Opinion
Spyware / Virus Removal Help Needed
Please check and remove any autoruns (*.Inf files) that are running on your computer.
Goto console. Start -> Run -> type cmd->click Ok. If cmd is not working because of viruses try command.Com (the windows native command shell)
starting from your first hard disk letter to last one. Eg: C:/D:/E, do the following:
type: c: and enter, type dir /ah, space coming after dir. Now check the list of files shown. If you found an autorun.... read more.
Hey guys all of a sudden in the last two days my computer has just been attacked by all types of malicous software! and im not even kidding when almost instantly it went from running with out a hitch to so much slow down and so many pop ups i had to run avg. 648 virus and trojans! All deleted or moved to the vault, thought i was out of the woods than i ran adaware 202 Critical and malicous objects I deleted them then i ran adaware again got over a hundred bad things again after the restart and then ran adaware as well and after deleting over 1000 bad things I was still having problems. I then preceded to download S&D and that helped deleted quite a bit but after pop ups were still coming and i had over 68 processes still runing i noticed somthing interesting... I noticed i have some type of application runing by the name of "project1" I did a little research on the internet and found out its somthing very very bad but I cant seem to get rid of it with any of those three programs. ANy help would be awesome. my current processes running:
Guys please help thas 67 processes and if you actually care to look at the names you can tell so much of that stuff is bad but even when i keep trying to delete ghynf or w/e it is with avg and send it to the virus vault it keeps coming back! Any help would be appreicated.
Notice from BuffaloHELP:
Use QUOTE tags. Topic title is *VERY* important. See how it is modified.
right now i am using my grandma's laptop because i am at her house, and she had the same issues, what i did is i scaned with her Macafe, and then downloaded my AVG Free edition, and that cleaned most everything up but not all of it.
so, a suggestion to you is this:
Go to Start right click on My Computer go to properties go to the System Restore Tab toggle the box that says Turn Off System Restore
that solved most of the damage that project1 made for her laptop
second, if you are computer savy and know what you have on your computer and where the the files for the programs are, then follow this
Go to My Computer Go to C:\ or whatever your local disk is called generally it is C:\
just to ease it a little right click anywhere and go to Show in Groups and make sure it is By Name
go to the P section, and delete Project1, which is where i found mine. and delete it
-------------------------------
[DO AT YOUR OWN RISK]
seeing as you probably have more virisus there look around just your C drive and check to make sure you dont have any files that yu dont normally see aroound there...
[i claim no responsability for any lost files that are un-retrievable because you deleted them, i said that if you dont know your programs and where they keep all their files, then dont do the extra step to get rid of virisus]
Yeh a Hijack this log given to some pros that know it very well fixes things very "easily". You dont have to fully understand what needs to be removed, but those guys will tell you what needs removing, and how to remove it if its some spyware/virus thats annoying to remove (as in it keeps reviving itself from the dead).
Right zach101 if you have any toolbars on your browsers remove them now as viruses and spywarecan bypass your firewall though them. second if you do not have a firewall buy a good one or find a free one. second for viruses you may want to consider getting a better one like ZoneAlarm or Norton or there is AVGFree wich in my experience is very good. next download SpyBot http://www.safer-networking.org/en/download/index.html
once you have done all that run a virus scan with an anti virus program, then run SpyBot Search and Destroy which should remove your spy2ware and adware.
But if i were you id consider re-formatting your hdd as the viruses may still leave traces even after you have canned and deleted them. Also once you have got any software that is better than your existing stuff pull out your modem and do not connect to the net untill you have deleted all the viruses and spyware or re-formated your hard disc as the viruses on there can tell other viruses to download as well.
