Search Results

Search found 1209 results on 49 pages for 'malware removal'.

Page 10/49 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Tracking down Data Execution

    - by Agnel Kurian
    I have some malware infecting one of our machines at home. It first showed up as winulty.exe. After investigating, I am of the opinion that winulty.exe itself is an uninfected file but is being modified after it has loaded into memory. Turning on Data Execution Prevention for all processes and services has confirmed this to be true. How do I track down the process responsible for this? I've used File Monitor from sysinternals.com to monitor winulty.exe and see this being accessed by the svchost.exe instance hosting most of the system services and also by dfrgntfs.exe. How do I know which service or which DLL has been infected?

    Read the article

  • Hiding a directory through the FAT table

    - by hennobal
    I've looked into the FAT file system, trying to find a way to make a directory hidden from view of the user. This has been done with malware previously, so it should be possible. The SpyEye trojan hid inside a directory C:\cleansweep.exe\ which was only reachable through the command line. I know deletion is possible by substituting the first character of the directory in the FAT table with 0xE5, but then it will not be accessible. Any ideas on how the scenario from SpyEye can be recreated? Any filesystem is interesting, but ideally FAT or NTFS.

    Read the article

  • How to know what dll or services taskhost.exe is hosting?

    - by tigrou
    I have recently discover a new process in the task manager : taskhost.exe (maybe it was there before but i did not notice it) As the name implies, it seems to be used for running dll in background (like rundll32.exe). Is there a way to know which dll / services this process is hosting ? i would like to know for which purpose it is used and if there is some malware or not. I know it is possible to see which services svchost.exe process is hosting using process explorer utility. I have checked taskhost.exe threads and their stacks using process explorer, here is what i get : So it seems it is used for sound (winmm + playsndsrv). But there is also other things for which very few information is provided (ex : thread 1456, taskhost.exe as start address and nothing relevant can be found in stack (same for 1464, 2272 and so). So maybe it is not the right way to do.

    Read the article

  • How do I tell if there are unwanted remote guests on my computer? [closed]

    - by WckdMsftsGrl
    Possible Duplicate: What to do if my computer is infected by a virus or a malware? Why do I always find the strangest programs and the strangest text files all the time? All kinds of weird things happen, like my screen changes and the address line doesn't change in IE, just weird stuff. Is it me or could there really be something going on? I've never had so much trouble with any computer before and I am on a public access point where I live. Any advice will be greatly appreciated. I either need peace of mind, or a good defence, because this is getting out of hand.

    Read the article

  • How can I fix a computer that is literally too slow to do anything?

    - by fredley
    I'm troubleshooting a Windows 7 PC for a friend. A couple of days ago it started running 'slow'. It turns out 'slow' is about 15 minutes to the first glimpse of the desktop, and another 30 to show icons. It is possible to open Task Manager, and nothing seems awry, CPU usage at 1-5%, plenty of memory free. The machine is clearly infested with malware though, in particular a program called 'Optimizer Pro' is demanding money to 'remove 5102 files slowing down my computer'. This seems highly suspicious. My problem is though, that I can't access msconfig (I left it for a couple of hours after having hopefully typed it into the Start Menu and hit enter - nothing seems to have loaded), or anything at all basically. I can boot from a Linux Live CD, but can I actually do anything useful from there? System Restore hasn't fixed it either, and Safe Mode exhibits the same behavior.

    Read the article

  • Wordpress hacked. Disabled hacked site but bad traffic continues [closed]

    - by tetranz
    Possible Duplicate: My server's been hacked EMERGENCY My Ubuntu 10.04 LTS VPS has been hacked, probably via a WordPress site. I was alerted to it when I noticed the incoming traffic was unusually high. A WordPress site was littered with eval(base64_decode(...)) code in lots of files. My fault, I had some files writeable by www-data which shouldn't have been. I've disabled that site (a2dissite ... and restart Apache). This has reduced it but I am still getting some malware type traffic. My server runs several WordPress and Drupal sites and a home grown PHP site. I have captured traffic with tcpdump and looked at it Wireshark. It's reaching out to the login page of some Joomla sites, trying multiple logins. The traffic stops when I stop Apache. If I a2dissite every site and reload (not restart) Apache the traffic continues. At that point I have no virtual hosts running and no DocumentRoot in my apache2.conf so I don't know how Apache is still running something. I have searched the other sites with grep for likely looking php code with no success. I may have missed it but I haven't found anything suspicious in the Apache logs. I have mod-status running. I haven't really seen anything much there except that someone is still trying to do a POST to the theme page on the disabled WordPress site but they now get a 404. What should I be looking for? Are there any tools or whatever which would give me more info about how Apache is generating that traffic? Thanks

