Malware and virus removal

April 24, 2015, 5:44 am

≫ Next: Virus Program Blocks Malware But Cannot Remove It

≪ Previous: Antivirus Removal Tool (moved from W8)

I am sorry to post this as I believe there are so many similar threads in the past, but I am not very good English, it is hard for me to go through all the threads. Apologies.

Right, my windows 8 computer has seemed to be infected. If I click linksks, a new tab opens saying 'powered by delta' and lot of pop ads come up all over the place. Also there are lot of highlighted links that don't look like links in articles.
I am not sure what security system I have got.
When I opened 'action center' and checked security,everything is on apart from 'network access protection'. I don't have any antivirus soft as I have been told that I don't need one with W8.
Here is the result of Tsg.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 5997 Mb
Graphics Card: Intel(R) HD Graphics, -1988 Mb
Hard Drives: C: Total - 76349 MB, Free - 36175 MB; D: Total - 621062 MB, Free - 616520 MB;
Motherboard: FUJITSU, FJNBB29
Antivirus: Windows Defender, Disabled

Thanks.

↧

Virus Program Blocks Malware But Cannot Remove It

April 25, 2015, 10:18 am

≫ Next: possible trojan infection, cant get to desktop

≪ Previous: Malware and virus removal

Hello.

Here is the information on my machine:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X4 840T Processor, AMD64 Family 16 Model 10 Stepping 0
Processor Count: 4
RAM: 5887 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 940553 MB, Free - 810575 MB; D: Total - 13212 MB, Free - 1623 MB; H: Total - 58621 MB, Free - 13424 MB;
Motherboard: FOXCONN, 2AB1
Antivirus: Kaspersky Anti-Virus, Updated and Enabled

The symptoms: the machine was running quite slowly so I went into "add/remove programs" to see if anything new had been installed. There were several programs that were installed that I had not authorized. I removed them. The system is now much quicker, but boxes keep popping up from Kaspersky saying that web sites have been blocked and that there are malicious programs on my computer. Kaspersky blocks them o.k., but doesn't offer me a clue as to how to remove them:mad:.

Can anyone help?

↧

possible trojan infection, cant get to desktop

April 26, 2015, 6:44 am

≫ Next: system in a mess - help pls.

≪ Previous: Virus Program Blocks Malware But Cannot Remove It

See if you can follow these instructions:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials...sc-create.html

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt

Once in the Command Prompt:
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

↧

system in a mess - help pls.

April 26, 2015, 12:27 pm

≫ Next: Explorer.exe taking so much memory...

≪ Previous: possible trojan infection, cant get to desktop

I made a thread but the email reply notification wasnt working so the replies were not getting through, and also, many more problems have arisen since my mouse touch pad broke and the cursor arrow went out of control
hope you can rescuscitate my laptop, thanks in advance

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 4008 Mb
Graphics Card: Intel(R) HD Graphics Family, 2036 Mb
Hard Drives: C: Total - 437924 MB, Free - 389677 MB; D: Total - 25599 MB, Free - 25452 MB;
Motherboard: LENOVO, Strawberry 4A
Antivirus: Windows Defender, Disabled

Problems

Screen keeps dimming, despite power options being set for it not to.
Toolbars on both firefox and IE
Mouse track pad on laptop broke
Lost control of cursor arrow for days on end, clicked on unknown random things.
Mcaffee-livesafe installed itself
Windows defender disabled
Speedmypc installed itself, plus other software, like superoptimizer etc
Ad's appearing in right hand corner despite ad block installed

Steps taken

Computer engineer reset computer
I refreshed computer
I need to press F6 every timme I restart my computer because the cusor arrow keeps jumping up and down
Uinstalled unwanted programs from 'add or remove programs' but some may still be there
Windows defender enabled and updated.

↧

Explorer.exe taking so much memory...

April 26, 2015, 12:27 pm

≫ Next: babylon/websearch infestation, windows will not update

≪ Previous: system in a mess - help pls.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8094 Mb
Graphics Card: NVIDIA GeForce GT 640M LE, 1023 Mb
Hard Drives: C: Total - 669121 MB, Free - 381035 MB; D: Total - 26079 MB, Free - 11599 MB;
Motherboard: LENOVO, Product Name
Antivirus: AVG AntiVirus Free Edition 2013, Updated and Enabled

My computer has been freezing for minutes at a time and explorer.exe is using up 2,000,000K to 5,000,000k in task manager. Please help!

