JeanInMontana

It saw me try. Froze IE and BSOD .

OK how can you upload it if it's not there? That doesn't make sense you have to go to the file to upload it to VT. I don't know what you mean by extra log, please post all logs generated.

I have managed to get a copy of the Drwtsn log to the desktop, but Firefox is freezing now when I try to upload it. I swear what ever this thing is recognizes certain words like Malwarebytes or log and stops them. I might have to give it to you via MSN.

I'll give it a try. I'm strongly inclined toward malware, because I can't get a scan with most programs without a BSOD and nothing detected of course. I don't think it's MBAM causing the BSOD's at all because they were happening long before it was installed. I'll try to get it booted for long enough to get the goods.

I tried to run a full scan in safe mode on my XPHome 256 RAM 2100+ CPU desktop (which has major issues) and MBAM got the old "has to shut down error, would you like MS to know" but then, DrWatson also got that error. This was about 8 minutes into the scan and an item was found. Soon after I got a BSOD, which I don't think is program related at all, but perhaps malware related. I was using safe mode because I can barely keep the system booted at all and I'm hoping it's malware and MBAM will save me a reformat. So I rebooted into safe mode and went for the quick scan , it got through that and found a trace I removed, it was nothing I recognized. Then did an update and tried to do a full scan again with the same freeze up at the same time spot around 8 minutes and DrWatson failed too. Then the whole system went to BSOD with out getting a full system scan. I don't know that the freeze is even a MBAM issue, but in case I thought I should post it. If you think the trace name or log is important, I can try to get it off that machine.

Hey, looks like my hunch might be right. I'm going to PM you my email address so you can send me a copy of that file and I will get it to all those companies not detecting it now. We still need to find everything running with it. To get all our tools in the best shape possible I would like you to uninstall that version of HJT and get the non beta one. Install it and then go here and print the instructions for this scanner and install it http://www.geekstogo.com/forum/index.php?a...amp;showfile=19 and run a scan. Post that here and we will see what shows up. Also in HJT under Misc. tools use the startup list feature and post that log for me, it will be very long and you may need to make it a separate post, that might help to just do that. Please.

Boy this is a pain. Can you upload this file C:\windows\system32\gohgfhaaya.exe to here http://www.virustotal.com/ and have it scanned. Unless you know what it is. Google gives nothing. That is sometimes a sign it is a new infection. Post back what VirusTotal says and a new HJT log please.

You should have run SmitFraud when you were given the instructions. It would be done. AVSystem Care is a SmitFraud infection. What reports that? What was the program? It is important that you follow the instructions given and not take action on your own. That is how things get damaged when two people are making major changes and a lack of communication.

Your account is active and bottom feeder is a given.

I can probably do it, who do you want to be?

My protection blocks the site, but McAfee SiteAdviser rates it red. Have you installed any new games? One of the links from that site is to a poker site, titanpoker.com. Nothing is showing up in your log. We will do this, you must have got a new version, because RogueRemover has worked on this for quite a while. Please download SmitfraudFix (by S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract the contents (it will create a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm This is not a virus. It is a trusted tool. Let me know how things work after this and please post the log.

Some guy that changes his name on every site he registers at. But I found him out.

Yes it is a F/P and it has been reported to Symantec. Thanks for taking the time to let us know also.

Alright!! Congratulations to the team behind this also. Way to go guys.

Ok, please go here, http://www.pandasoftware.com/products/activescan.htm and run the scan, save the log and post it here. You will need to use IE and allow the active x to install.

Ha there were two of them! Did a rescan and no cookie.

Well can you highlight it in the attachment or mark it somehow and repost and I will delete it from my file. But why doesn't RRP remove it when I say to??

I looked I didn't see it. That doesn't mean it's not there. I will attach the file. What a mess. cookies.txt cookies.txt

Your still getting the popups? Or no? Did you download or install anything from wixawin?

This has been going on for a while now that RRP finds a cookie from antispyware.com. I choose remove and it seems to do that, then the next time I scan it will be there again. I don't go to the website so I can't imagine how I would actually get the cookie. I checked this again with this latest update and it was there again. I removed, closed the program and exited, just now opened the program and scanned again and it said it was there.

OK let's do this. Print these instructions or save to a notepad file as you need to have all browsers closed and be off line. Download SDFix and save it to your Desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Now update AVG Antispyware and run a full system scan, post anything it finds here. Next uninstall your Java from Add/Remove programs and delete the program file. Go here choose Java Runtime Environment (JRE) 6u2 offline installation. Post a new HJT log and we will see how we are doing.

Hi Bushy and welcome to Malwarebytes. Please get RogueRemover from here http://www.malwarebytes.org/rogueremoverpro.php install and update it, then run a scan and remove everything it finds. Post a new log in this thread.

Hey there is one entry for this....don't let this person go with no competition.

Have you looked on their site for an answer? Right click on My Computer and choose manage look in the services there and see if there is anything related to SAS. If there is stop the service and delete the file.

Right click on the toolbar and choose Task Manager. Click on the Processes tab and scroll through the list see if there is anything you recognize that could be related to SAS. If there is right click on the process name and choose end process. Be sure you are choosing the correct process though. If you never did know what processes were associated with the program, then you probably shouldn't attempt this. You might also try booting into Safe Mode and deleting the file then. To enter Safe Mode reboot and begin tapping the F8 key immediately. When you get the screen prompt navigate using the arrow keys to "Safe Mode" and hit enter. The computer will then boot into Safe Mode and you can navigate to the program folder and try deleting it.