svchost.exe - critical system process (must stay running for session of windows to stay working) cli.exe - dunno what it is but if you need it keep it orherwise terminate it btstackserver.exe - Terminate process khalmnpr.exe -Terminate process firefox.exe - keep running setpoint.exe -dunno what it is but if you need it keep it orherwise terminate it bttray.exe - Terminate process pslister.exe -Terminate process steam.exe - Terminate process taskmgr.exe - Keep running msnmsgr.exe - msn messenger keep unning if you using it. atirw.exe - Terminate process atidtct.exe -Terminate process lanchpd.exe -Terminate process jusched.exe - Terminate process win320880160745.exe - Terminate process avgcc.exe - keep running rundll32.exe - critical system process (must stay running for session of windows to stay working) duce6.exe - Terminate process ghynf.exe - -Terminate process cli.exe -same as other cli.exe comment tbmontegotray.exe - Terminate process ipodservice.exe - keep runnign if you have your ipod plugged into you pc kybrdff_11a.exe - Terminate process logitecheasysync.exe - keep running servicetub.exe - dunno what it is but if you need it keep it orherwise terminate it lbtwiz.exe - Terminate process btwdins.exe - Terminate process avgemc.exe - keep running avgupsvc.exe - keep running avgamsvr.exe - keep running dfndrff_11a.exe - Terminate process spoolsv.exe - keep running logitecheasysync.exe - keep running explorer.exe - critical system process (must stay running for session of windows to stay working) cli.exe - same as other cli.exe svchost.exe - critical system process (must stay running for session of windows to stay working) zqskw.exe - Terminate process ati2evxx.exe - keep running if you have ATI software otherwise terminate it svchost.exe - same as other svchost.exe wscntfy.exe - Terminate process lbtserve.exe - Terminate process svchost.exe - same as other svchost.exe qttask.exe - Terminate process svchost.exe - same as other svchost.exe svchost.exe - same as other svchost.exe ati2evxx.exe - keep running if you have ATI software otherwise terminate it cvn0.exe - Terminate process issch.exe - Terminate process nclrzvla.exe - Terminate process lsass.ece - Terminate process services.exe - critical system process (must stay running for session of windows to stay working) viewmgr.exe -Keep Running winlogon.exe -Keep Running csrss.exe - Keep running is needed smss.exe - Terminate process alg.exe - Keep Running mm_try.exe - Terminate process mmtask.exe - Terminate process ituneshelper.eexe - Keep running if ipod is plugged into pc wfxqhv.exe - Terminate process medialifeservice.exe - Terminate process wdfmgr.exe - Terminate process probe2.exe - Terminate process aolsoftware.exe - Keep running if using AOL software on your pc otherwise terminate process system - critical system process (must stay running for session of windows to stay working) system idle process - critical system process (must stay running for session of windows to stay working)
I hope this helps but i cannot guarantee this will solve the problem as some of the services i do not know about may be software process from software you installed on your pc.
Notice from BuffaloHELP:
It would have been a nice post if you just used the QUOTE tag.
From what you said it seems that the malware (virusses etc...) has done one, or both of, two things: Infected more than one location or infected programs that are hard to scan or impossible to remove.
First thing i would do is to boot into safe mode. Safe mode is just a mode of windows where nothing except for essential proccesses are started, normally only ones like the ones pointed out by mxweb. Thats the plan anyway!
To do this restart the computer. Just after the BIOS screen, which is the first screen youll see keep tapping the F8 key it might bleep at you but just carry on, its just because it thinks the key is stuck. This should give you a few options of startup modes, things like "start normally, start in safe mode...etc..." You want to start in "safe Mode". Then let it boot up as usual, the display willprobably look absolutely crazy and very big but thats normal, dont panic! Now becuase only essential proccesses should be started if the malware has infected applications like text editors etc...the malware should not have been started. So go to task manager and veiw the proccesses and take not of them all. Now compare that with previous list posted here and see what is not on the new list. With any luck the malware is one of them. You can post the new list here if you want and see what we can see. The idea is that once we know what the malware is called we can easily find it with a simple search.
While in safe mode you might find it usefull to do a virus scan using all the software you have! ONly one at a time though. Hopefully they can find and catch the malware while it isnt runing and just destroy/quarantine it. And the virus hasnt got a chance to replicate itself because its not running. This should catch some more of the things you foubd earlier, chances are that because the malware was running the anti virus deleted it but the malware just made a copy of itself and moved!
It probably wont get them all because some viruses might still start in safe mode. But it should help to delete a good few more.
And definately submit a hijackthis log to the experts, that will really help a hell of alot! Their report will probably contain every peice of malware and where it is and how to get rid of it! BUt menawhile try all the things people have said here! Ive had this problem and i learnt one thing. If the antivirus warns that it is a vital system process do not delete it!!!!! lol i learnt the very hard way! Leave it be and sort that one out abit later!
If you dont have it already get avast antivirus home edition (its a free download) and do an on boot scan. This boots windows into a special mode similar to safe mode but even less things are started and avast will scan the HDD before anything gets a chance to startup and copy itself! But please beware about deleting anything, its much safer to quarantine it. That way you can get it back if you need to!
oh awast can ghet annoying but it is quite good as you will know when you get a virus as you will get a siren then a voice saying "Warning a virus has been detected" but it can slow up your system quite a bit but what i would still do with sp many viruses is back up all the stuff you need to a external hdd and wipe the pc cleen and reinstall xp or whatever opperating system you have install anti virus block everyting untill you have comoleted a scann on the external hdd to make sure no viruses were coppied and lay low on the net for a while.
Please check and remove any autoruns (*.Inf files) that are running on your computer.
Goto console. Start -> Run -> type cmd->click Ok. If cmd is not working because of viruses try command.Com (the windows native command shell)
starting from your first hard disk letter to last one. Eg: C:/D:/E, do the following:
type: c: and enter, type dir /ah, space coming after dir. Now check the list of files shown. If you found an autorun.Inf file, it may be the virus spreading file. Check all HDD Letters.
Type: attrib -a -s -h and enter. It will remove hidden and read only attributes of the file.
now type del *.Inf and enter. This command will delete all files of autorun type. Do this for every drive.
After that run full scan using updated virus guard.
Okay there’s a new virus going around MSN, I thought only my dumb friends were the ones accepting
it, but turns out its across the nation. So I dont know if you've got it and deleted it, or was
smart and didn’t accept it. Well it goes by (as far as I know) three names. There like "Frog
something something blender" "My new photo!" and like "Me and my lesbian friends!". Its a 17kb file,
so if some1 in your list tries to send you one the those, DONT ACCEPT! It goes into your list(takes
total control, so you cant do anything) and sends itself to EVERY1 in your friends li...
I was online, and then a friend sent me that file, and I accepted it because he's been wanting
to send me a program that improves the resolution of the screen. But then my email address was in
the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
norton internet security and microsoft anti spyware program detected it and asked ...
I found out that AVG Free version isn't eliminating even trojan viruses. I only have this free
version from protecting my system. Is it okay to install one more anti-virus software on top of this
AVG Free version which is already installed and updated to the latest version? I have the option of
installing Norton Anti-virus 2005. Will it cause any problem since the two softwares may use the
same source from the computer, if I install this one? Do you recommend that I should uninstall
first the existing software and install the new one? Will Norton Anti-virus 2005 ...
Hi Guys, Lately I have had this same annoying pop-up dialog box pop up that says: QUOTE NOTICE:
If your computer has been running slower than normal, it may be infected with Viruses, Adware, or
Spyware. Adwareremover2007 will perform a quick and completely FREE scan of your system for
malicious programs. Download AdwareRemover2007 for FREE now! I have scanned it with Avira
AntiVirus and ad-aware2007. They both returned infected files, which i deleted, but i still have the
pop-ups. Any ideas?...
I have AVG anti-virus on my PC, and a few weeks back it found a trojan virus on my pc. It put it
into the virus vault but could not heal it. How do I completly remove a trojan virus? Or even can
I? Do I have to download specific software to remove it, or is there some more complexe way of
going in to the system?...
ok, so a few days ago I was away from msn and when i got back i had a message from a friend on
msn..it was a link that said somthing along the lines of "hey is this really you" and listed my
email address..I clicked on the link stupidly and when i did that I got a window that said "run or
save" i didn't click on either of those, I actually restarted my laptop, but since i did that,
every time i log on I get that run/save message popping up. I am unable to fully use msn on my
computer. I cannot receive webcams and my msn is freezing frequently. /mad.gif" style="verti...
**waits for everyone to stop laughing so hard** That is my reaction as well know when it comes to
security and Microsoft they know as much as I do and that is sad and as for the headlines about
their anti-virus program, code name Morro to be a threat to everyone else, unlikely. If it is
anything like Windows Defender then I am glad there are better alternatives out there such as AVG to
at least provide some protection and the simple fact that it most likely will be running some sort
of windows files I doubt it will take long for someone to crack it open and start provi...
