internet lockout

July 4, 2015, 8:41 pm

≫ Next: "Software download complete" mystery box

≪ Previous: salvage my PC.

No problem. I would much prefer you to ask than to cause any problems. To copy and paste these files (or any others):

Open the FRST.txt file by double clicking on the file. It should be on your desktop. The FRST log will open in notepad.
On the top menu, press edit, then select all (2nd from bottom). All of the text will highlight.
Press edit, then press copy
Next, moving to the browser, on the webpage where we are conversing, move your cursor to the area where you can reply.
Press the RIGHT mouse button, and a menu will pop up. Press paste
The FRST log should populate the reply section. Simply press the post quick reply button
Repeat the above procedure for the addition.txt file as well.

Let me know if you have any problems. Ill look for your logs.

↧

"Software download complete" mystery box

July 5, 2015, 9:29 pm

≫ Next: Why can't I delete some apps from my smartphone?

≪ Previous: internet lockout

Don't know if I'm in the right place or not. Two days ago a gray rectangular box appeared in the lower right corner of my monitor. Top line reads "Software download complete." It has two buttons, "Install Now" and "Install later." Nothing indicates what software it is. I didn't consciously download anything. Clicking "Install later" causes the grey box to disappear for several minutes, then it returns. Right-clicking in the background of the gray box does nothing. Nothing that looks suspicious to me is in my Downloads folder. My SysInfo appears below. I ran MalwareBytes and SpyBot, also scanned with Kaspersky. They found nothing. What is it, and what do I do about it?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3895 Mb
Graphics Card: Intel(R) HD Graphics, 1723 Mb
Hard Drives: C: Total - 476837 MB, Free - 392370 MB; E: Total - 10117 MB, Free - 4212 MB; F: Total - 943709 MB, Free - 810636 MB;
Motherboard: Dell Inc., 0C2KJT
Antivirus: Kaspersky Total Security, Updated and Enabled

↧

Why can't I delete some apps from my smartphone?

July 6, 2015, 2:31 am

≫ Next: Malware disables System Shield

≪ Previous: "Software download complete" mystery box

:confused:After I uninstall the apps on my smartphone, I can still see them in the system.So waht should I do to delete them completely?:confused:
Thanks!

↧

Malware disables System Shield

July 6, 2015, 5:20 am

≫ Next: Windows XP Professional 2002 service pack 3 issues

≪ Previous: Why can't I delete some apps from my smartphone?

Also, I had noticed the following:

browser modifier:win32/couponRUC and W32/Heuristic-COC/Eldorado

↧

Windows XP Professional 2002 service pack 3 issues

July 6, 2015, 8:17 am

≫ Next: Trojan virus please help

≪ Previous: Malware disables System Shield

Hello,

Internet browsing is impossible on this computer. Symptoms include very slow boot up time, crashing, freezing my computer. I just got hijackthis and hope you can find a solution. Thank

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:03:04 AM, on 7/6/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58970758-9D54-433D-9038-AC6742343871} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {F8BDB9FA-8E9F-4EF2-877C-4121F3C57952} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = ?
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1435892090498
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www32.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: gebyyvw - gebyyvw.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 7235 bytes

↧

Trojan virus please help

July 6, 2015, 10:35 am

≫ Next: My computer has me so mad I'm going to blow it up

≪ Previous: Windows XP Professional 2002 service pack 3 issues

http://myonlinesecurity.co.uk/bank-p...k-pdf-malware/

I also attach a link about this virus if that helps.

Thank you

↧

My computer has me so mad I'm going to blow it up

July 7, 2015, 11:18 am

≫ Next: Computer Shuts Down on Virus Scan

≪ Previous: Trojan virus please help

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.70GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 1015 Mb
Graphics Card: Intel(R) 82915G/GV/910GL Express Chipset Family, 128 Mb
Hard Drives: C: Total - 68298 MB, Free - 41925 MB; D: Total - 7994 MB, Free - 309 MB;
Motherboard: ASUSTeK Computer INC., Onyx2
Antivirus: None

I am trying to upgrade my computer with Windows 7.1 Ultimate Edition and I keep getting error messages saying that I have three viruses or malware. then it says there was a drive removed and not put back the right way what can I do to fix this?
Please any help at this point would be excellent. Thank you for your time.
:mad:Lady Skitzo

↧

Computer Shuts Down on Virus Scan

July 7, 2015, 11:51 am

≫ Next: www.2015-isp-surveys.com

≪ Previous: My computer has me so mad I'm going to blow it up

Hey everyone. My laptop keeps shutting down when I run any virus or malware scans, and get an error message when trying to go to an earlier date on system restore.

