AVG-Windows update failure
Closed
akatextileas
Posts
2
Registration date
Monday December 8, 2008
Status
Member
Last seen
December 9, 2008
-
Dec 9, 2008 at 09:00 AM
lll - Apr 20, 2010 at 09:29 AM
lll - Apr 20, 2010 at 09:29 AM
Related:
- Plfseti.exe
- Kmspico windows 10 - Download - Other
- Gta 5 download apk pc windows 10 - Download - Action and adventure
- Windows 10 iso download 64-bit - Download - Windows
- Blackmagic disk speed test windows - Download - Diagnosis and monitoring
- Bandlab download for pc windows 10 - Download - Musical production
78 responses
what if I already had the free trial of trojan remover and now cannot use it? I dont want to spend 40$ to get it registered. Any way around that?
hi..i was having the same issues... I tryed everything listed here and most found nothing except malware bytes and super anti spyware.
i gave up as I could no longer even open my avg anti virus and I just took it to a techi its now completely cured he used these two programs
malware bytes
and dr web
thought id share it with you all hope it helps you all too :)
i gave up as I could no longer even open my avg anti virus and I just took it to a techi its now completely cured he used these two programs
malware bytes
and dr web
thought id share it with you all hope it helps you all too :)
Thank you morphine, and everyone here involved, who help me fix this issue successfully by simply sharing their knowledge and stories. =)
I was able to use Troyan Remover and SmithFraudCheck and after updating, scanning, cleaning and rebooting my computer is able to once again retrieve Windows Updates, as well any other AV and anti-malware tool! Yeahhh baby!!
I was able to use Troyan Remover and SmithFraudCheck and after updating, scanning, cleaning and rebooting my computer is able to once again retrieve Windows Updates, as well any other AV and anti-malware tool! Yeahhh baby!!
Didn't find the answer you are looking for?
Ask a question
Any ideas when I cannot get Trojan Remover or anything to install on the infected machine?
When I read that people had solved this issue using Trojan Remove, I was ecstatic. I downloaded Trojan Remover on my clean laptop and took it to install it on the infected desktop but nothing happens. I then tried installing Malwarebytes too just to see if it would install - - the answer was NO!
I am so mad at McAfee right now. Their customer service team sucks. I cannot believe that I actually pay for their service that failed to protect my machine and they will do nothing to resolve this issue if I don't PAY their virus removal team.
I don't have the OS software to do a reinstall right now and would rather avoid. I probably need to order it but would love to get this issue solved for now without having to wipe and reinstall.
When I read that people had solved this issue using Trojan Remove, I was ecstatic. I downloaded Trojan Remover on my clean laptop and took it to install it on the infected desktop but nothing happens. I then tried installing Malwarebytes too just to see if it would install - - the answer was NO!
I am so mad at McAfee right now. Their customer service team sucks. I cannot believe that I actually pay for their service that failed to protect my machine and they will do nothing to resolve this issue if I don't PAY their virus removal team.
I don't have the OS software to do a reinstall right now and would rather avoid. I probably need to order it but would love to get this issue solved for now without having to wipe and reinstall.
I'm running Vista 64 bit. Tried system restore and the previous point of restore I set has been eliminated. Only get today or yesterday and both are problems. Again, can update Windows, but everything else won't update. Can access the net, but when I try to respond to the server on the site I'm connected to, their server can't establish a link with me and error message is.....your computer not connected to internet server failed to establish link. This is really frustrating. Right now I'm disabling programs one at a time to try and find the culprit.
I've tried virtually every Virus Program and all, when loaded, kill my internet connection. Remove the program and I'm back on the net. My ISP, Time Warner, checked my settings and announced it was a software problem. I'm running Windows firewall, but ZoneAlarm also freezes the machine. Checked the HOSTS file and it's OK.........All ideas welcomed~~~
I've tried virtually every Virus Program and all, when loaded, kill my internet connection. Remove the program and I'm back on the net. My ISP, Time Warner, checked my settings and announced it was a software problem. I'm running Windows firewall, but ZoneAlarm also freezes the machine. Checked the HOSTS file and it's OK.........All ideas welcomed~~~
oops I meant try installing it while running in safe mode
Thanks for the suggestion. I guess I should have mentioned that I had already tried installing in safe mode to no avail. A post on page two had mentioned this as well as trying a "silent" install using run. That did not work either. I just want to pull my hair out. The odd thing is that the update to Trojan Remover will launch but not the setup - - the update is no good if there is no where for it to go!
Tomorrow a tech friend is coming to our house to take a look. I am so disgusted by this whole mess! Everyday draws me closer to a reinstall which I would rather avoid at the moment.
Tomorrow a tech friend is coming to our house to take a look. I am so disgusted by this whole mess! Everyday draws me closer to a reinstall which I would rather avoid at the moment.
Have you tried hijackthis? sometimes it can work to where you can disable the malware and continue to run your virus or trojan removers. however I never tried or tested trojan remover im not sure about how much of a help it really is.
But I myself have ran into troubles so bad to where a format and reinstall was the only answer.so as long as you can save your important files like having and extra harddrive really a format and reinstall is no big dea. your back surfing the net in as little as 15-20 minutes depending on your pc speed. Most vista cpu's have a setting where you can choose to restore to factory settings which is basically a format and reinstall which I found kinda cool about vista. If your running xp or 2000 a format and reinstall is limited to still having the xp or 2000 disk. About all I can offer is my old copy of 2000 pro which I dont use anymore couse I have xp however 2000 pro and xp are pretty much the same thing except a few little things. I hope you get your stuff running correct again good luck man.l
But I myself have ran into troubles so bad to where a format and reinstall was the only answer.so as long as you can save your important files like having and extra harddrive really a format and reinstall is no big dea. your back surfing the net in as little as 15-20 minutes depending on your pc speed. Most vista cpu's have a setting where you can choose to restore to factory settings which is basically a format and reinstall which I found kinda cool about vista. If your running xp or 2000 a format and reinstall is limited to still having the xp or 2000 disk. About all I can offer is my old copy of 2000 pro which I dont use anymore couse I have xp however 2000 pro and xp are pretty much the same thing except a few little things. I hope you get your stuff running correct again good luck man.l
Tried Hijack and Trojan remover, no success. My last step will be restore to factory settings. A computer guru in California has my install logs and registry info, hoping he can come up with a solution, I can't yet. I installed IE 8 and it won't access the Internet. Good thing I use Fire Fox. Will let you know if I break the code.
Morphine!!!.You save my day with introduced me with Trojan Remover.Man.you are the man.million thanks.wait..infinite thanks
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
Feb 8, 2009 at 06:06 PM
Feb 8, 2009 at 06:06 PM
I am writing to express gratitude for Morphine on this forum for solving my problem. This invasive "virus/malware/painintheass" seems to be diffrent on every machine and it may take several tries to find the solution as I discovered. I also would like to try and figure out where the "bug" came from. I have related below two possible causes. Please others post their stories and let's see if we can come up with the vector.
I acquired this "virus/malware/headache" on 1/27/2009. My last download from Microsoft was a routine updating of Office 2007. I know this because when I tried to use system restore my last save point was the day before I updated Office. I do not believe that Office is the culprit but I would like to know what the last thing others downloaded before they acguired "the bug." A more likely cause would be my habit of occassionally watching videos on Pornhub. This may be TMI, but hey, if we are to figure out where this thing came from I will be the first to admit to frequenting Pornhub as a possibility. If others suspect the same please post your thoughts.
Now about this bug....
This thing is incredible!
It hijacks every browser on your computer- Explorer, Firefox, Chrome and Safari. When you attempt to Update Windows it sends you to a very good "fake Google page." Every click or search in the fake google page seems to add more malware and directs one to porn sites. i.e. Gay Porn (not that there is anything wrong with that) Just happens that I am straight. I also believe that this is the reason it is worse on some machines than others. I recognized the Google page as fake because I use iGoogle as my home page and there was no button for iGoogle. When I attempted to search is when it became very apparent. It sent you straight to the page it wanted to. It seems that the more you use this fake page the worst the infection becomes.
It doesn't stop at hijacking the browser, it also prevents your Antivirus from updating. I had Trend Micro orginally and went out and bought Kaspersky after being told that it was the best by the IT guys at work This thing shut down Kaspersky's like it owned it. (I had a Disk version of Kaspersky manufactured in Oct 2008. I do believe that had I had Kaspersky before and it was updated, instead of Trend Micro, I would have never caught the bug.) I found this forum yesterday morning Googling "virus hijacks browser and disables updates."
