Explore topic-wise InterviewSolutions in .

A few weeks ago, my friend opened her computer and this window popped up with helper.dll and helper.sig files showing up. She downloaded a few different malware/spyware/adware programs and ran them, not at the same time of course, and each time her computer seemed to remove those things and work normally.

Then, as time went by, the pop up kept showing up, then she would do the same, get rid of the files and so on. Today however, the pop up only showed the helper.dll files, WITHOUT the .sig file. Her computer works normally, she scanned for viruses or any other treats, but nothing comes up from her antivirus program.

I was wondering if any of you know what can possibly be doing this and why does it keep repeating itself, if she removes those files with an antivirus program. It's obvious that something causes those files to get back in her system, or to not even remove them completely.

And now, she just recently told me that when she closes out IE, the file iexplore.exe is still in her TASK manager. And sometimes, there's two of them. Someone told her it might be a virus in her registry, but do you know why wouldn't a virus come up after scanning the computer? And what's with the .dll and .sig files?

Thank you.Welcome to CH.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the DISCLAIMER screen.
  
• Once it has FINISHED, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the CONTENTS of both logs in the next reply.

I have AOL and recently downloaded their version of McAfee. Since then, I have had nothing but problems. They have helped me fix a couple of problems, but now it is unbearable. I can not open ANY web pages and get the "Microsoft Explorer error" message. I also can not open the MY COMPUTER folder and several other folders. This time, AOL says it is a Microsoft problem. Any suggestions would be greatly appreciated.Advice number 1.... McAfee is a HORRIBLE program... Second... What version of Windows are you using? We might be able to run a system restore... Another thing... When did this happen?

[glb]Flame[/glb]All of these problems started after I intalled the McAfee THROUGH AOL. I talked to them about 10 times on the phone and thought I had it fixed. Then, I tried to transfer some data off of a jump drive onto my computer and that is when things got about 1000 times worse. I checked both the jump drive and the computer the info came off of......no problems from them (so it seems). I have Windows XP.
Thanks again.let's do a system restore.... Click Start -> Accessories -> System Tools -> System Restore ... Now, click nect on the window that pops-up. (Make sure that you have revert to an earlier time selected) Now... A calendar wil pop-up... SELECT the day BEFORE you installed McAfee.. Now, click next... You will see a dialog window SAYING what will happen.. Make sure that the right day is selected, and click next... Your computer will now restart... Before it restarts, you will see a status window... Now, this MAY move SLOWLY, so be patient! Let us know what happens next...

[glb]Flame[/glb]Hi,
Well, I tried to do that, but this time, when I turned on my computer, I don't even have a START button, so I can't get to anything. Any other suggestions?
Thanks.Try running system restore in Safe Mode...

[glb]Flame[/glb]How can I restart it in safe mode?I tried to do the SYSTME restore by hitting CNTL-ALT-Del. Here is what came up...
System Configuration Utility

General System.INI WIN.INI BOOT. INI Services Setup


Start Up Selection

o Normal Startup - Load all device drivers & services
o Diagnostic Startup - load basic devices and services only
o Selective Startup:
ü Process SYSTEM.INI file
ü Process WIN.INI file
ü Load System Services
§ Load Startup Items
o Use original BOOT.INI

Launch System Restore Expand File



WHich one should I use? I am inclined to do the NORMAL restore...is that right?

Last week my wife came and told me that her computer just started down loading an up date and was rebooting. She wasn't on the net. A HALF hour later it was still loading the up date on the reboot screen. After a half hour it was still loading. It said STEP 3 of 3 0 % compleat. Don't turn off computer. A half hour later I turned off the computer and restarted it. It did the same thing. I shut it down once more and started in safe mode, that was the only way to get to files I wonted to save. No luck, it wouldn't let me save any thing to disk. It said that I didn't have the file to run the DVD player. I rebooted the computer and it came up in part safe mode. It didn't say safe mode it just looked like it and nothing would work. No internet, no USB and no DVD. I tried restarting several times, same thing. I got my Son on the phone and he said that it was a viruses that had corrupted some files and that I would have to do a clean install of the OS. I did that and every thing is fine. Can any one tell me if this was a viruses or did I do this by shutting down the computer when I was told not to. On the reinstall of the OS (Vista) I had to down load the up dates and they only took about five or so minutes on the reboot and that was 250 MB of stuff. If it was a viruses it went from working to not working in one hour.There is no way we can just tell a virus by symptoms alone. Thats why we always request logs. No logs, no telling...I understand. I don't know how I could have GOTTEN any logs. I guess that it was best that I just reloaded the OS. Thank you for your time.

I've GOOGLED it and used "The Process Library'. Everyday COMODO is asking me if I want to allow it to enter. Of course I don't, at the same TIME I can't FIND anything definite about its DEFINITION. Do you know anything about what it is exactly. Spelling with caps is correct.

Thanks Sorry I brain farted with a duplicate entry. Please DISREGARD and cancell this thread.

What is it? I used all your earlier PREFERRED advice like googling it or using the 'Start Process LIBRARY'. The results are varied as much as just useless to explain it's POTENTIAL or veracity.

COMODO F/W has recently been asking me to accept or deny TFUN.exe I have chose to deny.

Whats your advice?



It's part of Threatfire http://www.threatexpert.com/files/tfun.exe.htmlYes but my TFUN is in caps. Does that make a difference?No it shouldn't MATTER.

I installed XP Pro yesterday and now I am constantly getting a popup from a Windows Messenger WANTING to redirect me to their URL to fix the problems on my computer and various other things. I have run Spy Sweeper and Spython and also had System Mechanic go thru the registry. I deleted everything that came up but it is still there. I tried running Spy Sweeper in safe mode but it wont because it doesnt load the definitions.Any suggstions on how to fix this? ThanksNot a virus, not adware, not spyware, not crackers.

What has happened here is that some idiot script kiddie has found a way of sending messages across th enet using a tool that is most commonly used to send messages across a network.

What you need to do is go into the Control Panel, then into Add/Remove Programs, then into Windows Setup (or at least something to that EFFECT; I use 98SE just now). Then you need to find Messenger and uninstall it. So long as you don't need it yourself to send messages across a network, it's the easiest way.

By the way, a quick word of warning. This is just "Messenger" you are looking for, not "Windows Messenger" or "MSN Messenger", which are completely seperate and completely unrelated apps.Tim_D...If your still having problems with Windows Messenger ......Try this .......OPEN Windows Messenger ....when the sign in box appears ........click tools/options ......when that window opens .....click the preferance tab .......and remove the check mark from Run Windows Messenger when Windows starts.......
Now click OK and close up Windows Messenger .......next go down to the lower right corner of your screen and right click on Windows Messenger and select Exit ......Reboot and Windows Messenger shouldn't be there anymore .......If you want it you can always start it manually from the list in "ALL PROGRAMS"

Hope this helps ....

dl65 I tried what you guys SAID to do but I am still having the same problem. Any other suggestions? Try this... Go into the control panel, and open Administrative Tools... Next, double-click on Services... After, scroll down, until you see messenger .... Double click on that... Next, a small window will display... Now, you will see Startup Type... There will be a selection box underneath... Make sure that Messenger Service is DISABLED... Does this help?

[glb]Flame[/glb]Did anyone actually read my post? Well guys that seemed to take care of it, and Corrosive I did read your post and appreciate the help. Sorry it took so long to reply, I was out of town. Thanks again.No no no, Tim. I was actually REFERRING to the fact that two other people who posted afterwards didn't bother reading anything I said.

dl65, see the last paragraph on my post. Flame, see... my whole post (although you did give more accurate details, which is always good)...

I just got a "trojan" or "virus" named mmview 101.dll. The PROBLEM is my norton antivirus is unable to quarantine it or delete it. How might I go about removing it.Well... The EASIST way is to take it to a professional and pay about $15 - $30... But, you probably do not want to do that, so you might want to try another antivirus program...