Here's my laptop info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3892 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 102399 MB, Free - 35667 MB; D: Total - 359076 MB, Free - 285052 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., R580
Antivirus: Kaspersky Total Security, Updated and Enabled

Any help is appreciated, thank you.

↧

www.2015-isp-surveys.com

July 7, 2015, 5:25 pm

≫ Next: Firefox startpage hijacked by persistent "hao123"

≪ Previous: Computer Shuts Down on Virus Scan

Here is my sysinfo...
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Business, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+, x64 Family 15 Model 107 Stepping 2
Processor Count: 2
RAM: 3517 Mb
Graphics Card: NVIDIA GeForce 6150 LE, 64 Mb
Hard Drives: C: Total - 299999 MB, Free - 58586 MB; D: Total - 507780 MB, Free - 391497 MB; E: Total - 146083 MB, Free - 46972 MB; Z: Total - 953866 MB, Free - 953714 MB;
Motherboard: Dell Inc., 0YP806
Antivirus: Ad-Aware Antivirus, Disabled

In Mozilla Firefox, I routinely get these new screens that pop up with the URL of "2015-isp-surveys.com" as well as "beheardnow.website". The first one purports to be doing a survey for Cox Communications, and I don't recall what scam the other uses. I have found links on the web advising how to get rid of them, but they are generic in nature and not really of any help. Anybody have some good ideas as to how to get rid of them?

Thanx for looking!

↧

Firefox startpage hijacked by persistent "hao123"

July 8, 2015, 2:48 am

≫ Next: victim cybercrime - win8.1 tablet with unknown trojan

≪ Previous: www.2015-isp-surveys.com

simplest solution is delete the shortcuts on desktop &n task bar & recreate them

↧

victim cybercrime - win8.1 tablet with unknown trojan

July 8, 2015, 4:11 am

≫ Next: Victim cybercrime win8.1 tablet with unknown trojan

≪ Previous: Firefox startpage hijacked by persistent "hao123"

Your problems are beyond the ability of anybody on an online forum to assist so you need to seek specialist help
This is now closed

↧

Victim cybercrime win8.1 tablet with unknown trojan

July 8, 2015, 4:48 am

≫ Next: Software download complete

≪ Previous: victim cybercrime - win8.1 tablet with unknown trojan

white123hat, this is the second time a moderator has closed a post of yours. If this occurs again, you could face banning. There is a reason your original thread was closed, and we are not equipped to deal with these sort of requests.

thanks,

v

↧

Software download complete

July 8, 2015, 9:20 am

≫ Next: Need Help With Virus Removal

≪ Previous: Victim cybercrime win8.1 tablet with unknown trojan

There's a little box that's started popping up in the lower right hand corner of my screen that says "Software download complete. Install now / Install later.

Well, I'm not going to install anything just because it tells me the download is complete, but doesn't tell me what it is. I can get rid of the box by selecting Install Later, but then it just pops up again. I rebooted the computer, figuring if it was something that was supposed to install, that would do it. Maybe dumb, now that I think of it. Anyway, nothing happened. I still get the popup. Is this familiar to anyone? Any suggestions to make it go away?

↧

Need Help With Virus Removal

July 8, 2015, 5:19 pm

≫ Next: CPU working a lot in idle

≪ Previous: Software download complete

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Celeron(R) CPU 1017U @ 1.60GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 3977 Mb
Graphics Card: Intel(R) HD Graphics, -2043 Mb
Hard Drives: C: Total - 291501 MB, Free - 157438 MB;
Motherboard: Dell Inc., 0X2H5X
Antivirus: Windows Defender, Disabled

I am unable to turn Windows Defender on and I cannot run Windows Update. I had to run Malwarebytes, Spybot, and Microsoft Safety Scanner before I could get online to use this help site. I did not run Hijack This or any of your other security help programs. I would appreciate assistance from here on out to get this computer healthy again. I am looking forward to working with you.