↧

babylon/websearch infestation, windows will not update

April 26, 2015, 5:13 pm

≫ Next: Harmful download, light blue screen

≪ Previous: Explorer.exe taking so much memory...

Laptop started running slow and recently Windows is now no longer doing updates. At one point I had a Babylon and Mywebsearch infestation which I think I took care of with MBytes and SuperAntiSpyware. After the scans had completed, I was able to do some of the updates. 21 of 27 updates completed, the others will not complete. It will throw error codes 80070bc9 and 9c57. I'm not sure if I still have a virus or malware, or maybe just a corrupted system file. Thanks!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Sempron(tm) SI-42, x64 Family 17 Model 3 Stepping 1
Processor Count: 1
RAM: 1790 Mb
Graphics Card: ATI Radeon 3100 Graphics, 256 Mb
Hard Drives: C: Total - 228692 MB, Free - 72677 MB;
Motherboard: TOSHIBA, NBWAE
Antivirus: Microsoft Security Essentials, Updated and Enabled

↧

Harmful download, light blue screen

April 26, 2015, 5:56 pm

≫ Next: Major problems! Nothing is functioning!

≪ Previous: babylon/websearch infestation, windows will not update

Welcome. :)

What Operating System is installed?

Press CTRL+SHIFT+ESC simultaneously and if the Task Manager pops up, run Explorer as a New Task.

Let me know the outcome.

↧

Major problems! Nothing is functioning!

April 27, 2015, 1:12 am

≫ Next: I can't delete files that contain viruses because I don't have permissions?

≪ Previous: Harmful download, light blue screen

Supporting pics
Attachment 239966
Attachment 239967

Sent from my iPhone using Tapatalk

Attached Images

	ImageUploadedByTapatalk1430122312.793345.jpg (101.6 KB)
	ImageUploadedByTapatalk1430122330.725628.jpg (218.3 KB)

↧

I can't delete files that contain viruses because I don't have permissions?

April 27, 2015, 1:13 pm

≫ Next: Ad extensions being installed in Chrome

≪ Previous: Major problems! Nothing is functioning!

This is really bad. I downloaded something thinking it was safe, when it fact it wasn't. But when I tried to go back and delete all the folders after I uninstalled it, I just got the "access denied" message. So I went in and changed my user to admin, but nothing changed. My access is still denied, and my computer has become even more infected since I can't do anything about it. Also the computer didn't notify me at all that the program I was downloading was a virus, because all of the firewalls were turned off, and I can't turn them on because I apparently am not an administrator. What do I need to do? I need some help bad before these viruses get worse

↧

Ad extensions being installed in Chrome

April 27, 2015, 6:29 pm

≫ Next: EmieBrowserModeList - is that bad?

≪ Previous: I can't delete files that contain viruses because I don't have permissions?

Ive been getting ads recently in Chrome even though I have the UBlock extension and I found that random ad extensions have installed themselves. I removed all the unwanted extensions and also went into control panel and found a bunch of adware that was installed. I've gone in and deleted/uninstalled them all except for one called "DiscountExt" that won't uninstall.

Thanks for the help.

SysInfo here:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8147 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 41289 MB;
Motherboard: ASUSTeK COMPUTER INC., P8Z77-V LX
Antivirus: Microsoft Security Essentials, Updated and Enabled

↧

EmieBrowserModeList - is that bad?

April 27, 2015, 8:08 pm

≫ Next: chrome jumping to wpkg.org

≪ Previous: Ad extensions being installed in Chrome

Computer had been sluggish. Saw multiple(5) chrome.exe in TM, not sure this is a problem but Chrome was not started. I google around and(to make a long story short) found that I have the 3 EmieBrowserModeList (type) folders here C:\Users\xxxx\AppData\LocalLow under admin and regular user account. Not getting any redirection that I can tell, this could be remnants of a previous clean up as one folder is dated 3/14/15 and two folders dated 8/28/14 all contain a zero byte folder named container.dat.

Decided to come to the pros for help. Been a while since I've been to this side of TSG but I've done the drill. And thanks for being here!!