    Read the article

  • Cannot Delete Item "Could Not Find This Item" issue

    - by aronchick
    A friend sent a long a file (a .rar) he wanted me to check out for him before he installed it. I downloaded it and unrared it with no problems, but it was full of .exe's instead of the intended contents (fonts) so I advised him to delete it immediately and not use. I then proceeded to do the same, but the folder simply will not delete. Oddly the files went fine, and I never ran anything, but this is what I'm seeing: Could not find this item This is no longer located in C:\Users\This_User\Desktop. verify the item's location and try again. I've tried the following things with no help: Using "Unlocker" to Unlock and delete Using move on reboot and rebooting Using PendMoves (from sysinternals) and rebooting Elevating a cmd line, doing a dir /x to get the short name of the folder, and then del 'shortna~1' Moving the folder to a new folder and then trying to delete the parent folder I'm on Windows 7 RTM, very fresh install. Any thoughts? Update: Just to confirm, I've run Hijack this and half a dozen other malware detectors, and everything came back clean (no extra processes, no other obvious badness). Rebooting in safe mode didn't help either.

    Read the article

  • Cleaning a proxy/phishing trojan from Windows XP computer

    - by i-g
    I am trying to remove an interesting trojan from a Windows XP computer. It manifests itself as a phishing page (screenshot linked) that appears after the user tries to log on to eBay. So far, I haven't found any other web sites that are affected. As you can see, the trojan intercepts browser connections (all installed browsers are affected) and injects this phishing page. The address looks like it's ebay.com, but HTTPS verification doesn't work (no lock icon or green bar in Firefox.) At some point, Trojan.Dropper appeared on the computer. I removed it with Malwarebytes Anti-Malware. Although it reappeared several times, it seemed to be gone after I booted into Safe Mode and did a full system scan with MBAM. Now, however, a different trojan has appeared on the machine; I suspect it was installed by Trojan.Dropper. So far, MBAM, Ad-Aware, and Spybot S&D have been unable to remove it. I've looked for it in the HijackThis log but haven't found anything conclusive. Has anyone run across a trojan like this before? Where would I start looking for it to remove it manually? Thank you for reading.

    Read the article

  • Does Antivirus2009 or Antivirus360 automatically install on your computer and if so how?

    - by sergey
    I run Firefox on Vista, and unfortunately I got tricked (through a deceptive google result) into going to a page containing one of those fake "Your Computer Has all of this Spyware on it!" pages. I tried manually closing the tab, but it had a "Are you sure you want to navigate away" JavaScript alerts (HATE THOSE). So I clicked "OK," and the tab closed. Then I closed firefox altogether and rebooted. Now, before I could close the tab, it did prompt me to download a file, but of course I choose not to, and checking my downloads folder, nothing new is there. Also, even if I ?did? download it, ?I? would still have to choose to run it by double clicking on it for it to install itself, right? Also, I ran Malware Bites and Windows Defender and both said everything was fine. From this I would normally believe I am safe, but I have read everywhere that this thing "automatically installs" itself and that it is a bitch to get rid of. Is it really possible for this thing to dig in if you are running firefox and didn't choose to download it or run it after downloading?

    Read the article

  • Thomson router reboots unexpectedly with an apparent remote connection attempt

    - by ChrisF
    I've got a weird problem. Every so often my rooter (a Thomson TG585 v8 running version 8.2.7.8 of it's firmware) reboots itself. It seems to be associated with this message in the event log: FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 183.178.144.177 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Host Unreacheable xxx.xxx.xxx.xxx is my external IP address 183.178.144.177 resolves to 183178144177.ctinets.com We've got a student from Hong Kong staying with us at the moment and the reboots seem coincidental with him starting up his laptop. I say this because a check on ctinets.com shows it to be based in Hong Kong, though our guest's laptop doesn't appear to have any software related to this company installed. I say "apparently" as he is running the Chinese version of Windows and his English doesn't cover technical subjects like this. I know this is an incoming message but I was assuming that it was in response to something on the student's laptop which is why the first thought was malware, but we've got anti virus on all the other machines and have run malwarebytes on his with a negative result so I don't think the problem is due to a virus or (known) trojan. What else can I do to stop this and identify the cause?

