1,366 Posted Topics
 | Try using Rkill to kill the virus process prior to doing anything else. Using the directions from bleepingcomputer on it's usage. It may take multiple tries to get the processes stopped. Try all 7 copies if need be, all are the same file, just with different names. Hopefully one of …  |
| | You didn't tell MBA-M to fix the items found. You DO have serious infection on the computer. Please read carefully and follow these steps. * Download TDSSKiller and save it to your Desktop. [url]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url] * Extract its contents to your desktop. * Once extracted, open the TDSSKiller folder and doubleclick … |
| | wnoorlag, this thread is three years old and is somebody else's thread. You will not receive answers in another persons thread. You should begin your own thread after completing the steps given in our Read Me Sticky. [url]http://www.daniweb.com/forums/thread134865.html[/url]  |
| | Before doing major program changes, like changing anti-virus programs, especially because Avira is excellent, you need to fully follow the instructions in our Read Me sticky, which includes stopping/uninstalling those P2P programs you may have, I see one, uTorrent. You only posted one of the logs generated by DDS, we …  |
| | Hi Karen, Judy here, PP asked if I could jump in and take a look. One thing I see is your Hosts file is hijacked. You need to replace this with a clean one. Follow the steps on this page, note there are special instructions for Vista right next to … |
| | Hi welcome back, You have found one of the major dangers of P2P, these programs can attempt to and very often do take over your computer. Even though you have uninstalled this program, "crumbs" of it still remain and show in the log. You can try first to get rid … |
| | It likely is NOT solved. All you have done is remove the rootkit but not likely the other infected files that it brought in. There are other steps you need to do, one is follow the instructions in the Read Me sticky for the install, update and running of MBA-M. … |
| | Try downloading in safe mode with networking and see if it works. |
| | As long as these programs were run today, then please post the logs from the Read Me Sticky tools. They must be current logs, not from several days ago. |
| | Re: Redirect problem Hi and welcome to daniweb. You have a rootkit infection. You need to do the following: Please read carefully and follow these steps. * Download [B]TDSSKiller[/B] and save it to your Desktop. [url]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url] * Extract its contents to your desktop. * Once extracted, open the TDSSKiller folder and doubleclick on … |
| | If you really want assistance then the only way we can even begin to offer suggestions is that you follow all the steps on the Read Me sticky and then come back and copy/paste all logs from the steps given. Then we can begin to offer assistance. [url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url] [COLOR="Red"] The … |
| | Hello, well your Avast was working exactly as it was supposed to work and you of course did the right thing in running the scans. The process noted would not be unusual however, c:\Windows\system32\svchost.exe. Take a look at your task manager and you likely will see multiple instances of it … |
| | [QUOTE=royng;1513339]If your problem is solved can you please mark the thread as solved. You can do that by going to the bottom. Thanks, i appreciate it.[/QUOTE] The poster has not yet returned. Stop asking people to mark threads as solved to boost your solved threads count. That is up to …  |
| | Not if you have sent it on to somebody else. Once it's on their computer, facebook, cellphone, whatever, then it is "out there" and even deleting it from your computer or phone makes no difference, [B]somebody else has it and they can do whatever they want with it.[/B] Number one … |
| | Hi Cathy, since this forum is solely for the removal of infections from machines your post might receive more information in the Internet Marketing forum [url]http://www.daniweb.com/internet-marketing/25[/url] |
| | gunny: That was a complete scan done with MBA-M. If there IS a rootkit on the computer then the DDS log may show it Let's wait for all the logs requested in our sticky to be posted and then go from there. Now to [B]mazekx[/B] [B]Please do not post logs … |
| | We offer no advice without first seeing logs from all programs requested in our Read Me sticky. Please complete those and report back with those logs; [url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url] |
| | [QUOTE=royng;1506321]Spelling error larieu. It should be linksy, but anyway i agree with larieu. Your linksy router is able to work as router (not default NAT mode)?[/QUOTE] Your spelling is also incorrect roy, the correct spelling is Linksy[B]s[/B]  |
| | [QUOTE=royng;1513352]If your problem is solved can you please mark the thread as solved. You can do that by going to the bottom. Thanks, i appreciate it.[/QUOTE] You need to stop making this request in order to boost your own solved thread count. It is not for you to ask this. |
| | Please read carefully and follow these steps. * Download [B]TDSSKiller[/B] and save it to your Desktop. [url]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url] * Extract its contents to your desktop. * Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. * If an infected file is detected, … |
| | Who told him to use combofix? Multiple OTHER tools would have to be run before anyone would tell him to run combofix. It should [B]NEVER[/B] be run as a matter of course as it is for use only for specific types of infections, Using it without supervision by the [B]helper … |
| | So you no longer can boot to Windows at all, even in Safe Mode? Or Safe Mode with networking? |
| | You need to follow all the steps given in our Read Me Sticky and post back here with all the requested logs. [url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url] |
| | If I may, from what I have found the main reason for this error #132 when playing World of WarCraft may be caused by failing RAM or a problem with your video card or not enough allotted storage space and not infection. For your 404 errors can you give us …  |
| | [QUOTE=lord_thunda;1502031]HI Crunchie, i have the same problem as TGON, i have run all the checks you listed i.e run tdsskiller run the NTBR_CD and have run the MBR.exe which i will attach to this post. but my hard drive space keeps going down 1mb every 30mins - 1hr is frustrating … |
