PhilliePhan

[QUOTE=carlstone;1040587]Hi, this is my first post so please be patient if it get this wrong!! I keep getting a pop-up window quoting MD5| and then a string of numbers but with a different url in the top of the window each time. I recently got sent a load of messages …

[QUOTE=dmember;1040238]Is it a trojan or ?? and should I remove it?[/QUOTE] Probably - Please do the following: Please download [url=http://www.besttechie.net/tools/mbam-setup.exe][color=Green][b]Malwarebytes' Anti-Malware (MBA-M)[/b][/color][/url] to your Desktop. [INDENT][list][*]DoubleClick [b]mbam-setup.exe[/b] and follow the prompts to install MBA-M. [*]Be sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then …

-- Do you have a flash drive to transfer tools and scanlogs between computers? -- Can you get a command prompt on ill machine? START > RUN > type cmd > OK or START > RUN > type command.com > OK Let me know. PP :)

[QUOTE=techchic;1031730]HELP....I need suggestions.[/QUOTE] Honestly, I would need to see a scanlog or two from the combofix runs. Too many different possibilities to speculate.... Lots of nasties with rootkit components these days - that makes them hard to kill and easy to spread. If you could post a few logs from …

I am not clear as to what your problem is. Let's go ahead and do this: Please download [url= http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][color=Green][b]Malwarebytes' Anti-Malware (MBA-M)[/b][/color][/url] to your Desktop. [INDENT][list][*]DoubleClick [b]mbam-setup.exe[/b] and follow the prompts to install MBA-M. [*]Be sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then …

[QUOTE=dR Occam;1029373]I also forgot to mention that I tried to do a system restore to resolve the issue and got an error that it could not be done with multiple restore points.[/QUOTE] Update your MBAM via the "Update" Tab and run it again and post me the log. [B]REBOOT[/B] and …

[QUOTE=Alex91;1029983]Does anybody know smth about it??? Wright me here please![/QUOTE] Google it - see what the AV sites have to say about it. Are you infected with it? If so, let us know and we can advise you further. PP :)

[QUOTE=ckoigi;1029466]my computers internet browser has been hacked by blaze 2008 what is the solution for this malware attack .[/QUOTE] It's probably not much of a "malware attack." Most likely a simple script running, but let's have a closer look just to be certain: Please download [url= http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][color=Green][b]Malwarebytes' Anti-Malware (MBA-M)[/b][/color][/url] to …

[QUOTE=bwanajim;1028854]whenever i open the internet a caption at the end of the e icon appears thus;- Hacked by sam 2008-feb-14 . please help me on how to remove it since my anti virus and spyware are not equal to the task.[/QUOTE] Please download [url= http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button][color=Green][b]Malwarebytes' Anti-Malware (MBA-M)[/b][/color][/url] to your Desktop. …

[QUOTE=sheetalme;1028140]please help what sholud i do now....[/QUOTE] Please understand that this forum, as with the majority of Security Forums, is "staffed" by volunteers who donate a bit of their free time to helping others. Most of these forums have few regular volunteers and are swamped with requests for help. Please …

[QUOTE=Asezat;1017252] The computer itself has been slowed down by this to such a degree that it's essentially non-functional. It takes almost 10 minutes to boot up. More irritating, however, is that it's now completely unable to open any exe files, at all.. . . .[/QUOTE] Are you able to access …

[QUOTE=firebat757;1025828] Any advice would be helpful. Also, any files I can delete to allow my computer to run better would also be helpful. This is my HJT report. [/QUOTE] You are using an outdated version of HijackThis. You should delete it. No need for new version at this time. --- …

[QUOTE=fordnatic;1023781]Its a fairly new unit, bought it a year ago with xp on it. Im not sure how it did it, wont let me access any quickbooks files or any valuable info. eliminated my lower taskbar so i cannot access my comp or control panel seems like any exe files …

[QUOTE=RocRizzo;1023195]I came across this on one of the laptops that I have to support, and after multiple scans with different software, and about a half day's worth of work, my only option was to back up the user's data, and recreate the system from an image that we have archived. …

[QUOTE=alexandervr;1011894]I cannot even start in safe mode with command prompt. it auto-resets aswell.[/QUOTE] You ought to try [URL="http://trinityhome.org/Home/index.php?wpid=1&front_id=12"][B]Trinity Rescue Kit[/B][/URL]. Similar to recovery console, only with a boatload more options. Best Luck :) PP

[QUOTE=cohen;1021095]There are a lot things starting up when you logging. Follow [url]http://netsquirrel.com/msconfig/index.html[/url] and disable things that are not needed.[/QUOTE] msconfig is a diagnostic utility and not a startup manager :) It should not be used as such - there are better ways to deal with these, but probably best to …

[QUOTE=mhammond76;1016978] Should I unblock and run it anyway?[/QUOTE] Yes - we wouldn't have you download malware.... :) -- A lot of legitimate tools these days tend to get flagged by AV. You are right to be vigilant. I guess it all depends on whether you can trust the advisor and …

Let's try this: If you already have[B] Combofix [/B]on your machine, [B]DELETE[/B] it. Then follow the instructions in the link below to download a [I]fresh copy [/I] of Combofix and run it: [B][url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url][/B] [B][I]What I want you to do, though, is this:[/I][/B] When you download it and it asks you …

[QUOTE=ember16;1011125]My computer is completely locked up. I can't even get in Safe Mode. What can I do to bypass this, so I can delete it?[/QUOTE] If nothing works and you are completely locked out, try [URL="http://trinityhome.org/Home/index.php?wpid=1&front_id=12"][B]Trinity Rescue Kit[/B][/URL] Best Luck :) pp

[QUOTE=Zandermander;1014813] Any help would be great! [/QUOTE] -- What is your OS? -- Do other programs work OK or do they shut down too? PP :)

[QUOTE=aljohno;1012283] Can some one please help!![/QUOTE] Let's have a quick look to see what we are dealing with: Please download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1908&d=1255304976"][B]FindWPP.zip[/B][/URL] and RightClick on FindWPP.zip and [I]Extract [/I] the FindWPP folder to your Desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] - DoubleClick it and let it run for as …

[QUOTE=Freakedout;1012143]How can I remove or detect the virus from different drives...? I have attached the Hijackthis log for your reference.Let me know if aany more info is needed.Please help me..[/QUOTE] Do steps [B]#8 & #9[/B] in the linky below and post the logs: [B][url]http://www.daniweb.com/forums/thread134865.html[/url][/B] Do the Full Scan with [B]MBAM[/B] …

[QUOTE=oldmantoo49;1011322]trie all this and nothing worked[/QUOTE] It is unlikely that you would have the same malware as a poster from 5 years ago. Please start a new thread for your problem and give us more information as to what is wrong and what you have tried so far to remedy …

[QUOTE=Nance23;1009643] So help me! :) -Nancy V[/QUOTE] Hi Nancy, It sounds as though you have a variant of a particularly nasty piece of malware that has been making the rounds lately. You should keep this computer offline as much as possible until it is clean - once this malware gets …

[QUOTE=crunchie;1010585]What do you advise when tracking cookies get installed?[/QUOTE] :D

[QUOTE=falcon802;1006078]My computer hardly responds.[/QUOTE] Are you able to run your MBAM? If so, update it and run the [I]Quick Scan [/I]and have it [B]remove what it finds[/B] and post the log. Cheers :) PP

[QUOTE=lor231;1007714]I'm so confused and I don't know what to do..[/QUOTE] Are you able to run MBAM as per step 8 in the linky below? [url]http://www.daniweb.com/forums/thread134865.html[/url] [B]If you can, do that and post the log.[/B] [B]THEN:[/B] -- Download [URL="http://download.bleepingcomputer.com/sUBs/dds.scr"][B]DDS by sUBs[/B][/URL] and save it to your [B]Desktop[/B] -- If your AV …

[QUOTE=Kenney;999207]If someone knows of any possible solutions, I would greatly appreciate it if you let me know. [/QUOTE] Hi Kenney, If you are able, please follow [B]step 8 [/B]in the linky below to run [B]MBA-M [/B]and have it[I] Remove[/I] what it finds. If it runs, post the log. [B][url]http://www.daniweb.com/forums/thread134865.html[/url] Should …

[QUOTE=zeroows;1006333]Is Yahoo! mail is infected? [/QUOTE] This could very well be a False Positive . . . . Or a new malware threat. Since this is a "heuristic" detection, your AV is flagging it because it demonstrates similarities and characteristics common to malware. I suggest you have your AV block …

[QUOTE=karg;966535]Hello, I am new to Daniweb - apologies if I am wrong to say this, had something similar posted myself a few days ago and it turned out to be my keyboard.[/QUOTE] No - You're fine to post that. After all, they linked to your thread, so probably a good …

[QUOTE=majestic0110;1001456] I am fairly certain at this stage that its a F.P.[/QUOTE] It is. Update your MBAM to database version 2886 or later and you should have no more issues with this. Cheers :) PP

See if you can upload S:\[B]autorun.inf[/B] for analysis here: [B][url]http://virusscan.jotti.org/en[/url][/B] Please post back with the results. PP :)

[QUOTE=jholland1964;984676]Dang! Did it remove them?[/QUOTE] Just pull that key out manually, Judy. PP:)

[QUOTE=jlludwig;992343] I cannot however disable system restore because the properties link is not highlighted even when logged in as administrator. What should my next step be?[/QUOTE] Hi Jodi, You don't want to disable system restore before your machine has been cleaned. We usually do it After the cleaning process. As …

[QUOTE=BoJo20;992315] I ran SuperAntiSpyware since that is what I had on my comp already. Now what? Please help[/QUOTE] This WPP has so many different variations that it is difficult to pin down. Plus, it tends to leave your system very unstable. Honestly, the best thing to do is Reformat and …