    Read the article

  • JPEG artifacts removal in C#

    - by Arcturus
    Hi all I am building a website for a club that is part of a mother organisation. I am downloading (leeching ;) ) the images that where put on profile pages of the mother organisation to show on my own page. But their website has a nice white background, and my website has a nice gray gradient on the background. This does not match nicely. So my idea was to edit the images before saving them to my server. I am using GDI+ to enhance my images, and when I use the method MakeTransparent of Bitmap, it does work, and it does do what its supposed to do, but I still have these white jpeg artifacts all over the place. The artifacts makes the image so bad, I am better off not making the image transparent and just leaving it white, but thats really ugly on my own website. I can always at a nice border with a white background of course, but I rather change the background to transparent. So I was wondering if and how I can remove some simple JPEG artifacts in C#. Has anyone ever done this before? Thanks for your time. Example image: Transformed image:

    Read the article

  • Visual Studio: How to protect file from removal on uninstall

    - by raj.tiwari
    Folks, I am creating an installer project in Visual Studio. This is done using a project of type "Setup and Deployment". I lay out the file structure of my final install in the "File System" View of the project. Now, some of the files I create as part of my install are updated while my application is used. I would like these files to not be removed during an uninstall of my application. Is there any way in Visual Studio to designate a file as "protected from uninstall"? Thanks for your help.

    Read the article

  • jquery script removal

    - by VictorS
    I am working on a page(ASP.NET 3.5) that has alert when "Save" button is pressed, i.e.this in page code behind: Page.ClientScript.RegisterStartupScript(this.GetType(), "alertMsg", "alert('" + Message + "');", true); So when I look at the page after sucessful save I see a script tag added: <script type="text/javascript"> //<![CDATA[ alert('Save Sucessful.'); </script> The problem is that there is another button that redirects to another page and on that page there is a button to jump back to this page, i.e. javascript:history.go(-1); So if you save then go to another page and come back you see alert again. Unless there is a better way of handling this situation, I think I need to remove that script when I redirect from the page, can I do it with jQuery, i.e. on redirect button click remove above script from the page?

    Read the article

  • Excel password removal

    - by nkcooke
    We receive Excel workbook files every day which are password protected with the same password. We know this password. Is there a utility or method to remove password protection on these workbook files without invoking Excel.exe or the Excel object. Our goal is to take Excel out of the process and utilize SpreadsheetGear in VB.net. However, SpreadsheetGear can only unprotect worksheets not workbooks. Thanks

    Read the article

  • computing "node closure" of graph with removal

    - by Fakrudeen
    Given a directed graph, the goal is to combine the node with the nodes it is pointing to and come up with minimum number of these [lets give the name] super nodes. The catch is once you combine the nodes you can't use those nodes again. [first node as well as all the combined nodes - that is all the members of one super node] The greedy approach would be to pick the node with maximum out degree and combine that node with nodes it is pointing to and remove all of them. Do this every time with the nodes which are not removed yet from graph. The greedy is O(V), but this won't necessarily output minimum number super nodes. So what is the best algorithm to do this?

    Read the article

  • Detecting USB drive insertion and removal using windows service and c#

    - by Kb
    Looking into possibility of making an USB distributed application that will autostart on insertion of an USB stick and shutdown when removing the stick Will use .Net and C#. Looking for suggestion how to approach this using C#? Update: Two possible solutions implementing this as a service. - override WndProc or - using WMI query with ManagementEventWatcher

    Read the article

  • Animating the <li> removal in jQuery

    - by Marco
    Hi guys, i'm adding and removing <li> elements with jQuery, that are shown horizontally with the following style: #my_ul { list-style: none; } #my_ul li { float: left; margin: 0px 15px; } For example, if i add four <li> to an <ul> and then i decide to remove the second one, after it has been removed the other two <li> elements on the right immediately move to the left. What i'd like to do is to animate this behaviour, with the remaining <li> elements that softly moves to the left. Any tips? Thanks

    Read the article

  • Chrome plugin removal

    - by kambamsu
    Hi, I'm writing an NPAPI plugin. In every webpage that the browser goes to, I inject my plugin with an object tag. Something like: <object id="myplugin" type="plugin-mime-type" > In some pages where i dont want it, after injection i remove it by finding the element using the id and doing a document.removeChild. From my logging i found that in firefox and opera, doing this automatically calls the plugin destroy method NPP_Destroy (NPAPI). But in chrome, it doesnt seem to call it. Is there any special way that i should remove a plugin in chrome that i am missing?? Any help would be appreciated. Thanks

    Read the article

  • How to prevent Hibernate from nullifying relationship column during entity removal