As Morphine sugested: I downloaded the free Trojan Remover 6.7.5. (It is free for 1st 30 days) Find it here:
http://www.simplysup.com/tremover/download.html
Then I ran it. It found the offending file and it stated that it needed to be deleted- which I did by clickin OK or something. I thought I had solved the problem and did nothing else other than attempt to update Kaspersky and Windows. Both failed before completing.
Whoever wrote this "bug" is a genuis, and a sadistic bastard! It is like the last boss fight in good Videogame, you can't kill it with just one weapon. It apprently hides in your RAM and attaches itself back into the registry. That is why you have to have SmitFraudFixTool. Find it here:
http://smitfraudfixtool.com/
This program will cost you unfortnately. I already had RegCure but it did not work- its not made to chase bugs. I paid $39.00 for it and can run it on three computers. Anyway, after running the Trojan Remover again and immediately afterwards running SmitFraudFixTool and cleaning out 3156 so called "bad files." I then updated Kaspersky and ran a system scan which finally put the noose on the damn thing for good. This forum was a godsend!
My computer is now running like a dream! Thank you Morphine for the solution. Please others post their battles with this Monster.
I acquired this "virus/malware/headache" on 1/27/2009. My last download from Microsoft was a routine updating of Office 2007. I know this because when I tried to use system restore my last save point was the day before I updated Office. I do not believe that Office is the culprit but I would like to know what the last thing others downloaded before they acguired "the bug." A more likely cause would be my habit of occassionally watching videos on Pornhub. This may be TMI, but hey, if we are to figure out where this thing came from I will be the first to admit to frequenting Pornhub as a possibility. If others suspect the same please post your thoughts.
Now about this bug....
This thing is incredible!
It hijacks every browser on your computer- Explorer, Firefox, Chrome and Safari. When you attempt to Update Windows it sends you to a very good "fake Google page." Every click or search in the fake google page seems to add more malware and directs one to porn sites. i.e. Gay Porn (not that there is anything wrong with that) Just happens that I am straight. I also believe that this is the reason it is worse on some machines than others. I recognized the Google page as fake because I use iGoogle as my home page and there was no button for iGoogle. When I attempted to search is when it became very apparent. It sent you straight to the page it wanted to. It seems that the more you use this fake page the worst the infection becomes.
It doesn't stop at hijacking the browser, it also prevents your Antivirus from updating. I had Trend Micro orginally and went out and bought Kaspersky after being told that it was the best by the IT guys at work This thing shut down Kaspersky's like it owned it. (I had a Disk version of Kaspersky manufactured in Oct 2008. I do believe that had I had Kaspersky before and it was updated, instead of Trend Micro, I would have never caught the bug.) I found this forum yesterday morning Googling "virus hijacks browser and disables updates."
As Morphine sugested: I downloaded the free Trojan Remover 6.7.5. (It is free for 1st 30 days) Find it here:
http://www.simplysup.com/tremover/download.html
Then I ran it. It found the offending file and it stated that it needed to be deleted- which I did by clickin OK or something. I thought I had solved the problem and did nothing else other than attempt to update Kaspersky and Windows. Both failed before completing.
Whoever wrote this "bug" is a genuis, and a sadistic bastard! It is like the last boss fight in good Videogame, you can't kill it with just one weapon. It apprently hides in your RAM and attaches itself back into the registry. That is why you have to have SmitFraudFixTool. Find it here:
http://smitfraudfixtool.com/
This program will cost you unfortnately. I already had RegCure but it did not work- its not made to chase bugs. I paid $39.00 for it and can run it on three computers. Anyway, after running the Trojan Remover again and immediately afterwards running SmitFraudFixTool and cleaning out 3156 so called "bad files." I then updated Kaspersky and ran a system scan which finally put the noose on the damn thing for good. This forum was a godsend!
My computer is now running like a dream! Thank you Morphine for the solution. Please others post their battles with this Monster.
Wow,thanks!I had this problem for a week,i thought it was normal.Then I use the trojan remover the guy
says and it work ! ^^ thanks
says and it work ! ^^ thanks
I have tried every program listed here and still can't get updates or submit data to servers at sites while on line. IE will not connect to the Internet; however, my Windows Vista 64x updates do work as well as a sidebar that updates stock prices. I use Firefox to access the web. I reset the Winsock protocol as it had been corrupted and I verified, reinstalled and reset the contents of the HOSTS file to default. I deleted corrupted registry keys. Checked with my ISP, Time Warner, and they could not offer any solution as I was able to access the net via Firefox. Purchased and ran Smitfixfraud tool, highest rated review, and still the problem continues. Also downloaded and ran the total deep scan offered on the Microsoft web site. I think this is very clever malware that embeds itself in other applications thus cannot be detected by webroot, virus or other scans. Any solution you can suggest I will try.