[QUOTE=jholland1964;990856]What is it primarily used for?[/QUOTE] [B]It is used for downloading cracks, keygens and even more malicious crap such as USBThief . . . . Frankly, it is poetic justice that he got infected..... ;) PP[/B]

[QUOTE=tttim;990827] Being that windows only boots to wallpaper (error in explorer) etc. [/QUOTE] -- Is this an assumption, or do you get an error message? -- Do you have a flash drive handy? Or, better yet - are you able to burn some tools onto a CD for use on …

[QUOTE=ez-digital;987163] I cannot get Hijack this to run and am stuck at this point...I need a little help!![/QUOTE] Please download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1893&d=1251931475"][B]FindIt.zip[/B][/URL] and [I]Extract [/I] the FindIt folder to your desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] - DoubleClick it and let it run. (10-20 seconds) A log should pop …

[QUOTE=darkrecess;987324] Also, I posted on the end of another thread earlier. Most boards I usually post on encourage people to look for similar threads before starting a new one.[/QUOTE] Most security forums prefer that you start a fresh thread - less confusion. -- Do you have a viable System Restore …

[QUOTE=travs1;963953] Other than that, everything seems to be working fine...hahaha.......... seriously though... What should i do next??? Thanks for the help[/QUOTE] If you are feeling brave, you can try this, but it is strictly a [B]"[COLOR="Red"]Run At Your Own Risk![/COLOR]"[/B] proposition: [B] *[/B] Download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1891&d=1251779931"][B]KILLBAD.zip[/B][/URL] and EXTRACT the KILLBAD folder …

[QUOTE=Adam619;987282]I've learned that one option is to reformat windows. I would hope this would wipe the virus away and in turn it would wipe all of my information. If I do that, would my email be clean? Or would it still be infected?[/QUOTE] A format is always the best and …

[QUOTE=Kevin392;962114] I'm totally locked up - I can't do anything. I'm posting this from another computer. [/QUOTE] -- What OS? -- Can you get into Safe Mode by tapping F8 at boot ?(do not use msconfig) -- Safe Mode with Networking to DL and run HJT and MBA-M? Let us …

Hi vantran012, You would probably have better luck getting a helpful answer if you posted your question in the Hardware section of Daniweb. Try here: [B][url]http://www.daniweb.com/forums/forum121.html[/url][/B] Best Luck :) PP

[QUOTE=Inlovewithnight;983748] Any suggestions would be greatly appreciated. Thank you.[/QUOTE] You can either delete your current Firefox profile and then create a new one, or [I]completely [/I] remove Firefox and reinstall it. -- Uninstall Firefox -- Delete the following folders: Program Files\[B]Mozilla[/B] C:\Users\%username%\AppData\Local\[B]Mozilla[/B] C:\Users\%username%\AppData\[B]Mozilla[/B] and/or C:\Users\%username%\AppData\Roaming\[B]Mozilla[/B] Then, reinstall the latest Firefox. …

[QUOTE=pigwink;981851] So looks like I'm stuck with this search bar for another while. [/QUOTE] We really need a more thorough look at what is going on before we can say that :) HijackThis is often insufficient when it comes to today's malware - Let's try this: -- Download [URL="http://download.bleepingcomputer.com/sUBs/dds.scr"][B]DDS by …

[QUOTE=emmasyah;984865] Please help... Thanks[/QUOTE] I am sorry to say that you have been given bad advice . . . I hope it wasn't in this forum. It is not recommended to force Safe Mode via msconfig as you have here. Some malware wipes the safeboot key in the registry. Then, …

[QUOTE=tinyart49;983027]the desote.exe blocks me opening any anti virus =/[/QUOTE] For the life of me, I do not know why people don't read the threads before they reply.... :) Please do this first: Download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1893&d=1251931475"][B]FindIt.zip[/B][/URL] and [I]Extract [/I] the FindIt folder to your desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] …

[QUOTE=Questions???;981170] I really don't know what to do and would appreciate anyone who can help me fix my friends computer. Thanks in advance.[/QUOTE] I'd like to try this first: Please download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1893&d=1251931475"][B]FindIt.zip[/B][/URL] and [I]Extract [/I] the FindIt folder to your desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] - DoubleClick …

[QUOTE=Turkagent;981190]NOpe still doesn't work in safe mode...[/QUOTE] While Judy is away, let's have a look at something: Please download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1893&d=1251931475"][B]FindIt.zip[/B][/URL] and [I]Extract [/I] the FindIt folder to your desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] - DoubleClick it and let it run. (10-20 seconds) A log should pop up …

[QUOTE=Xiados;982149] Any further info would be appreciated. And sorry if I've forgotten anything, I was tired long before this happened.[/QUOTE] Hi Xiados, Please download [URL="http://forum.networktechs.com/attachment.php?attachmentid=1893&d=1251931475"][B]FindIt.zip[/B][/URL] and [I]Extract [/I] the FindIt folder to your desktop. -- Inside the folder, you'll see [B]RunThis.bat[/B] - DoubleClick it and let it run. (10-20 seconds) …