    - by Grzegorz
    I have two entities, A and B. I need to easily retrieve entities A, joined with entities B on the condition of equal values of some column (some column from A equal to some column in B). Those columns are not primary or foreign keys, they contain same business data. I just need to have access from each instance of A to the collection of B's with the same value of this column. So I model it like this: class A { @OneToMany @JoinColumn(name="column_in_B", referencedColumnName="column_in_A") Collection<B> bs; This way, I can run queries like "select A join fetch a.bs b where b...." (Actually, the real relationship here is many-to-many. But when I use @ManyToMany, Hibernate forces me to use join table, which doesnt exist here. So I have to use @OneToMany as workaround). So far so good. The main problem is: whenever I delete an instance of A, hibernate calls "Update B set column_in_B = null", becuase it thinks the column_in_B is foreign key pointing at primary key in A (and because row in A is deleted, it tries to clean the foreign key in B). BUT the column_in_B IS NOT a foreign key, and can't be modified, because it causes data lost (and this column is NOT NULL anyway in my case, causing data integerity exception to be thrown). Plese help me with this. How to model such relationships with Hibernate? (I would call it "virtual relationships", or "secondary relationships" or so: as they are not based on foreign keys, they are just some shortcuts which allows for retrieving related objects and quering for them with HQL)

    Read the article

  • SpringSource Roo Controller Removal

    - by Steve Wall
    Hello, Environment: Windows XP, SpringSource Tool Suite 2.3.2, Roo 1.0.2.Release, Java 1.6.0_10, tc Server 6.0 I'm using the canned Roo generated code. I created an entity and associated controller. Then deleted both classes. The problem I'm seeing is the Roo created home page still shows the "Create/List" section for the deleted classes. I'm executing this within the tc Server, within Eclipse. Any ideas on how to get Roo to update the home page? Thanks, Steve

    Read the article

  • Binary Search Tree node removal

    - by doc
    I've been trying to implement a delete function for a Binary Search Tree but haven't been able to get it to work in all cases. This is my latest attempt: if(t->get_left() == empty) *t = *t->get_left(); else if(t->get_right() == empty) *t = *t->get_right(); else if((t->get_left() != empty) && (t->get_right() != empty)) { Node* node = new Node(t->get_data(), t->get_parent(), t->get_colour(), t->get_left(), t->get_right()); *t = *node; } t is a node and empty is just a node with nothing in it. I'm just trying to swap the values but I'm getting a runtime error. Any ideas? Thanks

    Read the article

  • Observing an NSMutableArray for insertion/removal

    - by Adam Ernst
    A class has a property (and instance var) of type NSMutableArray with synthesized accessors (via @property). If you observe this array using: [myObj addObserver:self forKeyPath:@"theArray" options:0 context:NULL]; And then insert an object in the array like this: [[myObj theArray] addObject:[NSString string]]; An observeValueForKeyPath... notification is not sent. However, the following does send the proper notification: [[myObj mutableArrayValueForKey:@"theArray"] addObject:[NSString string]]; This is because mutableArrayValueForKey returns a proxy object that takes care of notifying observers. But shouldn't the synthesized accessors automatically return such a proxy object? What's the proper way to work around this--should I write a custom accessor that just invokes [super mutableArrayValueForKey...]?

    Read the article

  • Ruby - calling constructor without arguments & removal of new line characters

    - by Raj
    I am a newbie at Ruby, I have written down a sample program. I dont understand the following: Why constructor without any arguments are not called in Ruby? How do we access the class variable outside the class' definition? Why does it always append newline characters at the end of the string? How do we strip it? Code: class Employee attr_reader :empid attr_writer :empid attr_writer :name def name return @name.upcase end attr_accessor :salary @@employeeCount = 0 def initiaze() @@employeeCount += 1 puts ("Initialize called!") end def getCount return @@employeeCount end end anEmp = Employee.new print ("Enter new employee name: ") anEmp.name = gets() print ("Enter #{anEmp.name}'s employee ID: ") anEmp.empid = gets() print ("Enter salary for #{anEmp.name}: ") anEmp.salary = gets() theEmpName = anEmp.name.split.join("\n") theEmpID = anEmp.empid.split.join("\n") theEmpSalary = anEmp.salary.split.join("\n") anEmp = Employee.new() anEmp = Employee.new() theCount = anEmp.getCount puts ("New employee #{theEmpName} with employee ID #{theEmpID} has been enrolled, welcome to hell! You have been paid as low as $ #{theEmpSalary}") puts ("Total number of employees created = #{theCount}") Output: Enter new employee name: Lionel Messi Enter LIONEL MESSI 's employee ID: 10 Enter salary for LIONEL MESSI : 10000000 New employee LIONEL MESSI with employee ID 10 has been enrolled, welcome to hell! You have been paid as low as $ 10000000 Total number of employees created = 0 Thanks

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >