averatec is closed for hte weekeend and my computer may be aout of warrenty.
Any suggestions????
 

A:phoenix recovery pro

Phoenix made programs for recovering data from damaged systems. It sounds like you just want to access the recovery partition to restore your machine.

Your manual is here:

http://www.averatec.com/docs/7100_User_Manual.pdf
 

https://forums.techguy.org/threads/phoenix-recovery-pro.650269/
Relevancy 76.97%

Any idea what a beep code of 2-0-0-0 is. When I boot up it only beeps two short times. It is Phoenix BIOS Version 4.05

Any help would be greatly appreciated.
Chip
 

Relevancy 76.97%

Hey Guys, I just received my NEW HP Phoenix desktop. Came with Win 10 Pro, I tried to install Win 7 Pro on a new SSD . I changed a settings in the bios=

Legacy Support - Enable
Secure Boot - Disable
Fast Boot - Disable

I reboot and boot into DVD, it says setting up windows files, then says Windows Start up, then it goes to the NEXT screen ( to change your region, time zone etc ) and NO Cursor or keyboard in this screen!

Can someone tell me what I'm missing here ! Before I send this thing back to HP I wanted some of this forums advise!

Thanks in Advance!

http://www.sevenforums.com/installation-setup/389550-trying-install-win-7-new-hp-phoenix.html
Relevancy 76.97%

Hey Guys, I just received my NEW HP Phoenix desktop. Came with Win 10 Pro, I tried to install Win 7 Pro on a new SSD . I changed a settings in the bios=

Legacy Support - Enable
Secure Boot - Disable
Fast Boot - Disable

I reboot and boot into DVD, it says setting up windows files, then says Windows Start up, then it goes to the NEXT screen ( to change your region, time zone etc ) and NO Cursor or keyboard in this screen!

Can someone tell me what I'm missing here ! Before I send this thing back to HP I wanted some of this forums advise!

Thanks in Advance!

http://www.sevenforums.com/general-discussion/389550-trying-install-win-7-new-hp-phoenix.html
Relevancy 76.97%

Hello im new here My pc has been causing some trouble first by ending the subscription to Keylogger Else? Maybe Phoenix And Something McAfee Security Center prematurely It also turns off the Virus Scan Firewall and Spam Killer quot until i renew my membership quot And every once in a while it shows me a message about a new update for those programs prompting me to subscribe again IExplorer is also very slow despite my cable connection Other softaware is laggy and it takes longer than it usual to start my pc Tried using McAfee Stinger and the Virtual TechinicianThe Virtual Technician did find some trouble but it was unable to repair itRan Ad-Aware AVG Free and Spybot but they couldnt fix it eitherThen i used Spyware Doctor FREE and it found it was the Phoenix KeyloggerI googled it and it seems like a very dangerous spyware so i hope one among you can help me to get rid of it without having to purchase spyware doctor Phoenix Keylogger And Maybe Something Else? since im assured even buying it doesnt mean it will fix it Any other necessary details please ask meI hope my english is understandable as well for it is not my native language Well thank you for your time

A:Phoenix Keylogger And Maybe Something Else?

Two programs to try:http://www.spybot.info/en/download/index.htmlhttp://www.superantispyware.com/--------------------------------------------------------------------------------If you still need help after using the programs above, please post a Hijack This log by following the instructions in the link below.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/--------------------------------------------------------------------------------There are several free antivirus, antispyware and firewalls that you could install to replace your McAfee suite. See the link below:http://www.bleepingcomputer.com/forums/topic3616.html

http://www.bleepingcomputer.com/forums/t/78062/phoenix-keylogger-and-maybe-something-else/
Relevancy 76.97%

When I go on the product page of my HP ENVY Phoenix 85O-050qe ( http://support.hp.com/us-en/product/HP-ENVY-Phoenix-850-000-Desktop-PC-series/7779683/model/7805187/... ), it shows that the LEDs are blue. On my system (that I bought back in June) the LEDs are only red and there is no apparent way to change them. How the heck are these LEDs different colors than mine?

A:LEDs on my Phoenix?

Check in the control panel for a lighting control panel. It might even be hidden in the systray.  I had an Omen 15 for last years product loan and there was a control panel that allowed me to change the keyboard lighting to just about any color. A couple of HP Experts had the same PC as yours and they mentioned being able to change the color of the LEDS.

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/LEDs-on-my-Phoenix/td-p/5602275
Relevancy 76.97%

Please help!!! My laptop keeps showing phoenix secureCore (tm) setup utility and ask me to enter password. I don't know these passwords. How do I reset it or get in?

A:help with phoenix secureCore

Did you try just hitting > Enter?

http://www.computing.net/answers/windows-7/help-with-phoenix-securecore/19291.html
Relevancy 76.97%

i just got a new computor and am seting things up im getin one one long beep fallowed by two short. which means a 98h
http://www.phoenix.com/NR/rdonlyres/81E6C43C-93BD-4097-A9C4-62F05AAD6025/0/biospostcode.pdf
that say search for option ROMs one long two short beeps on checksum faliure
anyone help
 

Relevancy 76.97%

I just read about the Phoenix OS that allows you to use Android apps on a desktop

Android Based Desktop Operating System: Phoneix OS

Would love to access the apps on my phone on my Windows 10 laptop!

Thought I should get some opinions/advice before proceeding.

http://www.techsupportforum.com/forums/f338/question-about-using-phoenix-os-1152177.html
Relevancy 76.97%

Hi Everyone,
I've a slight problem with my computer. I.m running Win98SE and while listening to an audio CD and playing a game the whole system froze. Nothing worked so I hit the reset button. It restarted and I heard a series of beeps, the monitor switched to sleep mode and apart from the fans running nothing else happen. The beep sequence was 1 3 3 1 which I've now found out to mean "28 Autosize Dram". As this means nothing to me can you come up with some kind of explanation and if possible some kind of repair.Thanks in advance to you all
 

Relevancy 76.97%

Right here's the deal, my brothers computer was fine and dandy yesterday.