I've only ever to my knowledge and my antivirus' knowlegde downloaded and ran 1 virus, I
thought that people who regurlarly seem to download them should be kept far far from a computer, as
far as possible I'm not talking tracking cookies i mean full blown virus' because people
seem to say it like its a normal thing, sorry i downloaded a virus on my pc. it really shocked me.
So i am asking how many times have you infected your computer. and what steps did you take to get
rid of it, i used widows restore, the best antivirus of all!!!...
Recently, I don't know when, I realized that my browser was opening some weird pages. It would
either open to what it seemed to be a valid webpage but it always looked the same. But the contents
will be text only but always with adult related links... so I was curious but never paid any
attention since these pages were coming up only when I mistyped an URL address. But the pages
popped up were always the same and it got me curious. So I started to click on refersh and see how
far it will lead. At the end, it led to a site called "SearchAtHand.com" After few minutes ...
Sources have warned that the following links, or similar, should not be "touched" or linked to.
Your Anti-virus will issue a severe warning if you click to these links. It would appear that the
common element is the filename in the link which follows the web protocol h t t p. h {double t} p
{colon} //xxthebestxx.hut2.ru/ r57.txt h {double t} p {colon} //www.hdcs.org.np/ r57.txt
h {double t} p {colon} (a file on your account) %20script:void(0) h {double t} p {colon}
//turkey.dnsdc9.com/~activ7/ r57.txt h {double t} p {colon} //turkey.dnsdc9.co...
Although not a big secuirty risk more like something interesting about what human mind viruses can
do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
to see whats going on. The message alos mention that 20 people have died so far, of course they
make mention about the movie "The Ring" in which once a person watched this kil...
QUOTE If somebody by the name of json73002@yahoo.com adds you. dont accept it. Its a virus. Tell
everyone on ur bulletin because if somebody on ur list adds them, u get the virus too. Tell everyone
on your list not to open anything angell11. tewwtuler and sassy*BLEEP*. It is a hard drive killer
and a very horrible virus. Pass this letter to everyone on your buddy list. We need to find out who
is really using these accounts. Sorry for the inconvenience. Becareful while using Messengers
guys! Don't keep your messengers online unnecessarily. Go offline as soon a...
i already tried looking this up on the internet but to no avail since most of the literature there
seems to be outdated. A lot of the literature i read after googling "iexplore.exe virus" says that
it can be a virus if it's not run from the C:\Program Files\Internet Explorer\ folder.
What's happening to my system is that iexplore.exe runs from that folder however, it does so
when internet explorer is not actually running! Furthermore, i have a new process running in my
processes list, rundll32.exe. I know this for a fact because I actually committed to memor...
I clicked on a fake instant message from my daughter 4 months ago. Clicked on a link that was
supposed to take me to a site to find out if anyone has blocked me. Daughter & I just talked the
week before & discussed whether my son was blocking me. I'm in a computer nightmare. Damn
virus, or whatever has taken over my pc.. Administrative rights.....won't let me install my new
printer...won't allow me to reinstall windows, pc shuts down during process. How do I get my
life back?...
I want to lnow which one is the best anti-virus program because i'm having serious problems
regarding all these viruses and spywares.So i want to know which is the best one around which i
should use...
http://english.chosun.com/w21data/html/new...0504250004.html Not only does it not differentiate
between legal and illegal mp3 files, it also doesn't let you reboot your computer. So far,
it's been circulating only in Europe, but those in the US and Asia had better take caution as
well. It's only a matter of time......
Hi . Dear buddies now a days I’m have a very strange problem and I’m not able to understand
whats is the reason behind this problem and how I solve this problem. I am using “ ACDSEE 6.0 “ .
Yesterday I was “ Croping “ mine pictures in “ ACDSEE” then when I select the “ Croping Area” , I
received a error that “ ACDSEE has encountered an error and now will close “ /ph34r.gif"
style="vertical-align:middle" emoid=":ph34r:" border="0" alt="ph34r.gif" /> And when I trried again
to crop the same picture the same thing happened . Moreover , when I tried to view the sam...
sony have been putting software ( called xcp ) on some of their audio cds. if you play these cds on
your pc it automaticallyinstalls software on your pc. this software uses "rootkit" to hide the file
from the user. here is a list of cds with the xcp software. QUOTE Trey Anastasio, Shine
(Columbia) Celine Dion, On ne Change Pas (Epic) Neil Diamond, 12 Songs (Columbia) Our Lady Peace,
Healthy in Paranoid Times (Columbia) Chris Botti, To Love Again (Columbia) Van Zant, Get Right with
the Man (Columbia) Switchfoot, Nothing is Sound (Columbia) The Coral, The Invisible In...