[GLB]FLAME[/glb]Mike Benson....Have a read of this
http://securityresponse.symantec.com/avcenter/venc/data/download.trojan.html
It may just help you


dl65 Thank you so much guys !!! This helped me a bunch that link gave PERFECT instructions on how to remove the TROJAN

Everytime I TRY to shop online, the error PAGE comes up when I try to add something to my cart or proceed to checkout. Is my ANTIVIRUS making this happen? And if so, how do I DISABLE it so I can spend my cash? Thanks genius. That depends.... What security level is it on, and which FIREWALL do you have?

[glb]Flame[/glb]

Alright since this is a secruity based forum i thought it best to post this here,

ok heres my actually not mine but quite a few peoples problems,

theres a hacker going around to gmail, freehosting123, rojo anytype of invite swapping site basicaly, and he hacks in there deletes all post in the forums (thats where all the trading goes on) and he has unbanned spammers banned mod/members, and causes mass chaos in the forum, so you can see our trouble, in one of these (2 forums are known so FAR) he stole gmail invites that were up for auction at a site. we believe he is trying to get ahold of freehosting123 invites which many consider quite valuable, since it would seem none are in circulation at the time.

ok now enough RAMBLING we believe hes USING a proxy (dont know too much about this stuff just repeating) he have the address for it as well if you need that i can post it, but we need to find a way to trace his true I.P address and catch him, before he causes more HARM,

any and all help is wanted

if you need anymore info than please just specifyAlan20........There is an abuse link on freehosting123.com for complaints such as this ...have you reported this guy ?
Also there is also a link to getting a proxy ip address on that site as well ....have you checked it out .
Has the hacker broken any laws because if you contact your local police with any info you have on him .....they have all the resources to track him down.
If you want a invite to freehosting123.com ........contact someone using the service and see if they will give you an invite .

Good luck.

dl65
well actually i have no idea if the guy is using Freehosting123, all we know is hes been going around to these 2 sites and screwing them, up, he hasnt done enough to report him to police, hes just SCREWS up the owners forums so they have to start over again

and no i dont need an invite to fh123, just trying to help these 2 boards out since im a moderator at one,

but thanks for the help/advice dl65Try updating whichever forum software you are using, and possibly the server software and the interpreter for the scripting language installed on it (PHP, ASP, ColdFusion etc). He'll be exploiting a loophole in that.

followed the post and attached the logs.

im having trouble with web pages resetting 3 to 7 times not sure what is going on.


Malwarebytes' Anti-Malware 1.27
Database version: 1130
Windows 5.1.2600 Service Pack 3

11/4/2008 8:45:14 PM
mbam-log-2008-11-04 (20-45-14).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 133312
Time elapsed: 44 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:58 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191105959644
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218041048750
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225523833608&h=f5319592cb6c5263b6ffc7e688a05b18/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - INSTALLER) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel CORPORATION - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7731 bytes




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2008 at 09:44 PM

Application Version : 4.21.1004

Core Rules Database Version : 3622
Trace Rules Database Version: 1606

Scan type : Complete Scan
Total Scan Time : 00:57:20

Memory items scanned : 439
Memory THREATS detected : 0
Registry items scanned : 6804
Registry threats detected : 0
File items scanned : 80078
File threats detected : 0


Was SuperAntiSpyware ran before or after you got your hijackthis log?SUPERAntiSpyware was first and last ran it a 2nd time. when i could not find the logIm not one of the malware specialists, but i can try to help you until they get to your problem, as they are very busy. Are you still getting the same problem?yes im still having the same trouble ,but now its only happening on my credit CARD and bank account sites.
also im showing 4 hard drives when it use to be only 2.Doesn't look like malware.

Try this.

Reset Web Settings & Default Security Settings

Note for IE 7 users:

Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

worked great first time. after putting in password and going to the bank site 2nd time it started again.Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
• Check the box in section 2, Fix Windows Installer.
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
• Check all boxes in Section 5, labeled Registration Center.
• Click Go
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

Nope, most were just autoit V3 scripts aside from chriscontrol (a remote admin tool). The scripts probably just set it off because of the endless possibilities in functions. OK lets do this.

Run this online SCAN.

This scanner requires INTERNET Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted APPLICATIONS is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\LOG.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Ok guys I want to know what you guys think is the best free complete antivirus protection software on the market right now? I would RECOMMEND AVG, it can be downloaded here: http://free.avg.com/download?prd=afe

AVG is frequently updated to provide the latest protection more quickly.

Personally though, I PREFER Avast, which can be downloaded here: http://www.avast.com/eng/download-avast-home.html

Avast has great on-access protection, giving you real-time protection. This is the main REASON I prefer Avast. AVG's interface is probably easier to use and navigate, but I think both PROGRAMS are good.

So for you I'd probably recommend AVG, but the choice is yours.

Hope this helps.Not to mention Avira.

http://www.free-av.com/Ever since I have downloaded AVG free edition it will not update. It did a couple of TIMES but is this due to the fact thats its free and paying users get priority on updates.No.Quote from: 06Honda on November 07, 2008, 05:07:08 PM

Ever since I have downloaded AVG free edition it will not update. It did a couple of times but is this due to the fact thats its free and paying users get priority on updates.

Hi,

I'm new here. I am desperate for an answer. I have an old desktop and a 1 year old emachines notebook, with Athlon. We have a Linksys network router. I'm running Windows XP on the notebook. I use Internet Explorer and AOL, and gmail. I have several problems. I have plenty of memory, etc.

The first and most urgent is that AOL has denied us access 2 times in the last month, saying that we violated TOS. They said we were sending out over 400 spam emails at one time. We have done nothing of the sort. One of the times, they even said they were coming from my son's SCREEN name. At the time, he was in bed! I'm afraid that someone has hacked into our system and is using our computer for this. Someone please help me!! This is very scary!

ALSO, my computer is making lots of sounds like I'm clicking on links when I'm not. Many times, the bar at the bottom that shows how far along the loading is, is also showing activity upon the clicking. I've made sure that my hand is nowhere near the keys or the mousepad, to make sure that I wasn't hitting something. Sometimes, it will just be one click, and sometimes it's multiple clicks, one after another. Is this a sign that someone else is accessing my computer??

Also, even though we have cable, the pages are loading EXCRUCIATINGLY slowly, and sometimes not at all, but this is just on my screen name, and not the others.

Lots of times I get the page that says that it can't display that page, and asks you to refresh, but that doesn't help.

Many times, I click on the back button, but I have to do it 3 or 4 times to get it to go back.

We have a spyware detector that continuously checks for spyware, which is always telling me that there is no spyware. We have Norton Antivirus. We have 2 firewalls--one through AOL, and one through Linksys.

Also, one other question--this laptop is always getting overheated and shuts down. Is this a sign that it has been on too long, and if so, how long is too long? Or is this a sign that the computer is defective? It gets so hot that it leaves red marks on my legs through my blue jeans, and you can't touch the back, where the hard drive is. Even when I have it on a special laptop desk, which is supposed to make sure that it gets plenty of ventilation, it shuts down. This happens numerous times every day. It especially shuts down if I try to run a crossword puzzle game, which is a full screen game, even when I'm not even on the internet. Before it shuts down, it is always loud, and the air coming out the back vents is very hot. It always sounds like a car that will not GEAR up when it needs to.

Oh, one other thing. All of a sudden, the laptop kept getting knocked off the internet when anyone uses the microwave, which is in a direct line between the laptop and the router. From what I've read online, this is probably interference from the microwave. Is there anything I can do about this? It didn't happen, and then all of a sudden it just started doing this (right after emachines replaced the hard drive!). We've had SO many problems with this laptop. I would recommend that you do NOT buy an emachines laptop!! We sent the first one in 3 times, and they kept sending it back worse than it went in. We now have a refurbished replacement and are having the same problems!!

Can anyone help me?

Blessings!
DonnainAL



hsmom4Jesus.......Where to start , you seem to have a number of issues going on here and on two machines as well .