But, when they turned it on this morning, it immediatly goes to the Phoenix CMOS/BIOS system and requires a password to boot.

Thing is, I'm the only one in my family who would know how to even get on to BIOS/CMOS and change a password and set it so the PC needs one to boot!
However my Mum thinks the GVT are at long last hacking into the computer to steal her credit card details

(crazy I know)

But I really need to get this sorted, I can't even get onto windows.

It's a windows XP machine, built by Novatech with Phoenix- AwardBios.


I've tried "backdoor passwords" from the net...

Nothing seems to be working.

So please, any help would be greatly appreciated.

A:Phoenix AwardBIOS.

Ok, solved that....Now it just keeps Booting BIOS...what do I do???

http://www.techsupportforum.com/forums/f10/phoenix-awardbios-280007.html
Relevancy 76.97%

How do I delete this program on WIN 7. Pop up keeps stating download...now. It is not in Programs oe the start program. HELP? Driving me nuts.

A:Phoenix Technology LTD

Check on the OEM manufacturer's web site for the lattest BIOS update.

http://www.sevenforums.com/software/274917-phoenix-technology-ltd.html
Relevancy 76.97%

Hi all,

I'm looking for a BIOS update for my E-System laptop but don't think I should have to pay for it. Does any1 know where I can get hold of the latest Phoenix AwardBIOS update?

I know the latest is v6 and I want it! *stamps feet* LOL

Cheers

A:Phoenix AwardBIOS

Pay for a bios update ...that's ludicrous. e-system charges its pc owners to fix e-systems mistakes or improve stability and usability?

Wish I could help, but you would know better than me where to get something for free.

Good Luck

http://www.sevenforums.com/drivers/11869-phoenix-awardbios.html
Relevancy 76.11%

I have ICE Cyber  ransome were on my XP computer that has a Phoenix - Award bios on it.  I downloaded Hitman Pro and the directions elsewhere in this site and made a thumb drive bootable drive for the USB port.  However, making the USB the boot port is not an option on this BIOS.  So I copied the files to a CD.  It sit won't boot.  HELP. 

A:hitman pro on phoenix bios

You can boot the USB flash drive on a BIOS that does not support it by using Plop Boot Manager. Download plpbt-5.0.14.zip. In the zip file is an iso called plpbt.iso. Burn the iso to a CD using Imgburn or other software that can burn an image. Boot the CD and use your arrow keys to select USB then press enter.
 
I have used this on an Old Dell with a BIOS that does not detect bootable USB flash drives and it worked fine.
 
Edited link for Plop Boot Manager

http://www.bleepingcomputer.com/forums/t/533246/hitman-pro-on-phoenix-bios/
Relevancy 76.11%

hey i have an advent 9115 with a Phoenix motherboard.

i cant seem to find an update anywhere not even on their site.... they say to contact the manufacturer and to contact mine i have to give them waranty details (no idea where they are) before i can even send them an email...... sucks hey

thanks for any help

A:Phoenix Bios update

hi there is no bios update for advent 9115 if u need the sound drivers for windows 7 go to this link http://support.pcworld.co.uk it says for win vista but it will work with win 7

http://www.sevenforums.com/drivers/37631-phoenix-bios-update.html
Relevancy 76.11%

Has anyone ever tried this app, its for saving data from corrupted HFS (Macintosh) drives, but it operates under Windows XP.
 

https://forums.techguy.org/threads/stellar-phoenix-macintosh.409446/
Relevancy 76.11%

I can not enter the bios setup any longer using the delete key, I have tried all combinations for phoenix which I found on many support guy threads but nothing helps. The only thing I can think of is a missing file but I am just guessing. Will it help if I reinstall win xp? Is there a registry fix utility that will do this? Thanks .
 

Relevancy 76.11%

Hi
 
I need help deleting the above as I don't want to have to press F1 every time I boot up.  Also, it prevents me from accessing Safe Mode from bootup unless I go into msconfig after Windows has loaded.
 
I've tried renaming the Registry entry but to no avail.  I didn't want to delete the entry in case I made things worse.
 
I'm running XP SP3.
 
Thank you.

A:Need to delete Phoenix AwardBIOS

Hi,
 
Can you explain a little better what the problem is? sometimes posting an image can help us to understand better the problem.
 
Simply because you can't DELETE the Phoenix AwardBIOS unless you want to kill the machine

http://www.bleepingcomputer.com/forums/t/513623/need-to-delete-phoenix-awardbios/
Relevancy 76.11%

I have been happily running two monitors since I got this computer in April one monitor connected to the HDMI port and the other to the DVI port on the NVIDIA third Envy on a HP monitor How run I Phoenix can 860-010 nbsp GTX card nbsp This card supports four monitors maximum nbsp It has nbsp HDMI DVI and DisplayPort connections nbsp Note that on model - you cannot nbsp use the two vertical HDMI ports nbsp marked How can I run a third monitor on HP Envy Phoenix 860-010 HDMI and HDMI nbsp They are not active in this model nbsp They only work with lesser models nbsp that use nbsp integrated graphics nbsp This model has the dedicated graphics card so nbsp only the ports on the card are active nbsp That's according to HP Support and I can confirm it from experience nbsp nbsp Now I need to connect a third monitor which only has DVI and VGA ports nbsp My only option is to nbsp connect it to one nbsp the DisplayPort ports on the card nbsp through nbsp an adapter nbsp I contacted NVIDIA support and they told me that either an active or passive adapter will work with this card nbsp So I bought a passive DisplayPort to DVI adapter cable and connected the third monitor to one of the DisplayPorts nbsp When I boot the boot screen shows up on my third monitor but it flags an unspecified nbsp error says it can't start Windows and offers to recover my system back to a restore point which I of course decline nbsp I tried various advanced troubleshooting nbsp options two different DisplayPort ports and two different DVI monitors with the same results each time nbsp When I disconnect the third monitor the computer is back to normal and boots fine nbsp My third monitor is obviously able to display stuff through this connection because the boot screen and various error and recovery screens nbsp show up there and I can use my mouse to interact with those screens nbsp The error message screen references log file C windows System Logfiles Srt SrtTrail txt nbsp That file flags the following error nbsp Root cause found ---------------------------Unknown Bugcheck Bugcheck b Parameters xc xfffff a b xffffd cc f b x nbsp I tried looking up this error online and got no helpful hits nbsp Does anybody know how to make a nbsp third DVI or HDMI monitor nbsp work on this model nbsp nbsp