Well I get a lot of viruses, and I must ask: What is the very best 'free' virus protection
software? I have McAfee and Avira AntiVir, but I was just wondering if there was better....
Hi I think I have a spyware infection. The symptoms are as follows: "Windows Antivirus" message
screen keeps on popping up from an icon on the task bar announcing that windows has detected spyware
and suggesting downloading of antispyware. Occasionally another "Windows security Alert" window also
pops up warning that the system is making copies of system files, etc. I am also unable to access
control panel. Can somebody help ? /biggrin.gif" style="vertical-align:middle" emoid=":D"
border="0" alt="biggrin.gif" />...
Viruses, spyware, malware, adware, and all that extraneous bull that we have to deal with nowadays
are becoming more frequent. Obviously we don't want this crap on our computers so I advise you
take precautions. * Avoid downloading anything from sites or people you don't know. Duh. *
Don't even bother looking at attachments in spam. Duh. * If you receive an e-mail from someone
you don't know, don't click on any of the links. Duh. * Anything other than a multimedia
file or a text file is able to harbor extra crap you're not going to want. This ...
Yesterday it was reported that their a new virus masking as a IE7 download using a very creative
looking email message with a link instead of a attachment. Name of the virus is called
Virus.Win32.Grum.A,, they mention that their hasn't been much damage cause by this however,
since they mention that instead of the download being attach they are providing a link. So once a
person clicks that link the virus will kick in. Their hasn't been any reports about what the
virus payload is, they do mention that it usually carries a keylogger program. Funny enough this v...
Wup i just finished sweeping my pc with spysweeper, cause a spyware totally infected my pc, the
damm thing disabled my wallaper, i could only change a color, plus damaged norton, change my home
page, and installed a spysherrif program that was supposed to removed the spyware, of course you
need to buy it, plus installed a thing that every3 minutes show me a message in the minitray(righ
down corner), like if it was from windows, that tells me that my pc is infected. SpySweeper
apparently removed all the thing, but i still cant change my wallpaper, someone please hellp ...
At the request of an employer, I was sent to research this virus. Lo and behold, google helped
alot. But from what i found, it's a year old. It took it's effect back in 2005, and fron
what I read, was pretty much squashed from all the publicity it got. Can anyone comment on this?
Is it still around? My employer won't go online due to irrational fears, until I tell him
otherwise....
There's a new virus nowadays that attacks computers via Skype. If you have it - it's
possible that you'd get an email FROM ONE OF YOUR CONTACTS with a message: "Have you seen the
last pix of >? {URL}". Thus the virus spreads across your contacts, and then, if you click on the
link - your computer will be infected. Beware - the epidemic only started a few days ago. If you
get that message from someone you know - ask a person, if they really sent it (a bot would not have
a logical answer ready for that). Take care, abminara....
To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this
new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent
through a password protected zip fil in which the password is contain in a image file in the email.
The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just delete
it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and the zip
file will read something like "patch-####.zip" or "removal-####.zip.". McAfee s...
With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self...
Hi you've probably been asked this about 50 million times, but i'm gonna ask! i bought a
computer off my dads friends and when i got it it started getting windows boxes up saying that the
computer was at risk. they popped up continuously at 2 min intervals. This then stopped. i have my
ntl firewall and security check this used to pop up when starting up but it doesn't do it any
more. Its then started to connect its self to the internet to a web page that just has 21600 on it.
if u shut it down it may pop up again later. At the weekend its starting to loose ...
Have you ever read or encouter such virus that disguised as NEWS.. well here is some info on how
virus created found and works... QUOTE Researchers have identified a new computer virus that
masquerades as news headlines from CNN's Web site. Sophos, an anti-virus firm, says the virus
-- identified as Crowt-A -- pulls headlines, subject lines and other content from CNN.com. Once
opened, the virus can then scan the user's address book and try to email itself to those users.
The virus' subject line and attachment share the same name, Sophos researchers say...