However; the only solution I can think of is to return my computer to factory settings, an option available with Visa and reload all my programs from the original disks.
All this started when I downloaded AVG from their official site. Any ideas?
However; the only solution I can think of is to return my computer to factory settings, an option available with Visa and reload all my programs from the original disks.
All this started when I downloaded AVG from their official site. Any ideas?
Hi dear friend I have a problem to open the antivirus wev site....? what can I do to resolve it.. plz reply soon as soon as posible ...
i m sending u my log detail of Hijeck SW
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:06 PM, on 2/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\HP\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\HP\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://in.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/en-in?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYIN
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2D9D0D-2DCC-44C8-B724-4896761A41E7}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA91C73-F101-4CB6-B5CF-03782E734ACF}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A9F0A8-40CF-4F26-B1D7-D7B4FE8CBF78}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF39A6F3-5485-4E39-A466-6CC4508B00B1}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: (no name) - http://img4.orkut.com/js/gen/common044.js
i m sending u my log detail of Hijeck SW
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:06 PM, on 2/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\HP\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\HP\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://in.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/en-in?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYIN
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2D9D0D-2DCC-44C8-B724-4896761A41E7}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA91C73-F101-4CB6-B5CF-03782E734ACF}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A9F0A8-40CF-4F26-B1D7-D7B4FE8CBF78}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF39A6F3-5485-4E39-A466-6CC4508B00B1}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O24 - Desktop Component 0: (no name) - http://img4.orkut.com/js/gen/common044.js
Lmao! I have a few issues!
1) Is your AVG free, Anti spy ware?? or anti-virus???
2) AVG anti-spyware is no longer availble I bought the paid version! So you cant get the updates anymore! I know because I had it, and they tried to upgrade me to Internet Security suite....which is a complete con in my books, I told em where to shove it, because I already have a internet security suite, which I paid for, for 2 years. So lost a year on AVG-anti spyware!
3) Very important if you have a problem NEVER, NEVER, NEVER, D/load anything that is recommended in a forum, You dnt have to be genius to work this out as to why you shouldnt, A) because you cant solve the current problem! and B) because d/loading something else tht is probably absolutley useless to the current problem adds to the frustration of not getting it corrected.
4) This is why.......PEOPLE SHOULD ALWAYS BACK UP THERE COMPUTER!!!
5) If you really are getting a head ache with this, shut down your computer and reboot and all depending on what laptop you have press f11 and try to re-boot back to Manufacture settings, you will lose everything SO BE VERY WARNED!
This is the quickest and cheapest way of resolving this issue. If you dont want to do that, then consult someone who knows what there talking about.....OPINIONS, opinons, opinions, get the correct information! get ur lazy ass to an independent computer store not a national store and they MAY advise you all depending on how nice you are to them for free.
1) Is your AVG free, Anti spy ware?? or anti-virus???
2) AVG anti-spyware is no longer availble I bought the paid version! So you cant get the updates anymore! I know because I had it, and they tried to upgrade me to Internet Security suite....which is a complete con in my books, I told em where to shove it, because I already have a internet security suite, which I paid for, for 2 years. So lost a year on AVG-anti spyware!
3) Very important if you have a problem NEVER, NEVER, NEVER, D/load anything that is recommended in a forum, You dnt have to be genius to work this out as to why you shouldnt, A) because you cant solve the current problem! and B) because d/loading something else tht is probably absolutley useless to the current problem adds to the frustration of not getting it corrected.
4) This is why.......PEOPLE SHOULD ALWAYS BACK UP THERE COMPUTER!!!
5) If you really are getting a head ache with this, shut down your computer and reboot and all depending on what laptop you have press f11 and try to re-boot back to Manufacture settings, you will lose everything SO BE VERY WARNED!
This is the quickest and cheapest way of resolving this issue. If you dont want to do that, then consult someone who knows what there talking about.....OPINIONS, opinons, opinions, get the correct information! get ur lazy ass to an independent computer store not a national store and they MAY advise you all depending on how nice you are to them for free.