Updated and ran Malware-bytes(Free version) log posted below Specs.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 3838 Mb
Graphics Card: ATI Mobility Radeon HD 4250, 256 Mb
Hard Drives: C: Total - 225371 MB, Free - 160722 MB;
Motherboard: Acer, Aspire 7551
Antivirus: avast! Antivirus, Updated and Enabled
-----------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/27/2015
Scan Time: 8:38:58 PM
Logfile:
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.04.27.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Scratch

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309722
Time Elapsed: 14 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{7edae523-2f47-48a4-be5c-2db16c2cad61}Gw64, , [bdd4f27f11792313af3c34bb3ec5b44c],
PUP.Optional.PrimaryResult.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Primary Result, , [a2effd74a0ea21150b88bc0e17ec0cf4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.PrimaryResult.A, C:\Program Files (x86)\Primary Result, , [7e133938aedceb4b7d8f368d887b7a86],

Files: 1
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{7edae523-2f47-48a4-be5c-2db16c2cad61}Gw64.sys, , [bdd4f27f11792313af3c34bb3ec5b44c],

Physical Sectors: 0
(No malicious items detected)

(end)

↧

chrome jumping to wpkg.org

April 27, 2015, 10:12 pm

≫ Next: Malware, Spyware, and Adware

≪ Previous: EmieBrowserModeList - is that bad?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8075 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 704622 MB, Free - 573748 MB;
Motherboard: Intel, PLCSF8
Antivirus: Windows Defender, Disabled

Recently when I use Chrome if I type in a website it will take me there and then in about one second it will jump me to wpkg.org. Before this problem I had never even heard of wpkg.org. I ran Malwarebytes and quarantined 3 files. Two of them were called PUP.Optional.GlobalUpdate.A and the other one was PUP.optional.BetterMarkIT.A. After I quaranteed them the problem still persisted. I also tried to run system restore, but when I did I got this: "System Restore failed while scanning the file system on the drive C:\ The drive might be corrupt. You might want to retry System Restore after running chkdsk /R on this disk. An unspecified error occurred while doing System Restore. (0x81000204)"

At this point I thought I go to the experts. Help would be appreciated. Also I'm currently on firefox and it isn't giving me a problem.

thanks

↧

Malware, Spyware, and Adware

April 28, 2015, 4:47 am

≫ Next: Backdoor.Boda Removal Advice

≪ Previous: chrome jumping to wpkg.org

Note at the top of this forum page:
Everyone MUST read this BEFORE posting for help in this forum
Please follow the instructions there : http://forums.techguy.org/virus-othe...e-posting.html
Post the required log from TSG SysInfo, and it will enable help for your PC. Providing help may not be feasible otherwise.

↧

Backdoor.Boda Removal Advice

April 28, 2015, 11:42 am

≫ Next: possible virus infection

≪ Previous: Malware, Spyware, and Adware

Yesterday, I had what I think was Backdoor.Boda. A warning popped up, the external speakers were disabled and the built-in speakers started wailing like a smoke alarm (heart-stopping). The message used the name of my ISP and said that my browser and PC had critical security vulnerabilities, with instructions to call an 844 phone number. I removed the following file and registry entries

%UserProfile%\Application Data\googleupdate.exe
HKEY_CURRENT_USER\Software\Micorsoft\Windows\CurrentVersion\Run\"Update" = "%UserProfile%\Application Data\googleupdate.exe"
HKEY_CURRENT_USER\Software\Classes\"softbin" = "[BINARY DATA]"

mentioned in the article at http://www.symantec.com/security_res...jsp?asid=26595.

Should I be doing anything else? Everything seems normal, now. Using Windows 7.

↧

possible virus infection

April 28, 2015, 11:43 am

≫ Next: (Free or otherwise) Malware Removal Tool - Suggestions???

≪ Previous: Backdoor.Boda Removal Advice

My mother has had a very weird experience on facebook and i told her she should have you guys check out her pc. what should she start off by doing? I am recovering from mono so my brain is kind of fuzzy so please post detailed instructions on how to do what you ask. ty in advance.

↧

(Free or otherwise) Malware Removal Tool - Suggestions???

April 28, 2015, 7:56 pm

≫ Next: Virus, Malware Bad problem

≪ Previous: possible virus infection

Can anyone suggest a free malware removal tool that is trustworthy. I am have a "redirect" problem.