↧

CPU working a lot in idle

July 8, 2015, 11:26 pm

≫ Next: DESKTOP removal of MALWARE ads to purchase:

≪ Previous: Need Help With Virus Removal

Hi,

I've found this forum searching answers to my problem, and it's almost time to get some help. I have this problem since I bought the pc, it's assembled. Everytime it behave like this I just format. Now I don't have time and I want to try Win 8 so, I want to resolve this.
From the incipt you may think it's not a malware related problem, but sadly it is and it is consequence of some of my habits.
The problem is that I head CPU writing sound from the case, but I'm not using the pc (like no browsering file/internet, gamings etc...) so most certanly it's a service of a hidden program doing something. I saw that with connection or without is not chaning anything, the rumor begin in the select user screen and it's absent in safe mode (yay!).
I've already did some scan with MBAM, and not it's saying 0 threats found. Now I'm logged on my Administrator account, mine is like unusable: I can log in, see programs loading and when it's all booted I can just click start and anything else.
I'm sorry for my poor english.

I'm using AVAST, but in a previous installation of Win7 I had MSE, neither of them found the threat in time.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 8183 Mb
Graphics Card: ATI Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 305242 MB, Free - 21439 MB;
Motherboard: ASUSTeK Computer INC., P7P55D
Antivirus: avast! Antivirus, Updated and Enabled

I hope everything helps.

Selfi

↧

DESKTOP removal of MALWARE ads to purchase:

July 9, 2015, 4:26 am

≫ Next: about:blank infection HELP!!!

≪ Previous: CPU working a lot in idle

I have Windows 7/Explorer browser:
For the past six (6) or more months, every time I open my system, three (3) ads require a " click" on the "x" delete corner of the small window to remover...each one......and the only options on the 'ad' box are "later" or "buy now"...it is an ad that claims I need to "upgrade" my Malware program...but my Technical support man, who has been in the business 20 yrs, said "can't remove it".
What steps can I take to remove this annoying ad...I am computer illiterate so please write directions like: "click on the right side of the mouse..."

↧

about:blank infection HELP!!!

July 9, 2015, 10:17 am

≫ Next: Unkown Infection

≪ Previous: DESKTOP removal of MALWARE ads to purchase:

It has taken me over an hour to create this post. Including two restarts and the TSG download

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X2 220 Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 1791 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
Hard Drives: C: Total - 462502 MB, Free - 257597 MB; H: Total - 2861575 MB, Free - 74371 MB; I: Total - 953867 MB, Free - 50636 MB;
Motherboard: eMachines, EL1352G
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

My physical memory is always at 90% or higher, every program I run is always "not responding".. I have malwarebytes and hijack this installed, I have run both but the problem persists. Any help would be appreciated. I have tried to follow removal instructions online and have had no luck, either due to finances or the instructions not matching my situation.

↧

Unkown Infection

July 9, 2015, 2:46 pm

≫ Next: DECRYPT VIRUS. I need help recovering my files

≪ Previous: about:blank infection HELP!!!

So the strangest thing is happening. Whenever I go to my Download folder windows loads up Dllhost.exe which starts using 10-15% of CPU and will keep chewing up all sorts of ram. I caught it once using 2 gig of Ram... I Ran the Symantec Trojan. Poweliks removal tool and it came up clean. It's really strange that this one specific folder is triggering the Dllhost.exe to open..

Thoughts ? Suggestions ?

EDIT: Found the issue. I had a hunch it was something to do with this 360 spherical video I downloaded from You Tube. I guess there was something about the file that Windows didn't like, or was trying to generate a preview. Really bizarre.