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
Feb 13, 2009 at 11:18 PM
Feb 13, 2009 at 11:18 PM
Soulsearcher-
Please don't be a hater. The advise you give is flawed. F11ing your hard drive will not solve this problem but it will create an even bigger one when you loose everything on your drive. True, it probably is good advise not to download files suggested in a forum, but the many success stories, including the post after yours is obvious that the suggested Trojan Removal Tool works. Most people have had success if they follow Morphines original instructions. The mistake is that most are making is not disabling their antispyware before running the Trojan Remover and not following up with some malware killing program to wipe out the bug before it returns. Trojan Remover apparently does not kill the bug entirely.
Your advise is counter productive. Anyone reading this forum is computer savvy enough to F disc their hard drive. A beginner who only knows how to wipe the slate clean and start over or run to the repair shop should not post their bad advise on a computer self-help forum.
I have a friend that owns a computer repair shop and he told me about this "bug." He had no real advise to cure it and told me he had installed new hard drives in half a dozen computers because F11ing the hard drive only cleared the personal data but did not kill this "bug." After telling him about my experience here and the Trojan Remover; he has fixed 3 computers using "Morphine's Cocktail" and he has had one that he could not- all were infected with this "bug."
My computer runs like a champ after taking the advise I read in this forum. I hope no one that reads your comments gives up because in your infinite wisdom you decided to post some bad advise. Please search your soul and retract your bad advise!
Please don't be a hater. The advise you give is flawed. F11ing your hard drive will not solve this problem but it will create an even bigger one when you loose everything on your drive. True, it probably is good advise not to download files suggested in a forum, but the many success stories, including the post after yours is obvious that the suggested Trojan Removal Tool works. Most people have had success if they follow Morphines original instructions. The mistake is that most are making is not disabling their antispyware before running the Trojan Remover and not following up with some malware killing program to wipe out the bug before it returns. Trojan Remover apparently does not kill the bug entirely.
Your advise is counter productive. Anyone reading this forum is computer savvy enough to F disc their hard drive. A beginner who only knows how to wipe the slate clean and start over or run to the repair shop should not post their bad advise on a computer self-help forum.
I have a friend that owns a computer repair shop and he told me about this "bug." He had no real advise to cure it and told me he had installed new hard drives in half a dozen computers because F11ing the hard drive only cleared the personal data but did not kill this "bug." After telling him about my experience here and the Trojan Remover; he has fixed 3 computers using "Morphine's Cocktail" and he has had one that he could not- all were infected with this "bug."
My computer runs like a champ after taking the advise I read in this forum. I hope no one that reads your comments gives up because in your infinite wisdom you decided to post some bad advise. Please search your soul and retract your bad advise!
I can't believe it was that easy to fix!!! My NEW Dell PC became infected with this very aggressive virus or whatever the hell it is. It appears to have started out as a URL redirector progam so I ran my normal McAfee, Spybot, Ad Aware and stinger...they may not be the best but they have always worked fine for me. Each time I tried to update these programs, I would get the standard "error" messages...it seemed like every time I tried something it got more severe. You wouldn't believe how many programs I tried...really like 10!!! and NONE would allow updates except malwarebytes, but it didn't reveal the problem.
FINALLY AFTER READING YOUR LOGS HERE...I downloaded Trojan Remover and it allowed the updates to download. I pressed the "scan" button and a warning immediately indicated that it had found the TDSS problem and other rootkit problems. COULD IT BE THAT EASY??? I immediately restarted my PC and tried to update my standard programs...THEY ALL WORK!!! I am now updating everything and running full scans.
This is my hero: TROJAN REMOVER
FINALLY AFTER READING YOUR LOGS HERE...I downloaded Trojan Remover and it allowed the updates to download. I pressed the "scan" button and a warning immediately indicated that it had found the TDSS problem and other rootkit problems. COULD IT BE THAT EASY??? I immediately restarted my PC and tried to update my standard programs...THEY ALL WORK!!! I am now updating everything and running full scans.
This is my hero: TROJAN REMOVER
Amazing post by Morphine, on Friday January 2, 2009 05:34:38 AM.......IT TOTALLY CURED THE INFECTION....THANKS A TON!!...U R A GENIUS
......CLEANED MY PC COMPLETELY WITH
TROJAN REMOVER:
www.simplysup.com/tremover/download.html
.....................................................IT TOOK ME A MONTH OF GOOGLING TO HIT THIS THREAD...
THIS IS A NEW KIND OF VIRUS/MALWARE THAT PREVENTS ANY ACCESS TO POPULAR AV UPDATE ...ANY POPULAR ONLINE AV SCAN...DISABLES UPDATES ON MCAF**2009...NORT**2009....AS WELL AS SUPERANTISPYWA** ..EVEN ON FRESH REINSTALL .....BASICALLY ALL POPULAR PROGRAMS...
THE INTERESTING THING IS IF U DO MANAGE TO UPDATE THEM VIA A PEN DRIVE ....NOTHING SHOWS UP IN SCAN..EXCEPT FEW WORTHLESS ADWARE
.......AS PER TROJAN REMOVER REPORT....
ON MY PC IT ACTUALLY CREATED A LOCKED SERVICES REGISTRY KEY....
C:\WINDOWS\system32\drivers\gaopdxxbldllrm.sys
....THIS FILE WAS IN STEALTH MODE....
IT WAS LOADED BY REGISTRY KEY
HKLM\SYSTEM\CurrentControlSet\Services\gaopdxxbldllrm.sys
....................................
SOLUTION:..(WHAT WORKED IN MY CASE)
RUN TROJAN REMOVER....IT SURPRISINGLY UPDATES SMOOTHLY....THEN REBOOT.....THEREAFTER UPDATE ON UR SUPERANTISPYWARE SHOULD RUN SMOOTHLY...DO SCAN AGAIN AFTER UPDATE TO REMOVE ANY TRACES.....LASTLY UPDATE UR AV(SHOULD WORK BY NOW) AND SCAN...TO BE DOUBLY SURE....
......CLEANED MY PC COMPLETELY WITH
TROJAN REMOVER:
www.simplysup.com/tremover/download.html
.....................................................IT TOOK ME A MONTH OF GOOGLING TO HIT THIS THREAD...
THIS IS A NEW KIND OF VIRUS/MALWARE THAT PREVENTS ANY ACCESS TO POPULAR AV UPDATE ...ANY POPULAR ONLINE AV SCAN...DISABLES UPDATES ON MCAF**2009...NORT**2009....AS WELL AS SUPERANTISPYWA** ..EVEN ON FRESH REINSTALL .....BASICALLY ALL POPULAR PROGRAMS...
THE INTERESTING THING IS IF U DO MANAGE TO UPDATE THEM VIA A PEN DRIVE ....NOTHING SHOWS UP IN SCAN..EXCEPT FEW WORTHLESS ADWARE
.......AS PER TROJAN REMOVER REPORT....
ON MY PC IT ACTUALLY CREATED A LOCKED SERVICES REGISTRY KEY....
C:\WINDOWS\system32\drivers\gaopdxxbldllrm.sys
....THIS FILE WAS IN STEALTH MODE....
IT WAS LOADED BY REGISTRY KEY
HKLM\SYSTEM\CurrentControlSet\Services\gaopdxxbldllrm.sys
....................................
SOLUTION:..(WHAT WORKED IN MY CASE)
RUN TROJAN REMOVER....IT SURPRISINGLY UPDATES SMOOTHLY....THEN REBOOT.....THEREAFTER UPDATE ON UR SUPERANTISPYWARE SHOULD RUN SMOOTHLY...DO SCAN AGAIN AFTER UPDATE TO REMOVE ANY TRACES.....LASTLY UPDATE UR AV(SHOULD WORK BY NOW) AND SCAN...TO BE DOUBLY SURE....
sourya_4
Posts
4
Registration date
Thursday February 12, 2009
Status
Member
Last seen
February 13, 2009
Feb 13, 2009 at 09:44 AM
Feb 13, 2009 at 09:44 AM
hey it seems am d odd one out....havin d same prob I dwnlded and ran trojan remover....but it said dat avg is still running n it might not access d mailicious files detected by it...i procceded ran d scan...dltd a few files...but I hav d same problems...pls help me...morphine or anyone.....dis has been torturing me 4 a month...pls help me
in need of help,
ready 2 help fella
in need of help,
ready 2 help fella
hi,
I have the same issue and I have now downloaded the Trojan Remover but I still can't open AVG antivirus.
When running the scan TR 6.7.5 I get a message that says: "active anti malware program detected. Procees with the scan? Checks indicate that AVG antivirus is running on this PC. If AVG's resdient shield is active then it may prevent Trojan Remover from accessing any file that AVG allready detects as malicious"
Does it mean that I have to disinstall AVG and then re-scan?????
What message should I get from TR 6.7.5 when the virus is found????
I have the same issue and I have now downloaded the Trojan Remover but I still can't open AVG antivirus.
When running the scan TR 6.7.5 I get a message that says: "active anti malware program detected. Procees with the scan? Checks indicate that AVG antivirus is running on this PC. If AVG's resdient shield is active then it may prevent Trojan Remover from accessing any file that AVG allready detects as malicious"
Does it mean that I have to disinstall AVG and then re-scan?????
What message should I get from TR 6.7.5 when the virus is found????
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
>
Ken The Golfer
Feb 13, 2009 at 11:49 PM
Feb 13, 2009 at 11:49 PM
Ken The Golfer
Did you finally get your PC cleared? I finally figured out where I got it. This worm spreads via local networks and removable storage media. It is a PE DLL file. The components of the worm are between 155KB and 165KB in size. It is packed using UPX. Apparently I picked this Worm up through a USB device when I pulled movies off a friend's computer. She ended up having to have her hard drive replaced.
If you want to read about the infection check this link:
https://securelist.com/?virusid=21782725
Did you finally get your PC cleared? I finally figured out where I got it. This worm spreads via local networks and removable storage media. It is a PE DLL file. The components of the worm are between 155KB and 165KB in size. It is packed using UPX. Apparently I picked this Worm up through a USB device when I pulled movies off a friend's computer. She ended up having to have her hard drive replaced.
If you want to read about the infection check this link:
https://securelist.com/?virusid=21782725
Ken The Golfer
>
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
Feb 14, 2009 at 12:17 AM
Feb 14, 2009 at 12:17 AM
No I haven't. Ran TJ three times, deep scan twice and got a clean bill of health. Still can't update or exchange data with servers on sites. Working with Comodo guru now as that anti virus app locks me out of net when it's loaded. Firefox folks couldn't help either. Next week I'll probably reset to factory installation and re=load all my software from disks. This thing is a real bummer. Microsoft weekly scan is running now. We'll see.
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
>
Ken The Golfer
Feb 14, 2009 at 12:37 AM
Feb 14, 2009 at 12:37 AM
Before you scrap your drive. This thing is called the "Kido Worm" , "Downadup" and "Conficker." There is a lot of info out there if you Google these names. I hope you can find a fix. It is an interesting Worm as it seems to disable every defense before we can even launch into action. Disabling system restore was genius on the part of the creator.
The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.
Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm.
My advise is to get the removal tool on a USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers.
Hope this helps,
Keifer
The latest variant of the worm now lets it spread via thumb drives. It operates by copying itself in a random folder created inside the Recycler directory, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm executes automatically if the Autorun feature is enabled.
Certain TCP functions are also patched to block access to security-related Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the sneaky little worm removes all access rights of the user, except execute and directory usage, to protect its file. Microsoft has created a removal tool for this worm.
My advise is to get the removal tool on a USB device from another computer and then load it onto your computer. The surprising thing is that this thing started in Oct. and already has infected 12.9 million computers.
Hope this helps,
Keifer
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
Feb 15, 2009 at 01:12 AM
Feb 15, 2009 at 01:12 AM
You have to disable all antivirus, and spyware programs before you run the Trojan Remover. If that does not work, contact support at support@simplysup.com and tell them exactly what the problem is and they will get you through it. There FAQ section suggests the following:
Some malware programs deliberately try to prevent the installation of anti-malware programs. If, when trying to install Trojan Remover, you see the installation screen completely disappear whilst you are installing the program, this is probably being caused by the malware program shutting down our installer. The work-around for this is to run a "silent" install. Ensure that you have saved the trjsetup[nnn].exe file (or trj[nnn].exe, if you are trying to run the Program Update) where [nnn] is the version number, to a directory on your PC. Click START > Run. In the box that comes up, type in:
"<path to file>\trjsetup[nnn].exe" /silent
("<path to file>\trj[nnn].exe" /silent if installing the Program Update)
and press the ENTER key. Replace <path to file> with the actual path to where you saved the downloaded setup file. Make sure that the path and filename are surrounded by quotes, as shown in the examples above. For example, if you have saved the setup file to C:\My Downloads, then the command would look like this:
"C:\My Downloads\trjsetup675.exe" /silent (there is a space before the /silent).
This will install Trojan Remover to the default directory, i.e. C:\Program Files\Trojan Remover. You will see a progress window as the installation proceeds.
You may need to try this a couple of times - the installation is fast, but it needs to be faster than the malware trying to stop it.. You will know when the install has succeeded when Trojan Remover's icon appears on the desktop.
If you still cannot install Trojan Remover using this method, then you should try to install the program in SAFE mode.
For more info try: https://simplysup.com/tremover/faq.html
Note: Trojan Remover may not work on 64 bits operating systems.
Hope this helps,
Keifer
Some malware programs deliberately try to prevent the installation of anti-malware programs. If, when trying to install Trojan Remover, you see the installation screen completely disappear whilst you are installing the program, this is probably being caused by the malware program shutting down our installer. The work-around for this is to run a "silent" install. Ensure that you have saved the trjsetup[nnn].exe file (or trj[nnn].exe, if you are trying to run the Program Update) where [nnn] is the version number, to a directory on your PC. Click START > Run. In the box that comes up, type in:
"<path to file>\trjsetup[nnn].exe" /silent
("<path to file>\trj[nnn].exe" /silent if installing the Program Update)
and press the ENTER key. Replace <path to file> with the actual path to where you saved the downloaded setup file. Make sure that the path and filename are surrounded by quotes, as shown in the examples above. For example, if you have saved the setup file to C:\My Downloads, then the command would look like this:
"C:\My Downloads\trjsetup675.exe" /silent (there is a space before the /silent).
This will install Trojan Remover to the default directory, i.e. C:\Program Files\Trojan Remover. You will see a progress window as the installation proceeds.
You may need to try this a couple of times - the installation is fast, but it needs to be faster than the malware trying to stop it.. You will know when the install has succeeded when Trojan Remover's icon appears on the desktop.
If you still cannot install Trojan Remover using this method, then you should try to install the program in SAFE mode.
For more info try: https://simplysup.com/tremover/faq.html
Note: Trojan Remover may not work on 64 bits operating systems.
Hope this helps,
Keifer
Keifermail:
where can we get the Microsoft removal tool for the "kido worm"? Trojan Remover didn't work for me....
Many thanks for your help.
where can we get the Microsoft removal tool for the "kido worm"? Trojan Remover didn't work for me....
Many thanks for your help.
Dunno abt microsoft but Kaspersky has a fix on their support site......try
https://support.kaspersky.com/viruses/protection/10952
scroll down to the kidokiller file download info.....
.....................Hope that helps......
https://support.kaspersky.com/viruses/protection/10952
scroll down to the kidokiller file download info.....
.....................Hope that helps......
Keifermail
Posts
28
Registration date
Saturday February 7, 2009
Status
Member
Last seen
February 15, 2009
5
Feb 15, 2009 at 12:47 AM
Feb 15, 2009 at 12:47 AM
Ringhio,
Here is the link where you will find the directions to remove the bug:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
But, there is a catch. You will need to find an uninfected computer to read the directions. The bug blocks websites that can kill it such as Microsoft, Kaspersky, Trend Micro etc. It also blocks system update so don't waste your time. Using F11 is a mistake also as that takes the computer back to the day you bought it, but with the Kido Virus still intact. Microsoft states,
"If your computer is infected with the Kido/Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "
If you are planning to download the latest Microsoft Malicious Software Removal Tool on an uninfected computer and transfer it to yours via a USB device, please use a new USB, as the virus spreads via USB devices.
Microsoft just offered a 250k reward to catch the bastards that created this nightmare! I hope it works and someone turns the culprit in.
Hope this helps,
Keifer
Here is the link where you will find the directions to remove the bug:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
But, there is a catch. You will need to find an uninfected computer to read the directions. The bug blocks websites that can kill it such as Microsoft, Kaspersky, Trend Micro etc. It also blocks system update so don't waste your time. Using F11 is a mistake also as that takes the computer back to the day you bought it, but with the Kido Virus still intact. Microsoft states,
"If your computer is infected with the Kido/Conficker worm, you might be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or to access certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner. If that doesn't work, read the following Microsoft Help and Support articles on an uninfected computer. "
If you are planning to download the latest Microsoft Malicious Software Removal Tool on an uninfected computer and transfer it to yours via a USB device, please use a new USB, as the virus spreads via USB devices.
Microsoft just offered a 250k reward to catch the bastards that created this nightmare! I hope it works and someone turns the culprit in.
Hope this helps,
Keifer