Lets start with the laptop .......First microwaves and wireless connections don't like each other . Is it possible to relocate the wireless router to another location away from the microwave . Next , when was the hard drive replaced , and why was it replaced .
Also if your laptop is burning your legs throught your pants , there's something seriously wrong ......) perhaps the fans not running . I would be going right to the top in the E Machines organization and demanding they fix their problem .........( It's theirs not your's ) There could well be serious damage done to the interior componets.

Now on to the spamming pc .......Sounds like the pc has been hacked ..........Tell your son to shut down his pc when ever he's not using it ...and then they wont be able to route their junk through his machine .......( its possible its one of his aquaintences.......)

"they even said they were coming from my son's screen name" .........does the ip number match his as well .......
I have no idea what kind of a firewall AO *censored* offers , but do you have the linksy firewall set up properly .......( it may block a lot of incoming stuff but I would be surprised if it deals with outgoing transmissions .) I would be using something like Zone Alarm or Sygate .....but they must be properly configured .

I dont believe you mentiond which spyware scanners you use .......as this may be what's causing the slowdown . Please let us know .
If possible , deal with one issue in one post ...it's less confusing .
We will wait for your response .

dl65 Hi, dl65,

Thanks for answering!

OK. I'm not big on computer knowledge, so you might have to talk baby talk to me!

First of all, my ds doesn't "have" a computer. We're talking about our ds that doesn't even live with us....he just happened to be spending the night that particular night. I was on the laptop in the same room as the desktop and he was in our other ds' bedroom, sound asleep when this was happening. He only uses his screen name when he's here, as he doesn't have a computer, or access to one. I don't know what you mean by "does the IP match his as well". All AOL told me was that I was sending out numerous spam mails. They had no idea what could be happening. I had to talk to two different people, trying to understand their broken English!

hsmom4JesusHi, again,

No, there's no way to move the router. We've moved into a mobile home that has only 2 cables, in 2 rooms, on two ends of the house. The router has to be hooked up to the desktop. The room I use the laptop in is our bedroom, which is on the other end, diagonally across the mobile home (I have 5 chronic health conditions, and am often bedridden). Like I said, it wasn't a problem before, don't know what happened.

hsmom4Jesus
Lets start with the laptop .......First microwaves and wireless connections don't like each other . Is it possible to relocate the wireless router to another location away from the microwave .

Oh, I also meant to say that the microwave is 2 rooms away from each of the computers, but happens to be at the center of the double wide (the only place in the kitchen with an outlet), and in a direct line, diagonally, between the two computers.

hsmom4Jesus








Next , when was the hard drive replaced , and why was it replaced .
Also if your laptop is burning your legs throught your pants , there's something seriously wrong ......) perhaps the fans not running . I would be going right to the top in the E Machines organization and demanding they fix their problem .........( It's theirs not your's ) There could well be serious damage done to the interior componets.

Now on to the spamming pc .......Sounds like the pc has been hacked ..........Tell your son to shut down his pc when ever he's not using it ...and then they wont be able to route their junk through his machine .......( its possible its one of his aquaintences.......)

"they even said they were coming from my son's screen name" .........does the ip number match his as well .......
I have no idea what kind of a firewall AO *censored* offers , but do you have the linksy firewall set up properly .......( it may block a lot of incoming stuff but I would be surprised if it deals with outgoing transmissions .) I would be using something like Zone Alarm or Sygate .....but they must be properly configured .

I dont believe you mentiond which spyware scanners you use .......as this may be what's causing the slowdown . Please let us know .
If possible , deal with one issue in one post ...it's less confusing .
We will wait for your response .

dl65 [/quote]
Hi,

The hard drive was replaced a month or two ago. Can't remember--it's been in the shop so many times...oh, wait...it was in Dec., because my phone bill was outrageous!

The entire computer had crashed and wouldn't turn on at all. They sent 2 different hard drives, neither of which would go into the computer. We were trying to avoid having to send it in, because it always comes back worse than when we sent it in. But we had to send it in. When we got it back was when the microwave started knocking it off the internet. Sometimes it does it, but then other days, we'll go all day, and the microwave won't phase it!

hsmom4JesusI HAVE been to the top--have conversed with a guy in the office of the VP. It does no good....do you know who I could contact to get the help I need before the warranty runs out? I want my money back so I can buy something decent, but they just keep wanting to do RMAs on it.I'm on the laptop just about all day every day...checking mail, surfing, helping the kids with schoolwork (we homeschool). That's why I wondered if it was getting hot because I'm on so much...that's what my dh claims. So...the desktop has to be on, also, for internet access and to use the printer. My 15 yo ds, who is much more computer savvy than me, hooked up the Linksys, and he says he followed all the directions implicitly. AOL has McAfee Personal Firewall Express. We didn't have it enabled until after the 2nd incident with AOL, because he said that the Linksys firewall was much better and we didn't need another one, and he was afraid it would interfere with the printer.DS INSTALLED Zone Alarm, but it keeps popping up all these questions about whether I want to allow or not and I have no clue what to do, so I disabled it. hsmom4Jesus.....Ok , reading your reply suggests to me that the spam issue has been corrected via AO *censored* firewall.
Then , the slow loading issue .....which computer is this on the laptop or the desktop.......Is it possible that its all clogged up with spyware and adware ?
What spyware programs do you use to clean that out ?

The hard drives that have been replaced in your laptop.....who replaced them ?

What is the model number of your laptop? ( this info would help)

Zone Alarm.........the messages you see with Z/A running is it doing its job ........its telling you what is trying to access the net from your end and that that program is trying to send out info about something ........
You must take the time to look at each of those messages and decide if you wish to allow the connection .....

As far as the wireless problem with the microwave.....
think about your mobile home as a big tube ......we have the wireless router at one end and the laptop at the other end ........the microwave is in the middle .....when the micro wave is on its creating interferance .( from what I have read, theres no regulations in place to prevent this ) .......I have no way of knowing your habits .....but I would be inclined to have the router at one end and would run a cable to the other end.....and use that for your connection ...when thats where you are ......( this may or may not be a practical solution )

As far as E machines is concerned , I wouldn't settle for talking to the monkey , you want the organ grinder.......
Speak to the president .........( the organ grinder ......not some flunkie in the VP's office )

Tell him or her ......that your fed up with their crap ...you want you laptop to work ..........You want a new one or your money back or you will talk to the press about their inability to fix your laptop.......( remember the sqeaky wheel will get the oil.)

Let us know

dl65

Mind telling me which Spyware program you are using?

[glb]Flame[/glb]Try running HijackThis!: Direct link to Download

Once you run the scan, copy the log into your next post and we'll have a looksie. Don't try and fix anything yourself, as some of it will be legitimate programs.

A suggestion for the future though - try not to post specific URLs for these ad's unless they are really necessary (a rare occurrance). It's what they want to happen (extra advertising) and some of it may be, shall we say, innappropriate for younger eyes. I think we can all imagine what these "special drugs" are for... You're PROBABLY LOOKING for a way to copy and paste the log when the solution is much simpler. Once the scan is FINISHED, there is a button that says "Save Log" appearing in the bottom left corner...

It'll save as a *.log file. Double click on the newly created file and it'll probably ask you to pick a program to open it - choose Notepad and go from there.kilowatt...To post your log file here .....do this ......first open hijackthis.......click scan.....next .....click save log .....next ....tell it to save to your desktop....( it will save it as a notepad )..
Now go to C/H open the topic you wish to post in .......put in your text ( here's my log file) ...now minimize that window .....open the log file on your desktop .......click on the edit button and choose "select all " now its all hi lighted ...so just right click on the hi lighted portion and choose copy.......next close up the log file ........maximize the C/H post you started ...place the cursor where you want the log file to start ....right click and choose paste .....and it there . Now click on post .
If you miss even one entry when you are removing things , it will be right back. ( you must check every item in the log file )

dl65
kilowatt.....Ok , I see a number of bad entries .......

So lets try this ......
Mark for removal .......the following :
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme ......result of a MI root virus
O4 - HKLM\..\Run: [ipcfg.exe] C:\WINDOWS\SYSTEM\IPCFG.EXE
O4 - HKLM\..\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
O4 - HKLM\..\Run: [SysTray] C:\WINDOWS\SYSTEM\SNNPAPI.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O15 - Trusted Zone: http://*.63.219.181.7

ok ......lets see if thats got them all.......so lets boot into safe mode and then do the removals .

the 2nd, 3rd , 4th and 5th ....o4 entries are the result of a trojan......... and the last entry .....015 just looks odd to me .......

When your done .......reboot back to nornal ........and see if your system is clean.

Let us know

dl65 kilowatt.....Dealing with Hijackers is very FRUSTRATING , because if you overlook just one bad entry it will come back ........One must compare each and every entry against a data base of INVALID entries .......In your case , you have a virus as well as several differant trojans .
Glad to hear ...your system is clean again .........

dl65

Has ANYONE ONE got any idea how to get rid of this and is this bad?maggiemay46 ......No trojan is good .......it has to go ....... You didnt mention how you found it ......your anti virus ? .....Try this , go to ........
http://www.microsoft.com/athome/security/spyware/software/default.mspx
d/l this free program and install and RUN it ......I think it will clean that trojan up ...... If it doesnt LET us KNOW .

dl65

When I hit ctrl/alt/delete, there is a program running two times called OYIvasJh.exe. I have searched Google, Dogpile, Altavista, Yahoo, MSN, and can find nothing about it. If I try to end process, it all the sudden starts running (literally) 80+ times, the computer lags for a few mins, then its back to running 2 times. I have run McAfee, F-Prot, Trend Micro and Zone Alarm updated anti-viruses, they have all come up with nothing. I have run Adaware and Xoftspy and they too CAME up with nothing.
The program has put itself in my WinXP prefetch folder, it doesn't matter how many times I delete it, it comes right back again. I've taken it out of START up thru msconfig but the next restart, its back again. Does anyone know anything about it and how to get rid of it. Best I can tell, I got it from a lyrics site earlier this afternoon that had a bunch of pop-ups. Thank you.vixenk99..I would suggest doing a registry search for.....

OYIvasJh.exe ........ Have you looked in your contol panel ADD/REMOVE to see if theres anything odd in there.....if so delete it .

Let us know

dl65 You should know INSTANTLY, that when you press CTRL + ALT + DELETE, that if it does not pop-up the task amnager, then something very strange is happening... It sounds like pure spyware, or a virus to me...

[glb]Flame[/glb]I did a registry search and deleted the obvious ones, I'm not so comfortable messing around in that part of my computer. As it stands, the darn program is still on my system, Zone Alarm is constantly stopping it from sending data via the INTERNET, ugh. From what I have found out, it definitely is a virus that has renamed itself, but I have no idea why none of the various virus scanners are finding and disinfecting it. I really don't know what to do besides keep muddling around, see if I can somehow get rid of it on my own and if not, then I'll have to format and start from scratch.Problem solved! I ran YET another virus scan, AVG, and it found the virus, named Agent.I and disinfected it. I've restarted the computer and it's gone, HOORAY. Thanks so much for your time.Glad to see that everything worked out!

hi
i need some help PLEASE, because my computer is in some serious trouble.
what happens is that help screens constinally pop-up on whatever program im using (ie MSN Messenger: a msn help screen pops up, internet explorer: a interner explorer help screen pops up) and it will pop up again and again everytime i close it.
it doesnt always do this but i good majority of the time it happens.
oddly enough this happened to my computer when i had windows 98, so we emptied my computer completely (formatted the c drive) and INSTALLED windows XP professional. to my surprise the "virus" continued.
though it has gotten so out of hand that my computer, most of the time, that when i make it to my desktop from starting my computer it will freeze because it will open as many help boxes as possible. then i might get a message about my virtual memory being low.
silly me thinking i could solve the problem i deleted my help folder in windows. that did solve the problem temporarly if my computer to made it to the desktop. but those sometimes now will freeze my cmputer on the opening desktop because it is looking for the help boxes to pop up (which dont exist anymore). so it will give me an error box about my helpctr.exe application not functioning, but the box will never close. it just keeps popping up over and over again.
im not really sure if this is a virus because we completely cleared the computer before installing windows xp. if anyone could please help me with this problem it would help me greatly.
i also noticed that my computer is not checking my c drive when i boot up, it just says that it is cancelled.

thanks in advance
It sounds to me like your F1 key is stuck. That is NORMALLY a "skip test" key and the help key.thanks for the advice but its a little more advanced than that...

for example when i boot my computer it will freeze. two screens will pop up over and over again

visual c++ runtime error
helpctr.exe application error

sometimes it will say
marscroe.dll not found

anyways how do i make sure that my computer will scan the c drive when it boots up. because for some reason it always cancels that action without me PRESSING any keyanyways how do i make sure that my computer will scan the c drive when it boots up. because for some reason it always cancels that action without me pressing any key

I am trying to figure out what is wrong with my friend's computer. Basically, it went to a black background all of a sudden yesterday (said something about how the computer is infected or something). And now, it keeps restarting. I tried to run it in the mode that was last used that worked (I forgot the technical title for it), and that didn't work. Then I tried restore it and that didn't work. So now I am in safe mode and I don't know what to do next. Oh, and last week I did some checking around about it's previous symptoms (like shutting down with a particular message) and I read that it may have had a virus (a worm from what I read, but I really don't know). And now it is doing this. Anyway, this friend of mine really needs her computer being in graduate school and all) so if you could help we would really appreciate it. Thanks, and have a GREAT DAY (night)...Loki292......I believe you said the pc will boot up in safe mode .....( thats good ) So here's what I would try .....
Using ANOTHER pc , D/L Stinger onto a floppy disk .
Get Stnger at ...... http://vil.nai.com/vil/stinger/
Now go back to the problem pc and boot it up in safe mode , and then run stinger from A: drive .....delete anything it finds .........then with it still in safe mode scan it again with the normal anti virus program thats installed . If it come up clean , reboot again in normal mode ....

Let us know how you make out

dl65 Ok-I did Stinger, and deleted everything it pulled up. I am going to download an anti-virus deal now and try that. But I did run Ad-Aware and SpyBot and deleted everything they pulled up. I will keep you posted. Thanks...I can't SEEM to find a vrius scanner that is free that will fit on a disk so I can run it on her computer..any suggestions??Ok-did McAfee (from a CD) and deleted what it found. It found 3 infected files and 2 potentially unwated files. It still doesn't work, though. It is still having the same problems it was before. Please help me figure this out I don't know what else to do.Loki292.....Ok ....so you found a number of viruses and have removed them ........So will the pc boot up in normal or only in Safe Mode ?


dl65 Only in safe mode stillLoki292.......Which O/S is that pc using ? Are the hidden folders being scanned ? perhaps the bug is hiding in there .
Try rescanning again with hidden folder set to be shown ..... Hopefully you havent used the SYSTEM restore .

Let us know how it goes ?

dl65

ive got some crap on my computer plz help me get it off ive got PANDA and it keeps saying thay it nuteralized these VIRUSES (i get 5+ a day) plz help!!!!
mombo911.....First which operating system are you using ....... Next what is the name of the bugs that panda is finding ? I would like you to D/L Antispyware (Beta) ....get it at .... http://www.microsoft.com/athome/security/spyware/software/default.mspx ....... Delete anything it finds ...... If you getting 5 viruses per day ......( or are the pests spyware , malware , adware or trojans ) there is a huge DIFFERANCE and Panda isnt the best . ( but thats just my opinion )
Does your homepage ever change UNEXPECTEDLY .....( thats the work of a hijacker )
So the more info you can provide , the easier it should be to assist you .
Are you using a firewall ?

Let US know

dl65

hi...ummm...well i built my own computer and the man that helped me build it told me that panda anti virus was a good system and its been saying that its neturalized all these virusus about 5 a day. ive run the panda scan, the ad-aware scan, and the spy-bot search & destroy. But my computer is STILL getting all this stuff! i opened my history on internet explorer 1 day and now every time i go on it says its not responding. ive even ran every thing in SAFE mode but its still not helping!!!

umm ... well... i PLAY runescape,battlefield1942, and thats about it

plz o plz help me

p.s. im not very tecnical so could u use plain eglish (or explain) http://come on guys plz o plz post i need help!! help me plz!!!....Please correct me if I'm WRONG , but isn't
this post a duplicate of the post by .......Mombo911 ......
Please refer to the suggestions offered there.

dl65

hi there,could you please HELP me?an uninvited program has put itself on my desktop.the name is:SPLASH ral welcome.aspx.http://j.2004cms.com/redirect/chck.asp?... how do i SAFELY get rid of it?thanks to any who reply.Download an antispyware program... TRY Microsoft AntiSpyware...

[GLB]Flame[/glb]thankyou flame for your advice.i will check it out.

i GOT trojans ,spyware , adware, worms you name it.drivin me nuts.
i have a dell 2.4, dsl, xp.
currently i`m runnin avast, MS antispy beta, adaware , spydoctor, spybot. tried them all.
the prob seems to be a trojan deep rooted in the regestry.
i think i picked it up at a freeware site or kazaa lite.
this is a new (used) MACHINE that i just purchased and not too familuar with xp
on my old 133 w95 i can just REFORMAT with a startup disk in dos at start up
how WOULD i do that on this pc, do i need a startup disk and will it need cdrw support drivers or will it bootup right from the xp cd? how do i completly erase the hd?
i dont have to worry about lost info.
ink reformatting is the only way to fix this prob.Try running all scanning software from Safe Mode.djd67......Does this trojan have a name ?


let us know

dl65

I wonder if someone can help me? What the PROBLEM is i am on bt fastest broadband and its takes a while for the pages to load its very slow. any idea what my problem is?Spyware! Download this program, and it will help... http://www.microsoft.com/athome/security/spyware/software/default.mspx .... HOWEVER, you need to have Windows XP or 2000 to install the software... Do you have XP or 2000?

[glb]Flame[/glb]Hi i have just found out that my computer is infected.It tells me trojan Isbar.140 How do i get rid of this?Hi Do you have a Antivirus checker on your computer you can try to run but in some cases it will be blocked, if this is the case go google and out in the stinger and download it to a floppy, after downlaoding restart your computer with the
floppy in the drive it should run the checker and then just follow the prompts.Tips:>>> always check what is installed on a pc..either VIA software disks/fd/or internet programs like gator KAZZA etc/...
Run an adsl speedtest from www.adslguide.co.uk...........to make sure that bt are not PLAYING with lines...also check any cat cables leads/modem??
What results do you get from the ping command /type after the cmd prompt...ping www.bbc.co.uk.........also check firewall config/

see if norton/mcfee have a removal tool for the trojan you have ?/~..........try stinger from mcfee/or anti-vir...personal edition from major geeks.com...tips...

Hello everyone, how are all of you?
Some days back I was thinking about virus infections.
We all know very well that virus will cause damage ti your computer if your computer contains it. One of the sources of virus is through e-mail attachment. When we recieve an e-mail with virus program attachment then this attachment which is actually a virus FILE is saved on the COMPANY's servers who is giving us e-mail service. My question is that why not virus damage to their servers?

Do take care of you and others and be happy.
Bye...
DrWahabA virus needs to be executed (activated) before it will damage a computer, WITHOUT that it's just wasted SPACE.

I ran a virus scan on my computer and found out I have been infected with Trojan.Downloader.1466. I can't find any information on it. If anyone could tell me about it I would be very grateful. I would also like to know if there is any way to get rid of it for very cheap(free). Maybe you could tell me if I can do it myself. Thank you in advance.
Debidebiwelsh1....Which anti virus software identified that trojan ? Usually ( but not always ) you will be provided with a manual method of removing the PEST .....
There is something else we could try .........D/L
Hijackthis........ from .......... http://www.majorgeeks.com/download3155.html

Then post the logfile here and perhaps we can clean up your pc . ( trojans usually show up in hijackthis scans )


dl65 Hi,
I can't get into the majorgeeks SITE. All I get is a green screen even though the address is in the toolbar. Is there maybe a different site I could get something equitable to hijackthis?
I believe it was stopsign virus scan that was run.
ThanxYou can run a free virus scan through the following website- http://security.symantec.com/sscv6/home.asp

Follow the instructions carefully. If they detect any viruses, etc. they will give you instructions on how to remove it and/or access to a free removal tool. After you have REMOVED the trogan, OBTAIN or update your anti virus program. You can get a free TRIAL from this site for 30 days. If you go to followind site, www.kimkomando.com, look for free anti virus sites, which she lists and obtain one from there. Hope this helps.debiwelsh1......Ok ......lets try and get it from .....
http://www.spychecker.com/program/hijackthis.html ( hijackthis v1.99.1)
or .... http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-1 ( this is a olderversion ,but it will do the job )

Let us know

dl65

Sooooooo,
I was in safe mode CLEANING my computer, which was RIDDLED with viruses, worms, whatnot, with Kaspersky AV. I chose the option to delete any viruses found, then turn computer off, and went to bed. Apparently that was WRONG! When I woke up and tried to turn the computer on, I got nothing. I tried turning power off, then BACK on. All I got was a brief flash of the Dell page, then it went black, into nothingness. I am on my very old computer writing this in a panic, as I have lots of work to do today on my "good" computer. Any HELP would be deeply appreciated.

Please forgive me if I posted in the wrong place. I am (obviously) a newbie and have no idea what the PROBLEM is.See other post for my answer... Also, please only post on ONE board to prevent any confusion..
sorry

Apparently, I've had a hidden trojan for 2 years that has been downloading more and more trojans, spyware, adware, and malware. I've yet to get to the bottom of it, but it is now getting out of hand. I have ran MS AntiSpyware and have come to find out

Out of my 350 total GB HD space, trojans , spyware, etc. have taken up 20 GB. and it continues to grow. It has not harmed any files, but it is beginning to get annoying. I really need help!I have USED HijackThis and terminated the processes and startup stuff but they CONTINUE to clone and restore.Do you have antivirus software? If not, then you need one to clean or delete those trojans, etc...

[glb]Flame[/glb]I have tried everything.

The Trojan seemed to stop the installation of Norton 2005 by disabling all its buttons.Hi Look for a program called stinger you will FING it in google search download it to a floppy put the floppy into your drive and restart the computer this will do a virus and check and then you can delete themThanks! I will do that!

Recently when I try to download Windows Updates, Quicken Updates, or load anything into Windows Media Player or Real Player my browser shuts completely down. It does not matter if it's IE of Firefox.

I had problems in IE with the About: BLANK hijack page, but tried Adaware Away which removed it. I had tried CWS;Shredder, Spybot, Adaware SE, but nothing would remove it until I tried Adaware Away.

I use Norton Professional Works 2004 and it could not find it. Also under Norton, the reports would show that I had 5 virus that it could not remove? I found Kapersky Virus removal, that seems to work except it's find 400-500 virus every time I run it, then it leaves me with 28 virus' that are unremovable UNLESS I have a password.

Does anyone have any ideas on how to clean this baby up. I'm running XP Media Edition.

ThanksWell.... What about your Windows Updates? Can you download any drivers and such from there?

[glb]Flame[/glb]Thanks Flame,

I can't get any updates, because everytime I try to update, the browser shuts down.
Is this a hi-speed connection, or dial-up? Which operating system are you using?

[glb]Flame[/glb]Flame,


I am using a high speed (Roadrunner) connection, running Windows Media XP using Firefox 1.o which I can't update also due to shutdown on trying. The shutdowns also HAPPEN in IE.ljsea.......Several things .....First have you tried running your Norton in Safe Mode? Have you shut down your system restore feature before scanning ......( because if you have attempted to restore while being infected ) the virus may have gotten into those files and your AV cant scan them .) Next.........do you have a list of the viruses or tojans which Norton cant remove .( they should be listed in the threat file ) Perhaps you could POST the names .
It certainly sounds like your pc is infected .
If you are infected with a browser hijacker , then you should D/L ....... hijackthis ..........from
http://www.majorgeeks.com/download3155.html
Then post the log here so we can assist you .



Let us know

dl65
Thanks for your help. I did as requested and I'm clean. I had to uninstall and reinstall my Norton System work again, but after a couple of harrowing days, it (PC) seems to be in good working order.

LJSEA

marblesmells.....Glad to hear things are back to normal.....sometimes those hijackers can be very tough to CLEAN up .....particularly when so much as one entry is MISSED or overlooked ........( which is what happened )
If you don't ALREADY have it installed .........D/L ANTISPYWARE Beta ...... http://www.microsoft.com/athome/security/spyware/software/default.mspx ......it offers some protection against browser hijackers .......

dl65

there is SOMETHING on my computer and it keeps trying to change my password on aol, it also jus loads web pages up and clicks on things itself
im running windows xp and aol 9
plz help thanksscott cartledge.......What type of anti virus , spyware have you run in efforts to identify this pest ?

"it keeps trying to change my password on aol"

Does it change your password..........or SUGGEST you confirm your password ?

LET us KNOW

DL65

I've been experiencing some unusual computer problems as of recently, and maybe someone here can help me pin-point what's wrong. I USE Mozilla Firefox and I've never had much trouble with spyware/ads, but I generally like to SCAN with Ad-Aware as a precaution, because you really can't be too safe. Well, suddenly I can't run Ad-Aware anymore. When I try to, I get this odd error message which appears to be written in German. I don't speak the language and I have an english version of the program.



That's the error I'm getting when trying to open Ad-Aware.

Also, I have this other program called POP Peeper which I use to check SEVERAL of my e-mail accounts. I can run the program just FINE, but when I click the e-mail msg itself to view it, nothing happens, literally. I've tried uninstalling/reinstalling both, but that didn't help. I've looked in msconfig (i'm running Win98, btw) and there's nothing suspicious in there. I've also run HiJackThis and didn't really spot anything... and I RAN Spybot S&D, again with no luck. I use Norton Antivirus 2004 and it runs a full scan every night at 3AM, always comes up with 0 threats.

If anyone can give me some advice on how to figure out what's wrong, I'd appreciate it greatly. If you want the HiJackThis log, let me know and I'll post that.Don't know if this helps at all, but I ran the German text through Google's translator

I used the following text, as I believe most of the rest is just English words that don't really have German equivalents:
Quote

Fehler beim Lesen von memof
Fehler bei Einfügen von RichEdit-Ziele

Error when reading memof error when inserting a RichEdit goal

I was recently hacked on MSN, I found the site(i think) however, it does not stay in my history, I recently managed to get rid of "Searchbar" and this person was supposed to be helping me. He typed something in MSN and my CD drive opened. Then he restarted my computer. I can not block people in the message window(not the contacts part). I believe I was stupid and accepted a .exe file from him. I clicked open on it, then when nothing happened I immediatly deleted it. I found files on my HD called "Fastfun"(deleted them) and there was a shortcut to the CD drive, I think that was it but now without my permission I unknowingly send messages to people telling them to go to a website to hack people on msn. I want this to stop, I am running Spybot now. I ran Norton and it found nothing. Also, when I clicked on the oringinal .exe file ZoneAlarm asked if systray.exe could act as a server. I clicked no, and MSN would not work, so I enabled it. I do not know if this is the (Virus, Trojan w/e it is) or not. I have re-installed MSN and do not know what to do.

Please Help Me,
GregSpeedyMods......I would like you to go to .....
http://www.majorgeeks.com/download3155.html .....
and D/L hijackthis V 1.99. 1
dowload it and then run it and save a logfile .......Post the log here for us to look at ......and perhaps we can find out whats causing the trouble .


dl65 Here is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 6:23:45 PM, on 21/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\systray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Greg\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104324621968
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Adobe LM Service - UNKNOWN owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed DISK service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec CORE LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Spybot Found NothingSpeedyMods......Ok .....I see several things which don't look correct ...lets try this ......Close up everything open .
Now open hijackthis and click on config ..then in the 4 URL boxes enter .... http://www.msn.com then click Back .....Now mark for removal....
Any R0 , R1, R2 , R3.
O4 - HKLM\..\Run: [System] C:\WINDOWS\systray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

Now click Fix Marked .....

Now reboot and see how things are .....

Let us know

dl65
Thanks, I can't try that now, but I will tommorow, I hope to keep coming back to this forum and see if I can help with some HTML stuff.

BTW, here is my site

http://www.speedymods.tk

I'll tell you what happens.It is all fixed, thanks very much.




YAY

Greg

Hey I was wondering is there any free antivirus software out there? If so what's the best? I need some antivirus software but I don't have any money. AVG is free for personal use and PRETTY good. Go to www.grisoft.com or click here. http://free.grisoft.com/freeweb.php/doc/2/Check out http://www.Majorgeeks.com. Tons of freeware and shareware, including some good anti-spy, add, and virus programs.The message lives on! ok alHi I have been using AVG Free for about 12 months and have just switched over their Professional Whcih cost money but the free version stood me well for the 12 months, the only snag is you need to update it manually where as the professional is automatically done. Ojas Hi
you ALSO have Avast4 Home Edition, i have run it for over a year with no probs.
Download
http://www.avast.com/eng/avast_4_home.html

Avast FAQ http://www.avast.com/eng/avast_4_home/professional.html

And if you LIKE when you have it up and running you can download different skins http://www.avast.com/eng/skins.html

only run 1 Antivirus and 1 FIREWALL on your system
Stoney

My son had a virus that I couldn't remove so I reinstalled XP by deleteing the existing NTFS PARTITION and creating a new NTFS partition.

I reinstalled XP, SP1 and Norton AV. I went to do a liveupdate on Norton and could not. I downloaded AVG and it found viruses.

Could a virus have survived the deltion/creation of the partition? If so, how do I completely clean the drive?

Thanks for the help.Quote

...Could a virus have survived the deltion/creation of the partition? If so, how do I completely clean the drive?...

I have recently had a rash of spy ware, adware etc...
I beieve that I have gotten rid of it all or at least I can't find it anymore. At any rate I have more than one computer and on the one in question I always get search results to stores or other web sites wanting me to buy things. Somtimes the results are related to the string I inserted and sometimes they don't. Is there a setting or something that has been changed or is there a mysterious piece of adware that is alluding me?

I am running Win XP Pro with ad aware and norton 2005Envirus........LOL .......thats called advertising , marketing..........or whatever .......Lets tell this guy his pc is infected ......and we have the solution and for only $39.99 and several KEY strokes your pc will be running like it did when you bought it . But wait .........before you max out your card ....save some for me .....I have a pallet of gold bricks ....that I will sell at a real deal.

Go to ..... http://www.microsoft.com/athome/security/spyware/software/default.mspx and D/l Antispyware Beta and run it .........It will help you . Don't click on any of those ads for that wonderful software ......

BTW , which search engine are you using ?



dl65
I usually use Google. However I also tried Yahoo and MSNand got the same results.

Its not just spy ware that was on the list of things to buy, although there was always a spyware removal at the top of the list.Hi Envirus
if you continue to have PROBS after downloading, and running Antispyware Beta go to the link below, and follow ALL procedures and then when you have followed ALL procedures download h/jack this and copy and paste it in the help2go detective and follow INSTRUCTIONS if after the detective you are promted to post your log in the spyware forum then do that.
procedures http://www.help2go.com/article217.html
you will find h/jack in the procedures step*5

Help2go detective http://www.help2go.com/modules.php?name=HJTDetective

If you do not follow ALL the procedures one of the experts may-not look at your log, if you just want to download h/jackthis then run it and copy and paste your log in the help2go detective then you can if you download h/jackthis [make sure you run it from a permanent folder] before you remove any-thing SEE below

Go to MY Computer>open C:/ right click>New>Folder and name it HJT or Hijackthis. Then put the hijackthis.exe file in it (You must unzip it if it's zipped) so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by clicking this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder backups can easily get lost)
Then click on Do a SYSTEM scan and save a logfile


Help2go front-page http://www.help2go.com/index.php

Good luck PaulThe MS Anti Spyware fixed the problem. Thankyou for all your help. It was very fast.


Envirus

My husband's PC has WIN98 and was working fine. I scan with NAV daily and do weekly scans for spyware. During a recent NAV scan, the PC froze and when rebooted, it cannot find the system disk.

I can use a NAV Restore disk to boot, but there are only 3 C: files . . . with weird SMILEY face characters.

FDISK shows the one drive is 100% full. It looks as if all the C: files were deleted and a few gigantic bogus files were created to fill the drive.

Is there any hope? Is this a virus? (Nothing was installed/changed on the PC)!

I tried to FDISK and cannot delete the partition because the volume name has a funny smiley face CHARACTER I cannot figure out how to type!

HELP!
I think that the smiley face character kind of "gives it away"... This sounds like a virus to me... Especially how your hard disk was suddenly "MAXED out" with information... That's not a common thing... I suggest two things... (1) Buy a new hard disk. (2) Call an exorcist! You will need an old priest and a young priest, lots of candles, and maybe just a shot of holy water... Good luck!

[glb]Flame[/glb]Actually you could see that smiley face if the FAT table GOT hosed, this could also display that the drive was full. It could also be a bad circuit on the drive causing misread/unreadable characters. Nonetheless, the solution is probably the same.

Replace the drive or fdisk and reformat (which you can't do because you can't type the character).

You may be able to get a bootable version of Partition Magic and delete the partition there without having to type the volume name.Thanks so much for the suggestions! The exorcism hasn't worked yet but I'm still in the early stages.

I'm downloading Partition Magic and will give that a try.

I've put 4 hours into troubleshooting this and have gotten NOWHERE! Until you guys . . . thanks for pointing me in another direction. I was getting ready to use the CPU for a boat anchor!lol I've been there before! Oops! Did I just say that out loud? You keep in touch... (And by the way... exorcisms take time... Stay strong! lol )

[glb]Flame[/glb]

Hi all:

Need urgent help:

My computer was infected couple of days back with a load of trojans, viruses and backdoors. From then on, I have kind of a fake desktop (my orginal desktop is missing though I could find my files under C:windows/desktop). I have already done a spyware and virus check, but still the problem persists. Other problems

error mprexe page fault at kernel32.dll
cannot login to my email.
cannot play media players
computer HANGS most of the time.

I have SCANDISK, defraged.. did everything possible, i have a feeling there could be something wrong with some registry keys... though not sure


PLEASE help...

thanks
I don't KNOW your OS but I found some information on this:

http://support.microsoft.com/kb/q238454/

http://www.adobe.com/support/techdocs/321957.html

Maybe one of these can give you a clue. The fact that you had an infestation of MALWARE, suggests that you still have some lingering effects. If you haven't already, download, update and RUN Microsoft AntiSpyware from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Delete anything it finds.

Hope some of this helps.

Each time I run MCAFFE it shows that i have a potentially unwanted program . windows\system32\lfoqehw.exe. I can't delete it or QUARANTINE it. How do I GET rid of it.Boot to SAFE mode and try it.

Everytime I log into windows I get a pop-up saying that imwireup.exe cannot run because commcoss.dll isn't found. I don't get how why I have that... I've tried running ad-aware and search&destroy but nothing has helped. I've also searched google and ASKED people but no one seems to know how to get rid of it! I don't know what to do... I don't know much about computers at all and I'm really scared. Please, someone help. Hi Jensie

Try microsoft Beta antispyware and see if that will fix, if not suggest you go to the link below and follow ALL procedures then copy and paste your h/jack log in the help2go detective and follow instructions, if you are prompted to post a h/jack log in the spyware forum by the detective, make sure you have run ALL the procedures BTW the Microsoft Beta it will only run Windows 2000, Windows XP, or Windows Server™ 2003 [will not run on 98 98SE ect]


Help2go HERE http://www.help2go.com/article217.html
Hijack is step*5 at the above link

microsoft Beta antispyware http://www.microsoft.com/athome/security/spyware/software/default.mspx

Also make sure you put h/jackthis in a permanent folder see below

Go to MY Computer&GT;open C:/ RIGHT CLICK>New>Folder and name it HJT or Hijackthis. Then put the hijackthis.exe file in it (You must unzip it if it's zipped) so you have C:\hijackthis\hijackthis.exe.....then run hijackthis by CLICKING this .exe file -that way you will have backups if you accidentally remove the wrong item ( running from a temporary folder backups can easily get lost)
Then click on Do a system scan and save a logfile

Regards Paul

how can i GET rid of it????????Yesterday my AVG (antivirus) PUT up a similar WARNING too.
It said the backdoor was in an old hijackthis.zip file on my computer which was downloaded from the hijackthis website.
I suspect my most recent update of AVG is being a little enthusiastic in LOOKING for bugs.

Anyway, back to your question, as my hijackthis.zip file wasn't needed I deleted it to stop getting AVG warnings.

Does your antivirus software tell you where it is?

i just upgraded from win 98se to winxppro.now im trying to install newer norton antivirus.but first i need to uninstall my older antivirus.i LOOKED all over the computer add /remove programs ect.i cant find the uninstaller anywhere.it WONT LET me install the new untill i uninstall the old.please help.What about in the programs menu? Start -> All Programs -> Norton .... No uninstaller there? Also, this is more risky, but.... If you go into your C: drive, go to Program Files -> SYMANTEC or Norton , and find your software that you want to uninstall... Next, look in the folders (in norton) for uninstall.exe ...

[glb]Flame[/glb]This is from the Norton website, scroll down and you will find what you're looking for.
http://service1.symantec.com/SUPPORT/sunset-c2001kb.nsf/5d081859de72c2ed85256ee60053c684/bc40368a318f77ac85256ee50055243f?OpenDocument&src=bar_sch_namSimple solution! just install your old virus program again this will repair any missing parts, now you can uninstall it properly.

without any browser open huge ammounts of data is pumping out of my computer when connected to internet. WHY!
I have installed Zone Alarm Firewall and have allowed no program to access internet.
I am also receiving a lot of data but not as much as I am sending.
It causes my connection to SLOW to a halt.
How can I stop it?
What is going on.
AVG Scan reveals no virus.
Running Windows XP.
Download, install, and RUN some Anti-Spyware software.

Either or both of these work well and the PRICE is right...Free...

http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

http://www.spybot.info/en/index.htmlThanks - I have run spyware.
It finds 1 particular thing each time but when I have it repair and destroy, it is still there next time - (I can't tell you what it is right now as I am at home and the problem is with my work computer)
Maybe here lies the problem? I must investigate this I guess
Thanks againAre you talking about Microsoft AntiSpyware or Spybot? (Microsoft is better)

[glb]Flame[/glb]Does that fix DoS attack, large amount of data being SENT is a sign of Denial of Service attack, your bandwidth/cpu being bogged down and no resources to do anything else on your PCuse a port scanner, find out which port is being used to send the large data, block that port and zap the hacker

Here's something that I noticed today..



Code: [Select]Result for 20.0.0.234

--> /usr/local/bin/fwhois [emailprotected]
[whois.arin.net]

OrgName: Computer Sciences Corporation
OrgID: CSC-68
Address: 3170 Fairview Park Drive
City: Falls Church
StateProv: VA
PostalCode: 22042
Country: US

NetRange: 20.0.0.0 - 20.255.255.255
CIDR: 20.0.0.0/8
NetName: CSC
NetHandle: NET-20-0-0-0-1
Parent:
NetType: Direct Assignment
NameServer: NS1.CSC.COM
NameServer: NS2.CSC.COM
Comment:
RegDate: 1989-09-04
Updated: 2002-05-31

TechHandle: PG618-ARIN
TechName: GROSS, Pete
TechPhone: +1-703-641-3322
TechEmail: [emailprotected]

OrgAbuseHandle: PG618-ARIN
OrgAbuseName: Gross, Pete
OrgAbusePhone: +1-703-641-3322
OrgAbuseEmail: [emailprotected]

OrgTechHandle: PG618-ARIN
OrgTechName: Gross, Pete
OrgTechPhone: +1-703-641-3322
OrgTechEmail: [emailprotected]

What is this doing on my DHCP client list...? Yes, I scanned for spyware but I cannot be accounted for the other two machines connected to the router. They are not owned or regulated by me.

My PC actually rarely shows up on the DHCP client list. But that is something that does not bother me.. However, some kind of Computer Science Corporation in my DHCP list does!Use MAC address filtering. Only those machines whose MAC is listed will be allowed to connect. Turn off SSID broadcast. Don't advertise your router to the world. Limit the number of IP addresses available to the actual number needed by your network.

[1] Use MAC address filtering.
[2]Turn off SSID broadcast
[3]Don't advertise your router to the world.
[4]Limit the number of IP addresses available to the actual number needed by your network

...some kind of Computer Science Corporation in my DHCP list does!

I have some sort of hijacker and I have no clue how to get rid of it. It has gotten so bad that I am barely ABLE to do anything in the regular mode b/c it is running so slow so if there is anyway I can fix it in safe mode that would be awesome
Thank yousenko......Before any advice is offered ..........
What operating system are you using ?
What anti virus app are you using ?
What antispyware app (s) are you using ?
Why do you think you have a hijacker ?

Let us know

dl65
I have windows XP. I use Symantec as my antivirus. I also have used ad aware and spyware stormer. I have a file in my windows file labled isrvs and i looked at other sites and it was said to be a hijacker. my computer is also running very slow and keeps installing programs. such as tip top text and websearchsenko....Ok, lets try this ......First click start/control panel/Folder Options .....now click view .....and scroll down and put a mark in the circle in front of " show hidden files and folders".

Now go to .... http://www.majorgeeks.com/download3155.html and D/L hijackthis 1.99.1

Next ......close EVERYTHING up and run hijackthis and save the logfile to your desktop .
Then post the log here for us to look at .


dl65 Logfile of HijackThis v1.99.1
Scan saved at 12:34:11 PM, on 4/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\izrnkm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1.001\LOCALS~1\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yie6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.livejournal.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [bbnanct] C:\WINDOWS\system32\ffje\bbnanct.exe
O4 - HKLM\..\Run: [jnbnsh] C:\WINDOWS\system32\jddiwqf\jnbnsh.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [aesyq] C:\WINDOWS\system32\ytgocrw\aesyq.exe
O4 - HKLM\..\Run: [kqodqdbe] C:\WINDOWS\system32\geny\kqodqdbe.exe
O4 - HKLM\..\Run: [shnlh] C:\WINDOWS\system32\spbsqc\shnlh.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\izrnkm.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl



O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MEDIAWHIZ3.cab
O16 - DPF: {12345678-1234-1234-1234-123456789123} - http://www.allyoursearch.com/Allyoursearch.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo UPLOAD Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo.com/mmviewer_ic13.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/vrmedia/grinstall_vrmedia1001.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50252/QDow_AS2.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1114.nyc1.targetnet.com/ad/id=searchswapstats&opt=hkj&pt=13633561227589127951&pfin=QMSW27IQLDF&cv=210&uid=2123271709&url=http://www.ouchvideo.com/mmviewer_cia15.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0029.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://www2.uwsuper.edu/navclientinst/webinst/webinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\l6p2lg7o16.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\irrml5911.dll (file missing)
O23 - Service: aesyqytgocrw - Unknown owner - C:\WINDOWS\system32\ytgocrw\aesyq.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlwioatkcunyt - Unknown owner - C:\WINDOWS\System32\tkcunyt\dlwioa.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kwcnrtsryim - Unknown owner - C:\WINDOWS\system32\ryim\kwcnrts.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mrugqbfgpcrtl - Unknown owner - C:\WINDOWS\system32\pcrtl\mrugqbfg.exe
O23 - Service: oajyxlcxhfvay - Unknown owner - C:\WINDOWS\system32\xhfvay\oajyxlc.exe
O23 - Service: qkgpeoheybtxbn - Unknown owner - C:\WINDOWS\System32\heybtxbn\qkgpeo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: sbeqgyfjhpmcnj - Unknown owner - C:\WINDOWS\system32\jhpmcnj\sbeqgyf.exe
O23 - Service: shnlhspbsqc - Unknown owner - C:\WINDOWS\system32\spbsqc\shnlh.exe
O23 - Service: skmvjxaxtp - Unknown owner - C:\WINDOWS\system32\xaxtp\skmvj.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: uqupbchryaat - Unknown owner - C:\WINDOWS\system32\hryaat\uqupbc.exe
O23 - Service: urlflrnyjhqcl - Unknown owner - C:\WINDOWS\system32\nyjhqcl\urlflr.exe
O23 - Service: yghjmuqpakqui - Unknown owner - C:\WINDOWS\system32\pakqui\yghjmuq.exe

senko......Ok ...I see a lot of odd things in your log ......So lets do this......
close up everything ......
Now run hijackthis and save log .....
Click on config button ........and in the 4 URL BOXES enter..... http://www.msn.com ...then click back.

Next .......using your task manager ....cntrl / alt /del .....
process tab ........scroll down and find
C:\WINDOWS\system32\izrnkm.exe ........kill this ..
close task manager ......and return to the log file .....
Mark for removal.......
All R0 entries
All R1 entries
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\izrnkm.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50252/QDow_AS2.cab
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\irrml5911.dll (file missing)

Question ...... I see a number of 023 entries ..... unknown owner.... with very odd file names ........ I have searched for them and can find nothing on any of them .......I would mark all of them for removal ......unless you are certain they should be there and are harmless .........

Next click fix checked .........

Now reboot and see how things are .......If they are still odd .......run hijackthis again and post the new log file .


dl65

how can i GET RID of it? I have "the CLEANER" but its still there.hmsam......Here's all the info you should REQUIRE to remove it ...... http://www.doxdesk.com/parasite/123Mania.html

Let US know how you make out.

dl65

What are good programs that are free that protects your computer from worms, trogans, etc and also scans your computer...... I can't use Antispyware Beta because I found out that my computer had a phoney microsoft ID Key...... I need HELP Go to the top page in this forum Computer Viruses and Spyware and look at the top post named "PLEASE read this first"

If you click on the 2ND link in there it will give you the ANSWERS on Spyware / Adware / Malware DETECTION and removal programs

Try this link for a free AV


http://free.grisoft.com/doc/1
and test on>>http://www.10ts.com/reviews/antivirus-test.htm

I'v been trying to recover from Antiexe virus in boot :you are SUPPOSE to be able to run FDISK/MBR but I can't GET this dog to HUNT any hints out there . for some reason I can not change dirs and make my system stay in that dir I can change the directory on C: but it will just bounce back to A:
dambld

http://securityresponse.symantec.com/avcenter/venc/data/antiexe.html

There is a removal method in this post from Symantec .....
The boot disk you are trying to use must be infected ........


dl65
thank you for reply however I'v thought I might have infected disk but have checked with avg and the boot is suppose to be CLEAN I have started the above tack and am also down loading LINUX I get it yetthank you for the help finally got the thing out of Boot partition forced new system disk from DOS 6.2 removed a hard disk in old lap top force single disk DOS load and ran FDISK/MBR from disk I didn't think it worked because it only took a second and didn't come up with expected screen or warning rebooted checked with McAfee emscan and bingo ANTIEXE was gone . rebooted and expected to start from scratch but system booted right to last CONFIG and after save mode recovery of reg I had my computor back just like before nice trick FDISK/MBR

This is a great form I had every dos book I had out and though the links found here solved at least three separate system problems THANKS ONE HAPPY CAMPER- Now I can get back to John TITOR and the other important stuff. Anyone with IBM5100 laying around think unix

Sir HELP Me i don't know how to solve this!! the PROBLEM was encounter is WINDOWS XP- lsass.exe 60second System SHUTDOWN Problem lsass ... thanks!!!I would run the MS blaster removal tool.........if not there is this>>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q267578