↧

DECRYPT VIRUS. I need help recovering my files

July 9, 2015, 2:48 pm

≫ Next: Pesky and unwanted CoupMania

≪ Previous: Unkown Infection

Hi mickeymbbc. My name is Firefly and I will help you with your computer. I ask you to follow a few ground rules while we are taking care of your computer:

I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.

The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

File Backup

Please let me know the following:

1. Since you need to restore your files, I assume you do not have a file backup of them? If you do, DO NOT BACK up your encrypted files.

2. Assuming you don't have a backup, please proceed to back up the files. This will allow us to always return to the base encryption:

For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every document gone. Seriously. Do this now.

Here are links to using the backup programs in the various versions of Windows:

If you have internet connectivity, an alternative to backing your files up locally is to back your files up to the cloud, and there are a number of free and paid for services of this type available.

Below are links to a couple of articles with details for both free and paid for backup services ...

http://www.techsupportalert.com/content ... -sites.htm
http://www.pcmag.com/article2/0,2817,22 ... 745,00.asp

A word of warning - if you have a lot of data to backup, an online service can take days, weeks, or months. In this case, please consider using a local backup method (external hard drive, USB, etc.)

One way or another, it is critical that you backup your data before proceeding.

Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering

Restore Point

First, before we do anything, we want to make sure we have made a backup of your computer's key information so that we can be sure to not make anything worse. I don't know what type of OS you are running, so here are instructions for boht Win7 and Win8. We will both make a restore point and do a system backup.

To create a restore point: (win 7)
1. click on the Start button to open your Start Menu. Then
2. click on the Control Panel, then the System icon, and then finally click on System Protection in the left-hand task list. You will now be at the System Protection tab in the System control panel.
3. At the bottom of the window you will see a button called "create". A window will pop open allowing you to name this restore point - please name this "before malware fix".
4. You can then close the System window.

To create a restore point: (Win 8 )
1. Press the WinKey+X to display the system menu and click System.
2. On the left side menu, click System Protection.
3. In the Protection Settings section, click the C: (system) drive.
4. Click the Create button.
5. Type a name for the System Restore file (The Date and Time will be added automatically). Please call it before malware fix

Please also do the following:
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...

Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
Click on Backup Now to create a backup of your Registry.
You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
Close and exit the program.

Once these are done, we can move forward with repairing the issues you are having. PLEASE DO NOT PROCEED IF YOU HAVE ANY PROBLEMS WITH THESE FIRST TWO STEPS OR IF YOU RECEIVED ANY ERROR MESSAGES.

FRST Scan

Please download FRST ... by Farbar, from the link below and save it to your Desktop. Please be sure to use the version appropriate for your operating system.

For 32 bit Systems

For 64 bit Systems

Right-click FRST.exe and select " Run as administrator " to run it.
When the tool opens click Yes to the disclaimer.
Press Scan button. ... When finished a log will be created, FRST.txt.
Please post the content of the FRST.txt in your next reply.
The first time the tool is run, it will create another log... Addition.txt.
Please post the content of the Addition.txt in your next reply.

Next Steps

1. Confirm you were able to make backups (if applicable), restore points, and use TCRB
2. Let me know whether you have existing backups and if they are accessible.
3. Post FRST.txt
4. Post addition.txt

Finally, with this type of infection, there is typically a demand for money or "ransom". Are there any messages you see on the computer as you use it? Any other symptoms you can describe?

↧

Pesky and unwanted CoupMania

July 9, 2015, 10:59 pm

≫ Next: Microsoft Works Spreadsheet files corrupt Cryptolocker

≪ Previous: DECRYPT VIRUS. I need help recovering my files

I have the unwanted CoupMania on Chrome. No matter whether I go to Tools/Extensions and un-enable then trash it, it comes back without me visiting any websites regardless of site. Does anybody have ideas on how to rid my PC of it. BTW do not respond with any downloads of any antivirus, anti-hijack, or other crap software. I have tried them all-nothing works. Is it in my registry? There are not any weird programs in my Control Panel/Programs to uninstall. There is not anything in my Temp Folders or program folders. I have reset Chrome so many times and it still comes back. I have Win 7 64. Thanks.

↧

Latest Images