Thank you

ech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) II Dual-Core M300, x64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 2812 Mb
Graphics Card: AMD M860G with ATI Mobility Radeon 4100, 256 Mb
Hard Drives: C: Total - 295635 MB, Free - 122230 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Avira Antivirus, Updated and Enabled

↧

Virus, Malware Bad problem

April 29, 2015, 7:52 am

≫ Next: Infection with 1,000s of Junk files... HELP!

≪ Previous: (Free or otherwise) Malware Removal Tool - Suggestions???

Sorry for the delay, and welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure that under Optional Scans, there is a checkmark on Addition.txt.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also produce another log (Addition.txt ). Please attach this to your reply.

↧

Infection with 1,000s of Junk files... HELP!

April 29, 2015, 8:34 pm

≫ Next: Audio Commercials Playing in Background

≪ Previous: Virus, Malware Bad problem

The other night Internet Explorer stopped working. Two windows would pop up saying, first, that Internet Explorer (IE) was not working, and next that a solution was being searched for.
Restarted computer several times.
Used phone to look up "what to do when Internet Explorer stops working" and followed these suggestions:
-Restarted Computer again.
-Made sure all updates were installed.
-Turned IE off and then on again.
-Ran IE Performance troubleshooter.
-Turned off add-ons.
-Changed homepage.
-Cleared online history. (nothing worked, though I noticed even though IE didn't work when I opened it from my desktop, it worked when I opened it from the Windows Start Page, instead).
-Finally, I attempted a system restore for the recommended day and time, which didn't fix the issue, so I did a system restore from an earlier date and time, and got IE to work again, though there were now previously uninstalled apps on my desktop that I could not uninstall this time (they're still on my computer).

I called Toshiba Tech Support and was told my computer had multiple infections and Thousands of Junk Files. The Toshiba guy found these (through remote access), when he downloaded SpeedyPCPro onto my desktop and started a scan of my computer. Our call was ended before completing the scan or fixing the problem (the issues were left unresolved).

Later that evening (and multiple times today), I completed the scan myself (because SpeedyPCPro was still on my computer as a 14 day free trial), and there were multiple issues from almost every category. I clicked to fix the problems, though every time I do the scan, there's still privacy issues and excessive junk files, among other issues.

I had my phone plugged in to charge its battery from my computer the night I noticed all of these problems, so I don't know if my phone is infected or not.

I have also downloaded a few items without knowing whether or not they were from reputable sources (so I don't know if any of those downloads were the cause of the infection).

I really need guidance on how to permanently repair the issues on my laptop (and possibly my phone, too). What I am looking for from this post is:

1. Get to the root of current issues and permanently fix them.
2. Get recommendations for where to get open source security options (I currently have antivirus protection, though I guess it doesn't protect against malware (?)) and protect all of my technology, so that I can use the internet freely and securely.
3. Advice and/or recommendations on what I can do to prevent this from ever happening again.

PLEASE HELP!!!

Here's the system info for my computer:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 with Bing, 64 bit
Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 2
RAM: 3508 Mb
Graphics Card: AMD Radeon HD 8210, 512 Mb
Hard Drives: C: Total - 466080 MB, Free - 428854 MB;
Motherboard: TOSHIBA, ZKWAE
Antivirus: Trend Micro Internet Security, Updated: Yes, On-Demand Scanner: Enabled

(I tried to get the system info from my phone, but for some reason, after it downloads, it says the file can't be opened) :(

↧

Audio Commercials Playing in Background

April 30, 2015, 4:59 am

≫ Next: facebook site said I had malware

≪ Previous: Infection with 1,000s of Junk files... HELP!

Running Windows 8.1 and Firefox 37.0.2

Audio commercials playing in background at random times when running Firefox. Hasn't happened when not running Firefox (so far).

This started about a week ago. So far, this has happened only in Firefox; but, I am not absolutely sure it won't happen in IE as I use it almost none at all. If I close Firefox, the commercial stops immediately. Firefox and IE are the only browsers I have installed. I have reset Firefox to defaults, run Malwarebytes Antimalware, CCleaner, removed the hard disk and connected it to another system as a secondary drive and scanned for viruses. No change.

↧