A:How can I run a third monitor on HP Envy Phoenix 860-010

Update: When I run two monitors, one connected to the HDMI port and the other to a DisplayPort through the DisplayPort to DVI passive adapter cable, it works fine. So the cable itself is OK.  It's only when I attempt to run a third monitor through that cable that it fails. I suspect NVIDIA support was wrong when they said a passive adapter would work for a third monitor.  I've heard of a video card that works fine with a passive adapter for the first two monitors but requires an active adapter for the third.  I was hoping the NVIDIA GTX 960 was not like that.  Does anybody know for sure? Also, the precise sequence of boot messages with the third monitor is: 1. Preparing Automatic Repair screen.2. Diagnosing Your PC screen.3. Automatic Repair screen with message "Windows couldn't load correctly"

http://h30434.www3.hp.com/t5/Desktop-Video-Display-and-Touch/How-can-I-run-a-third-monitor-on-HP-Envy-Phoenix-860-010/td-p/5738476
Relevancy 76.11%

I have been regulary plauged with the following issue. Rebooting 1-2X usually fixes it. I go to power the system up and the fan starts up like a blowdryer and has a loud high pitched whine. at this point the PC refuses to boot. When I recognize this starting I force it to power down by holding the power button for 7-8 seconds.  The last attempt to boot the pc lead to the same symptoms but, rebooting did not fix it and it will not boot. By St. Boogar waiting at the backside door of purgatory, I have had way to many issues with this "gaming" PC. When I initially ordered this last november the mobo fried within 5 days of use. I don't even bother overclocking things. TLDR: I am frustrated by this recuring issue, Please help. 

A:hp envy phoenix 810 st won't boot

Hello @mosferatu333, Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More. I have read your post on how your desktop computer is not able to boot, and I would be happy to assist you in this matter! To correct this issue, I recommend following the steps in this document on Computer Does Not Start (Windows 8). This should help to power on your computer again. If the issue continues, please contact our technical support by clicking the link below to get the support number for your region.www.hp.com/contacthp/I hope this helps!Regards

http://h30434.www3.hp.com/t5/Desktop-Software-and-How-To-Questions/hp-envy-phoenix-810-st-won-t-boot/td-p/5119539
Relevancy 76.11%

Unboxed it. Plugged everything in. Turned it on. The machine crashed several times within a few minutes. Take your pick from "System Thread Exception", "System Service Exception", "Kernel security check failure", "DPC Watchdog Violation", "Kmode exception not handled" and "Windows hasn't loaded correctly". It must have crashed 30 times within the first hour. I reinstalled Windows from the machine and... it all happened all over again. Clearly no one in the factory quality controlled this machine. Shameful from a brand like HP. Has anyone else experienced this problem?

http://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/HP-Envy-Phoenix-a-nighmare/td-p/5750611
Relevancy 76.11%

Purchased program and wrote data down, instead of typing, now do not know if capitals or "0" or "o" or "O" in key and username . Could someone pleaseeeeeeee help?

John

A:Re Stellar Phoenix Username and key

Hi and Welcome to TSF!

Just try both when typing the key.

http://www.techsupportforum.com/forums/f217/re-stellar-phoenix-username-and-key-880137.html
Relevancy 76.11%

Where can I find a BIOS update for Phoenix Industries? The system is a HP Pavilion 8490.
 

A:Bios Update for Phoenix

Don't know which bios date you have but here is the last one from hp for that machine

http://h20015.www2.hp.com/en/softwa...m=OS Independent&sw_lang=en&pagetype=software
 

https://forums.techguy.org/threads/bios-update-for-phoenix.205947/
Relevancy 76.11%

im about to reinstall windows XP but i get a message saying

"Setup did not find any hard disk drives installed in your computer. Make sure any hard disk drives are powered on and properly connected to your computer, and that any disk-related hardware configuration is correct. This may involve running a manufacturer-supplied diagnostic or setup program. Setup cannot continue. To quit Setup, press F3."

I had such troubles once before on my dell but was able to change some loading option in my BIOS and it worked perfectly... but this is a HP Presario v6000 and the BIOS menu is different... i think it is a PhoenixBIOS (version "f.06"....

anyone have any helpful hints as to how to navigate this bios menu and change what is necesary to get the windows CD to install?
EDIT - website that helped me b4 is "http://www.techspot.com/vb/topic18329.html"

A:Reinstalling Xp... Phoenix Bios?

If you have a SATA hard drive, please read on:

This is typically caused by having the hard disk controller option set to AHCI instead of ATA in the bios so you have two choices:

Go into the bios and change that option from AHCI to ATA, reboot, and your hard drives should be found.

OR

Download the AHCI drivers for your mobo and place them on a floppy. Once done, press F6 when prompted during the install process to load the AHCI drivers. Your hard drive will then be found later in the process.

Most people will opt to do the simple switch to ATA even though a few functions like NCQ and Raid become unavailable; however, your system should run fine in the ATA mode. Let us know.

http://www.bleepingcomputer.com/forums/t/135641/reinstalling-xp-phoenix-bios/
Relevancy 76.11%

Hi, I have recently purchased a customized Phoenix 850 qe desktop from HP. The only problem I have is that the fan noise from the PC is too annoying. Is there any way I can solve this problem? Thanks ! Sincerely,Peter

http://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/Too-much-fan-noise-from-HP-Phoenix-850qe/td-p/5666771
Relevancy 76.11%

hey can someone help me find out how to use phoenix bios editor... ive looked on google and cant find nothin but ****.

thanks

A:phoenix bios editor

Sorry, as I understand it, that's proprietary to the Phoenix manufacturer.
If you're entitled to use it, the Phoenix people will provide assistance.
If not, then we can't help with pirated software.

http://www.vistax64.com/general-discussion/276971-phoenix-bios-editor.html
Relevancy 76.11%

WHAT should I do I am on the Phoenix secure core(to)setup utility and what t item in boot order I should I pick

A:phoenix securecore{tm}set up utility

phoenix securecore setup utilityhttps://www.google.com.au/webhp?hl=...

http://www.computing.net/answers/windows-7/phoenix-securecoretmset-up-utility/19469.html
Relevancy 76.11%

Hi all, I was wondering if someone could help me out here. Im running XP and my BIOS is Phoenix technologies 6. When I try to boot up I get a blank screen, one long beep and two short beeps from the internal speaker and nothing else. I persisted with trying the startup and it works maybe one in twenty times so I have extremely limited access to my PC. Can someone advise me as to the best way to fix this up?

Thanks for hearing me out, hope someone has some info

PS
 

A:Phoenix V6 BIOS, cant startup XP!!! help please

Hello and welcome to Techspot.

Check out the meaning of your beeps HERE

Regards Howard :wave: :wave:
 

http://www.techspot.com/community/topics/phoenix-v6-bios-cant-startup-xp-help-please.38014/
Relevancy 76.11%

I have windows xp and avg and I have Phoenix exploit kit. Can anyone help me get rid of it

A:Phoenix expoit Trouble

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

http://www.bleepingcomputer.com/forums/t/371620/phoenix-expoit-trouble/
Relevancy 76.11%

Can I fit an M2 SSD drive if I remove the WLAN/Bluetooth adapter? how many M2 Slots are there and where are they on the motherboard? any mSata slots by any chance? Thank youHolger

A:HP Phoenix 860-180st M2 drive?

Hi there @hbaeuerle?Welcome to the HP Support Forums! It is a great place to find the help you need, from other users, HP experts and other support personnel. I understand that you are looking for information on how many M2 slots are available on the motherboard of your system. I am happy to help with this. See the section on the Expansion slots for your motherboard:HP and Compaq Desktop PCs - motherboard specifications, Thimphu It shows the following slots in the board, which may already be used, but it seems there are two of them.One M.2 socket 1, key AOne M.2 socket 3, key MI hope this helps, and if this answers your concern, please mark this post as a solution.

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/HP-Phoenix-860-180st-M2-drive/td-p/5353081
Relevancy 76.11%

My less than one year Phoenix was working properly, but this morning after I woke up I cannot fire it up. I pressed the power switch but nothing happened. No sound of hard drive nor fan. The green like on the back of tower was solid when power cable was plugged in. It would turn off in couple seconds after the power cable is detached. I have read through the forum and most of people's problem was with the PSU or MB. Any idea what could be the problem in my case? Or anywhere I can go to have someone troubleshoot my PC for me?

http://h30434.www3.hp.com/t5/Desktop-Boot-and-Lockup/HP-Phoenix-doesn-t-power-up/td-p/5617745
Relevancy 76.11%

i believe my bios chip is faulty, it has intermittent problems when it boots. and even if i change the bios setting it is not stored it goes back to the default settings. i have replace the battery already and no change i have even try resetting the bios. and i have problems obtaining a chip
 

http://www.techspot.com/community/topics/phoenix-bios-d686.80963/
Relevancy 76.11%

System: Dell with Phoenix BIOS 4.0

This is the POST code:

C0 Try to boot with Int 19
The system boots OK, but I noticed this before doing a burn-in (it's a used system I want to resell).

Any ideas? Thanks in advance.
 

A:Error C0 Phoenix BIOS

This may give you some information on INT 19, although I'm not sure why you are getting the error. Maybe this will bump your post for someone who knows the answer.

http://www.oberon.ethz.ch/bootstrap.html
 

https://forums.techguy.org/threads/error-c0-phoenix-bios.284254/
Relevancy 76.11%

I using laptop Compaq v3203TU and windows Vista. Then i update my bios using file i download from hp website.. This file "WinFlash for HP Notebook System BIOS (for Notebooks with IntelProcessors) - Microsoft Windows/Vista-Based". But after i update then when restart it show this in screen "BOOTMGR is compressed. Press Ctrl + Alt + Del to restart.. Then i go to bios, it want me to enter the password.. Who know the password? Or anything that i can solve this problem.. Please help..
 

A:Phoenix Bios Password

Compaq tech support is very helpful. I assume you are still under warranty if you are using VISTA.
 

http://www.techspot.com/community/topics/phoenix-bios-password.85359/
Relevancy 76.11%

I have recently acquired a Phoenix board with Award bios and none of my components work with the board. When I called the Award team, I was informed that the reason is because the components are too new for the board and the IRQ's are not being assigned correctly. I was then told that the only way I could fix this problem was to pay $60 for the bios update. This board was designed for an AMD XP 1500+. Now this seems to me that a board that new should be able to recognize newer components. Also, is that pretty standard that you have to pay for a bios upgrade or do most companies fairly let you upgrade for free for buying their product? Is this my only option?
 

Relevancy 76.11%

I am building a clunker for a friend out of mostly spare parts. M/B is nearly new Winfast K7S, and the ram is 512 legend.,winXP Seagate 13g [ya I know], but its only for Internet and word processing. Done a Seagate test on the HDD. All ok. But when you start it wont detect the Seagate on its own. Go to bios and detects fine then boots up. I seem to think that it needs more time to detect it. But cannot find any setting in bios to do this,
any help would be great
 

A:bios settings Phoenix

Ive had some probs with older seagate drives, for some reason they do not always like to be set as master or slave, sometimes they are only happy with cable select. Dont ask me why.
Try different jumper settings
 

https://forums.techguy.org/threads/bios-settings-phoenix.415766/
Relevancy 76.11%

That is the bios I have for an old P3 CPU. I can get F8 to get me into safemode, but I do not know the key combo for selecting boot menu. I have tried F2, 10, and 12. Esc does nothign, and Del sends me to the setup where I have the CD rom to first, then HDD. I have my Win XP cd in the drive, but it STILL goes to HDD. Anyone could help me I would appreciate it
 

A:Dell Phoenix A07 BIOS

are u trying to reinstall windows xp? to reinstall on a dell u put the cd in reboot and when u see the dell screen u should see f12 for boot menu. the correct order is boot from the cd first.when u see the dell screen keep tapping f12 and then u should see a black screen with a blinking cursor that says hit any key to boot from a cd. hit enter and then u should see windows installing. just follow the directions and go from there. f2 on a dell computer takes u into the bios.u shouldnt need to change the bios if it has xp already in it. hope this helps u.
 

https://forums.techguy.org/threads/dell-phoenix-a07-bios.866599/
Relevancy 76.11%

I want to upgrade my 960 card to a GTX 1060 3/6gb version. Will it fit into the HP envy phoenix case?

http://h30434.www3.hp.com/t5/Notebook-Hardware-and-Upgrade-Questions/Upgrading-the-HP-ENVY-Phoenix/td-p/5854694
Relevancy 76.11%

I ordered a new HP Envy Phoenix 860st yesterday and was wondering if anyone else has taken the plunge on this same model? This will be my first HP after 15+ years of buying Dell computers. I actually looked at Dell but they offered almost zero customization to their XPS line. Anyhow, I'm just curious to hear from others who also purchased this model. Good, bad or indifferent. I should mention my current PC is a Dell XPS running Windows Vista and it has been 8 years since my last upgrade. However, I have upgraded my previous PC with a newer graphics card, SSD drive and maxed out the RAM. This was all in an attempt to squeeze as much life out of it as possible, but unfortunately the time has come to move on from it. Feel free to drop a note on your experience and any caveats.Thanks!

A:Envy Phoenix 860st

@Mr_Blue_860st? Welcome to the HP Forum. HP doesn?t have an official presence on this forum other than for administration and moderation. The assistance that you receive is mainly from volunteers. The HP 860st has some excellent specifications and configuration options.   I hope that you bought the model that is on sale. 

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/Envy-Phoenix-860st/td-p/5355121
Relevancy 76.11%

Hello nbsp months ago I bought a HP envy Phoenix I think it's the Just a few days ago i started having problems with it When i start gaming after Phoenix GPU overheat, fan working not HP min - my monitor will display a black screen and say no input signal The CPU keeps running but i still have to shut down the computer with the powerbutton in order to get my screen back nbsp There is nothing wrong with the monitor or the HDMI cable Searched for HP Phoenix GPU overheat, fan not working the problem a bit and found out my GTX gpu is overheating It HP Phoenix GPU overheat, fan not working gets up to degrees before shutting down So i opend up the desktop and found out my fan is not working There is nothing blocking the fan because i am able to spin it manually Furthermore when trying to activate the fan with MSI overheat software the fan is unable to start I put it at but the RPM stays at nbsp nbsp When the desktop was open I was able to notice that the fan is actually trying or something like that The fan moves just a tiny bit but falls back to it's original posistion This happens every seconds or so It's like it doesn't get enough power to make the fan spin or only gets power for second and then stops for seconds nbsp Is there any solution to this problem I never overclocked my GPU or tryed to do anything with it because i don't know much about it nbsp Hope it's just a software error updating drivers for GTX didn't help nbsp Kind regards and really looking forward for any help nbsp LaurensDev nbsp nbsp

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/HP-Phoenix-GPU-overheat-fan-not-working/td-p/5680856
Relevancy 76.11%

Hi
can anyone tell me how to get the BIOS to boot from USB?
it dosent seem to show the setting for it and it wont boot from CD
i just get the message "cant find operating system"
i not that clued up on BIOS
thanks J
 

Relevancy 75.25%

just got this game for pc , installed it and when i go to play it it comes up with a message saying A required security module cannot be activated this program cannot be executed (7001). My computer is more than capable of just running this game and its brand new out the box from the Shop. Any ideas??? Im quite annoyed really i dont mind if its my computer but when it blatantly wont work for no reason its very annoying.
 

Relevancy 75.25%

Bought this PC from BestBuy Intel Core i - GB Ram GB SSD TB HDDNVIDIA GeForce ENVY Upgrade 860-019 HP Question GPU Phoenix GTX GB GPU nbsp I was curious to know if I can fit the Zotac GTX Mini GB in this PC nbsp the one marketed as HP ENVY Phoenix 860-019 GPU Upgrade Question being 'Super Compact' nbsp Specifically I wanted to know if nbsp The GTX mini would fit in terms of size AND If it is compatible with the case board I'm not too knowledgable in this area but I think there's ATX cases HP ENVY Phoenix 860-019 GPU Upgrade Question and some other types of cases nbsp Please feel free to add any other info you think could be crucial before HP ENVY Phoenix 860-019 GPU Upgrade Question I buy the card itself nbsp From my research into this the stock PSU W should be sufficient to accomodate this card so I probably won't have to change anything other than the card itself please advise if incorrect nbsp Based on the size dimensions provided on HP's website for this PC it seems that GTX Mini is also the same size more or less stock being x and the GTX mini being x from retailer's website nbsp Thank You

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/HP-ENVY-Phoenix-860-019-GPU-Upgrade-Question/td-p/5789428
Relevancy 75.25%

I seem to be having loading issues it loads all the way then i cant get the game. All my other games work just fine. Does anyone have the same problem or could it just be my computer?
 

A:Harry potter and the order of the phoenix

Harry potter and the order of the phoenix is garbage. I bought mine $50 and it couldn't even install proply, contacted there tech support after 3 weeks of emailing them they just ignored me and never replied. I returned my game for a refund and they couldn't let me refund it.
 

https://forums.techguy.org/threads/harry-potter-and-the-order-of-the-phoenix.933420/
Relevancy 75.25%

The LED lights on the front of my HP Envy Phoenix 860 only change colors in Red and Green even if those colors are not any of the 4 colors I have chosen in the HP Phoenix Control software.  There are no settings or other menus in the Phoenix Control software.  Just the 4 different modes.  Trying each mode the colors never change to anything but Red and Green.  Turining it off and back on has makes no difference either.   Based upon the Programs and Features area the version of HP Phoenix Control software that came installed on my computer is 1.1.1. I know Christmas is coming up but only Red and Green all the time is gonna get old. Thanks for your help. Scott

A:HP Phoenix Control for LED Lights on Envy 860

Hello @Scott1515?, Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums, I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More. I read your post about the LED lights, and wanted to assist you! To start, can you provide me with teh Product Number of the desktop?  Here is a link you can use that will help you find your Model and Product Number:How Do I Find My Model Number or Product Number? In the meantime, have you tried using the HP Support Assistant, to check for updated drivers?  Did you always have this issue, or did it just start to happen recently?  Looking forward to your reply. Have a great day!

http://h30434.www3.hp.com/t5/Desktop-Software-and-How-To-Questions/HP-Phoenix-Control-for-LED-Lights-on-Envy-860/td-p/5369299
Relevancy 75.25%

Stumped. Need help removing this trojan:

joaquin phoenix
 

Relevancy 75.25%

I have a Windows system that is experiencing occasional redirects They occur whenever IE or Firefox is running Norton Internet Security logs intrusion attempts about every - seconds whenever a browser is open The details of the logs report the originating IP is that of the PC in question and list the executable of the browser in use They also list long cryptic URLs in various foreign top level domains I have scanned with Norton Eraser Spybot S amp D and Malwarebytes with no results I ran HJT and here s the log if someone could analyze it for me I would appreciate it Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows WinNT MSIE Internet Explorer log HJT Phoenix - posted Activity Toolkit 1 v Boot mode Normal Running processes C Program Files Norton Internet Security Engine ccSvcHst exe C Windows system Phoenix Toolkit Activity 1 - HJT log posted taskeng exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files IObit Advanced SystemCare AWC exe C teamup download tudlsched exe C Program Files Java jre bin jusched exe C Program Files Analog Devices Core smax pnp exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Analog Devices SoundMAX SoundMAX exe C Program Files Intel Intel Desktop Utilities iptray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Users Pete Bluebirds BlueBirds exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files OpenOffice org program soffice exe C Program Files OpenOffice org program soffice bin C Program Files HP Digital Imaging bin hpqSTE exe C Program Files HP Digital Imaging bin hpqbam exe C Program Files HP Phoenix Toolkit Activity 1 - HJT log posted Digital Imaging bin hpqgpc exe C Program Files Mozilla Firefox firefox exe C Program Files HP Digital Imaging smart web printing hpswp clipbook exe C Program Files Java jre bin jucheck exe C Windows system wuauclt exe C Program Files Mozilla Firefox plugin-container exe C PROGRA Java jre bin jp launcher exe C Program Files Java jre bin java exe C Windows system conhost exe C Windows system SearchFilterHost exe C Users Pete Downloads HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www google fr cse cx partner-pub- s rnojdkqis amp ie ISO- - amp q amp sa Rechercher R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO no name - D -C F - efb- B - ECA - no file O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files HP Digital Imaging Smart Web Printing hpswp printenhancer dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO T QP - F CD- B D- BD-B -D AB F D C - C Program Files IEToolbar Google Toolbar frame search dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Symantec NCO BHO - ADB E- AFF- - AA - DAC DFA - C Program Files Norton Internet Security Engine coIEPlg dll O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C Program Files Norton Internet Security Engine IPS IPSBHO DLL O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O ... Read more

A:Phoenix Toolkit Activity 1 - HJT log posted

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Rootkit UnHooker (RkU)Please download Rootkit Unhooker from one of the following links and save it to your desktop.Link 1 (.exe file)Link 2 (zipped file)Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.Click the Report tab, then click Scan.Check Drivers, Stealth, and uncheck the rest.Click OK.Wait until it's finished and then go to File > Save Report.Save the report to your Desktop.Copy and paste the contents of the report into your next reply.-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply her... Read more

http://www.bleepingcomputer.com/forums/t/386446/phoenix-toolkit-activity-1-hjt-log-posted/
Relevancy 75.25%

TechSupport I have done nearly everything with the University of Phoenix UOP Technical Support to try to fix a very interesting probelm that may be related to malware etc When I try to access the UOP Student Page ecampus phoenix edu my browser stalls and finally displays a message that states page not available Home to University Cannot of Phoenix Get Page before this happens I see the browaers trying to access what I believe to be ak imgfam com images cahce or words to that effct The URL flashes too quickly to capture exactly My research led me to this site for help I use WIndows Vista Ultimate IE- and Norton Internet Security I have tried all types of solutions related to browswer settings loading Mozilla Firefox SSL changes etc but no joy This is the Cannot Get to University of Phoenix Home Page only site I have probelms with that I know of I have no issue with other secure sites My HJT file is presented below I would sincerely aprpeciate help with this issue Thank you Logfile of HijackThis v Scan saved at AM on Platform Unknown Windows WinNT MSIE Internet Explorer v Running processes C Windows system Dwm exe C Windows Explorer EXE C Program Files Adobe Acrobat Distillr AcroTray exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files SetPoint LBTWiz exe C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files Pure Networks Network Magic nmapp exe C Windows system taskeng exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Windows Sidebar sidebar exe C Program Files CleanMyPC Registry Cleaner RCHelper exe C Program Files Windows Media Player wmpnscfg exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files SetPoint SetPoint exe C Program Files Windows Home Server WHSTrayApp exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files Internet Explorer ieuser exe C Program Files Common Files Real Update OB realsched exe C Program Files Internet Explorer iexplore exe C Users Daryl Caudle AppData Local Microsoft Windows Temporary Internet Files Content IE AX UK S Windows-KB -V exe C Program Files Internet Explorer iexplore exe C Users Daryl Caudle Desktop HijackThis exe C Windows system DllHost exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DE R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http dell myway com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dll O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe deSrcAs dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO BrowserHelper Class - A C - EE - DDD- -F A A - C Program Files Windows Home Server WHSDeskBands dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Adobe PDF Conversion Toolbar Hel... Read more

http://www.techsupportforum.com/forums/f284/cannot-get-to-university-of-phoenix-home-page-150601.html
Relevancy 75.25%

I adware IE Phoenix plugin Keylogger and ran Spyware Doctor on this Dell laptop and was informed about Phoenix Keylogger Phoenix Keylogger and adware IE plugin and adware IE plugins running on this machine Here is a HJT log This is my first posting and I apologize for any mistakes in advance Do you have a listing anyware of good and bad things to have in your HJT logs It would be a great help to me Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Phoenix Keylogger and adware IE plugin Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS System winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Broadcom ASFIPMon AsfIpMon exe C Program Files McAfee Managed VirusScan VScan EngineServer exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system PDFCreatorMessages exe c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system StacSV exe C WINDOWS system svchost exe C Program Files NTRU Cryptosystems NTRU TCG Software Stack bin tcsd win exe C WINDOWS system dllhost exe C WINDOWS system SearchIndexer exe C WINDOWS system dllhost exe C WINDOWS system spool drivers w x HPBPRO EXE C WINDOWS system spool drivers w x HPBOID EXE C WINDOWS System alg exe C WINDOWS system msdtc exe C WINDOWS System Ati evxx exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C Program Files Wave Systems Corp Services Manager DocMgr bin docmgr exe C WINDOWS system WLTRAY exe C WINDOWS system KADxMain exe C Program Files OpenVPN bin openvpn-gui exe C Program Files Dell Support DSAgnt exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C PROGRA McAfee MANAGE VScan McShield exe C Program Files McAfee Managed VirusScan Agent myAgttry exe C Program Files McAfee Managed VirusScan Agent HtmlDlg Exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsSvc exe C Program Files Spyware Doctor pctsTray exe C WINDOWS system dwwin exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar m... Read more

A:Phoenix Keylogger and adware IE plugin

Too late. My maching has progressed on to "fonts messed up" post.
 

https://forums.techguy.org/threads/phoenix-keylogger-and-adware-ie-plugin.793808/
Relevancy 75.25%

Hello nbsp nbsp My custom built HP Envy Phoenix Desktop was shipped to me about three weeks ago nbsp All has been running smoothly however days ago a rattle started in the tower and continues most of the time the computer is on nbsp It kind of sounds like a CPU unit running loudly nbsp I'm not sure if it's the water cooled fan or something loose nbsp It is not being caused by the air fan towards the top of the computer the noise comes from the bottom portion of the new noise Phoenix Envy Rattling HP in tower I have not opened the tower to look for anything loose as I do not want to void the warranty nbsp nbsp nbsp I figure if I call HP they are going to tell me to nbsp box up the tower send it to them and I won't see it for Rattling noise in new HP Envy Phoenix a few weeks which is really irritating after transferring everything over to the new computer and using it daily now nbsp Does anyone think this could be a simple screw loose that I should open the tower nbsp I took a breif video of the noise but nbsp do not know how to embed it in this message or attach a link nbsp Thanks in advance for anyone's opinion out there nbsp nbsp nbsp

A:Rattling noise in new HP Envy Phoenix

Hi mate! If I was u IŽll send it back soo the can fix it dont open... its my opinon... Best regards Ozzy




Best regardsOzzy

http://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/Rattling-noise-in-new-HP-Envy-Phoenix/td-p/5519269
Relevancy 75.25%

Hello I am considering an Hp Envy Phoenix 860-010 And would like to run Windows 7 ultimate and Linux mint on it and can't seem to find out if this is possible.
 
I would appreciate any input.
Thanks

A:Hp Envy Phoenix 860-010 runing win7

Well I answered my own Question. I went on the HP web site and found win 7 drivers for this machine.
 
How do I close this thread?

http://www.bleepingcomputer.com/forums/t/619736/hp-envy-phoenix-860-010-runing-win7/
Relevancy 75.25%

Dear Friends ,
i cleaned up my pc my self byhand after re assembling when i start it it displays a black screen "phoenix award bios ...."
contains all the system informations and ask to press F1 to contineu and DEL to enter the setup. after press F1 it starts normaly , before cleaning there nothing like this screen. my pc was starting normaly without any welcom or this type of screen.
help me to bypass or hide this screen . it comes each time when i start my pc or reboot.

My system infos are as follows ;
OS - win xp pro
vesion - 5.1.2600 service pack 3
pc manufacturers - LG computers
x-86 family 15 model 4 stepping 9 genuine intel
3060mhz
bios version date - phoenix technoligies ltd. 6.00 3/24/2006
sm bios 2.3
RAM 512 mb

A:Phoenix award screen at startup

There is usually more to it then just, Hit F1.

Generally if a device is missing such as floppy drive, it will ask you to hit F1.

Look for any more information, and if it mentions floppy drive, go into your bios and disable the floppy drive, unless you do have a floppy drive, in that case, a plug or cable may be loose/unplugged.

http://www.techsupportforum.com/forums/f10/phoenix-award-screen-at-startup-477051.html
Relevancy 75.25%

I turn on the defrag and Optimized my c drive as you advised me but my question is also are there other changes I might need to change to get more speed out of this SSD drive?  My PC had Windows 8.1 Pro when I first got it and here on the HP support Form I found a list of steps to change, but I have not found this list in my files yet. Are you saying that Windows 10 has been changed in this issue that it makes all changes from a standard drive to a SSD drive,so we don't need to do anything?Thank You for your Help...Dan

A:HP ENVY Phoenix Desktop - 860-180st CTO

Cranky_Eagle YES -- Win10 knows when the OS is running on an SSD and already has built-in the functions it needs to work effectively with an SSD.  There is nothing you need to do. I've been running Win10 on an SSD and never had to do anything to get it to work properly.Good Luck 

http://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/HP-ENVY-Phoenix-Desktop-860-180st-CTO/td-p/5768497
Relevancy 75.25%

I can play game, but I don`t see any text in menu. I can save, quit etc by blind pressing around, but i don`t see what I`m actually doing. I see just background and cursor.
 

https://forums.techguy.org/threads/hp-and-order-of-phoenix-no-text-in-menu.739267/
Relevancy 75.25%

Hello all.  I recently bought an Nvida 1060 to replace my old GTX 680.  No problem knowning to to swap out the cards in general, but there was this metal support on the old graphics card as well as holding the wiring together on top of it.  I'm curious if any other 1440 owners have dealt with this.  Did you leave it in?  How do I take it out if I can? There is not a single youtube video or support video of anyone with this model number!  Appreciate all of your help.  To clarify; this isnt the bar that goes across some HP envy models that you can see in the tutorial videos.

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/hp-envy-phoenix-h9-1440-GPU-Swap/td-p/5754922
Relevancy 75.25%

Here is the deal i have the game Harry Potter And The Order Of The Phoenix for PC, and i installed it. it worked perfectly. then i uninstalled it. after a couple of months i tried to reinstall it, but before even a black screen an error report would come up that said hp.exe has encountered an error, send error report? then i ried to reinstall it again, same problem. i tried a different disc, same problem! what should i do? i have already manually installed, help me!
 

Relevancy 75.25%

I wonder if i can fit the new nvidia gtx 1070 , on this HP ENVY Phoenix 810-430QEand if i need to upgrade the power supply aswell i am looking for this cardhttps://www.amazon.com/gp/product/B01H0WU884  rigth now i have the version with the gtx745

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/can-i-fit-the-new-gtx-1070-on-a-HP-ENVY-Phoenix-810-430QE/td-p/5659102
Relevancy 75.25%

I've been considering buying the HP Envy Phoenix - I don't like buying a pc over the internet though I am finding it impossible to find this model anywhere in my Province at retail stores like Best Buy Staples etc they have them online as well but don't carry the lastest models in-store anymore This Desktop HP Phoenix 860st ENVY has been ongoing for a long while HP ENVY Phoenix 860st Desktop nbsp I also noticed the price increased recently by Canadian at HP Canada amp online at other stores which seems odd for what now isn't HP's latest This brings me to another question nbsp I see that HP in the U S has a model I would prefer buying it's the Envy Phoenix st I'm able to select larger hdd's Cpu etc Why is HP not making this available in Canada nbsp Personally I think HP is making a mistake I'm not buying the Envy - but would buy the st if it were available here nbsp I'm likely to have a local shop build one to my specs instead which I've done a couple of times in the past nbsp Using pc's since First pc bought Every day I'm still learning new things about computing

A:HP ENVY Phoenix 860st Desktop

This is a peer to peer help forum. The only presence that HP has on it are the Admins and the Mods. Otherwise, none of us works for HP. I have a HP Phoenix 860-170VR (you can review the specs) that has similar specs to the 860-019.  In fact, it has a HDD instead of a SSD.  It is a very nice computer with good system performance.  HP has loaned it to me so I can help members with their problems.  I wouldn't hesitate to buy the 019. Please click the Thumbs up + button if I have helped you and click Accept as Solution if your problem is solved.  

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/HP-ENVY-Phoenix-860st-Desktop/td-p/5587644
Relevancy 75.25%

HelloI need HW detailed manualfor my HP Envy Phoenix 860-112nfI need some information as:- What kind of memory module is necessary to upgrade to 16 GB ?- which USB ports are 2.0 or 3.0- is there a IDE port to connect old hard disk coming from my failed PC ?Very surprised that HP Envy Phoenix 860-112nf comes without documentation, not even available on HP site ...

http://h30434.www3.hp.com/t5/Desktop-Hardware-and-Upgrade-Questions/HW-information-for-HP-Envy-Phoenix-860-112nf/td-p/5612672