| | [QUOTE=Markus101;1496874]Hi, I recently encountered the same problem on my Dell laptop. I am able to log in to each user but a scanner box appears and a black screen stating safe mode in each corner. I have ran Malware but nothing shows up and then he software shuts down. I … |
| | Uninstall that version of HiJackThis, it is way out of date. Please do all the steps given on our Read Me Sticky and post back with all the requested logs. [url]http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865[/url] |
 | [QUOTE]=GoodLuckChuck;1496771= The box offers you the $49.95 premium protection for $19.95 since you cannot afford the full price. I had never seen this before and found it interesting.[/QUOTE] Not sure why you would find this "interesting" or unusual. Software companies have items on sale all the time. I just purchased … |
| | [QUOTE=Richard Pullman;1494596]I've just tries the solution suggester by Corplusea and had no joy. When I press Ctrl/Alt/Delete I only have the options Lock this Computer / Switch User / Log off /or Change Password. Where do I find Task Manager?[/QUOTE] Richard, please begin your own thread rather than post in … |
| | Re: Need answers!!! [QUOTE=Portgas D. Ace;1488904]XoftSpy SE is obviously Maleware. Delete it. Thats the virus.[/QUOTE] XoftSpy SE has a very poor reputation. But don't however just delete, this is not the correct way to uninstall a program. Go to Add/Remove and UNINSTALL the program. Then follow directions in the link that crunchie gave … |
| | Re: Svchost.exe [B]Don't[/B] follow the advice of the previous poster. Begin by following the steps given in our Read Me First sticky and post back with all the requested logs and we will see what else needs to be done. [url]http://www.daniweb.com/forums/thread134865.html[/url] |
| | Hi, welcome to daniweb; First of all the host file warning from HJT is perfectly normal for computers running Windows 7 so that is fine. We don't use HJT that often anymore but use DDS scanner. Please follow all the steps given on our Read Me Sticky [url]http://www.daniweb.com/forums/thread134865.html[/url] and post … |
| | Please follow the instructions on our Read Me sticky and post back with all requested logs. [url]http://www.daniweb.com/forums/thread134865.html[/url] |
| | [QUOTE=gerbil;1485939]Hijackthis does not work correctly with W7... it shows a lot of services as "file missing". Believe me, if some of those files were actually missing, he wouldn't be posting any log. Something for you to fix, Mr Gates.. :) OTL.exe works.[/QUOTE] gerbil is correct, HJT doesn't work correctly with … |
| | You failed to update MBA-M before the scan and the version you are running is way out of date. The newest version is 1.50 and was released November 29th and will be installed via the normal update process so this tells me you haven't updated the program in at least … |
| | Hi David, We cannot offer assistance without seeing any logs. Please follow the steps found in our Read Me sticky and post back with the logs [url]http://www.daniweb.com/forums/thread134865.html[/url] Post that original log from MBA-M that found the infection also |
| | Your MBA-M program is woefully out of date as you say. Try doing this see if you can boot to Safe Mode with networking and try updating MBA-M and if you can then run the Full Scan while in Safe Mode, have it remove everything found, and then reboot to … |
| | Hello Clotilde, You DO need to follow all the steps in the link that Rik gave you and post back here with all the requested logs because it is likely that the computer itself, not only your Yahoo account, has been hacked which puts any personal information like bank account … |
| | Catalina, to see those entries in a HJT log about IE is perfectly normal and one would be concerned if it didn't show in an HJT log because that would definitely indicate serious system damage. IE cannot be removed it is part of the operating system, even if you don't … |
| | Hi, welcome to daniweb. Right of the bat I can tell you that this AVG2011 is [B]NOT[/B] really AVG it is a new fake removal program, masking itself as the AVG anti-virus program. You need to follow these steps, given in depth at [url]http://www.bleepingcomputer.com/virus-removal/remove-avg-antivirus-2011[/url] Reboot your computer into Safe Mode … |
 | This has become a very common problem with lots of posts concerning this very thing at the Avast forums in just the past few weeks. I don't believe this is a false positive but an actual rootkit. Try running the TDSSKiller Download [B][URL="http://support.kaspersky.com/downloads/utils/tdsskiller.zip"]TDSSKiller[/URL][/B] and save it to your Desktop. Extract … |
| | Hi Welcome to daniweb. You obviously have another computer to use since you are posting here. If you have a flash drive you can load removal tools onto that flash drive, take it to the affected computer and put them on from the flash drive. One thing to also try … |
| | Your version of HiJackThis is way out of date. Uninstall it. Then follow all the steps given in our Read Me sticky and post right back here with all the requested logs. Then we can tell you if other tools may be required. [url]http://www.daniweb.com/forums/thread134865.html[/url] |
| | Good heavens! This is a WORK computer? This person should be fired, but that is not my business I guess. Can you boot the computer using Safe Mode with networking? If so try using that to do these steps. If you cannot do that then these rkill files can be … |
| | |
| | You really should never run Combofix without first being told to do so. Since you have all ready done so then you should be able to follow the steps given in our Read Me First sticky. Please do so and post back with all the requested logs. [url]http://www.daniweb.com/forums/thread134865.html[/url] |
| | Hi Alex,I agree with PhilliePhan, the infections showing in your log are certainly ones that should have been found by the scanners you used. Let's try this another way: See if you can boot to Safe mode and attempt to run MBA-M. To boot to safe mode do the following: … |
| | Think you should be aware that you likely are NOT finished here. |
| | Yes, you system [B]IS[/B] [B][COLOR="Red"]infected[/COLOR][/B]. Infected files show in the log and you can blame your girlfriend In [B][U]PART[/U][/B], however, you have no anti-virus program running on the computer. Your logs show McAfee is "there" somewhere but [B]it isn't running[/B]. I am "guessing" that this is the customary "free trial" … |
| | Re: Virus? You need to follow all the steps given in our Read Me sticky and post back here with all the requested logs: [url]http://www.daniweb.com/forums/thread134865.html[/url] |
The End.