[Winrar malware HELP]

Hello Sydney and welcome to Malwarebytes. Please follow these instructions here and begin your own topic in that forum.

[Can you give me examples of where you can get antiVirus2009]

Yeah and we would have nothing but real life to do.

[Tr/Trash Gen Vundo AGAIN]

Following instructions saves lots of time.

[right click menu]

MBAM is not an antivirus program. I have the option to scan with my av[Avira], SBS&D, or MBAM on right click. It has to be on your end.

[help, this bug is driving me crazy]

Hello refrig and welcome to Malwarebytes. Please delete Smitfraud fix from you desktop, never use tools like this without supervision, from someone who knows how they work and what to do with them. Please follow these instructions here and begin your own topic in that forum.

[BackDoor.Hupigon2.KIS detected]

Hi and welcome to Malwarebytes. D:\System Volume Information\_restore{AA8025BF-4B67-4F0C-A1BB-1B79773165E5}\RP14\A0004174.exe

That file was in System Restore, so it's is a past infection.

We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

[Cannot run anything on my PC, have a hijackthis log...]

Did you try renaming MBAM? Have you considered reformatting? Can you download from another PC and burn to a CD?

[<_<Did get everything removed?]

OK your infected with a rootkit. You may never be totally cleaned without a reformat. I need to tell you this so you can choose to go forward or to reformat. Either way you must change all passwords, notify all banks, credit cards and any other sensitive areas of information that may be on your machine or that you have accessed.

If you decide to go forward please follow these instructions:

Please set your system to show

all files; Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Please get this file below:

Author: Option^Explicit Download Location

License: Freeware [urlhttp://download.bleepingcomputer.com/spyware/KillBox.exe] KillBox Download Link

Operating System: Windows

File Description:

Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.

Usage Information:

Download this file and run the killbox.exe file. When it loads type the full path or copy and paste the path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

system32\drivers\TDSSpqlt.sys Paste that file path into Killbox. Reboot

Update MBAM run a quick scan post the log and a new HJT log. Please post MBAM log before HJT.

[Malware Problem]

did you check O18 - Filter hijack: text/html - {53184a8a-5ad5-4533-b3be-204bfb930c30} - (no file) and click fix?

Where is the folder COMMON located? What's in it? The images are a setting in IE I think.

[Help, Cannot find INFECTION!!!]

Hello again. ;-) Please move HJT to Program Files\HiJack This . PowerPoint is part of Office, it may try to access for updates. I wouldn't be too worried about PP accessing, it's not malware. The two HJT lines you question are from System Mechanic. If you have it installed.

What McAfee found was in temp files and not resident. CCleaner <=== not a security application.

I see no malware in your logs, MBAM is outdated.

You have lots of stuff starting at boot up that is not needed. You must update the following.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.

[i can't find the keylogger or hacker]

Hi and welcome to Malwarebytes. Please update MBAM run a quick scan post the log.

Please get HiJack This! install it to C:\Program Files

Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment I will analyze it and give you instructions on the next step.

[Malwarebytes disabled internet connection]

Panda scans places MBAM does not. You need to delete some email, that is one place Panda shows you have a worm. C:\Documents and Settings\Jeff\Application Data\Thunderbird\Profiles\uvwdr67s.default\Mail\mail.edmondsplace.com Delete all that stuff in that folder from edmondsplace.com that Panda is flagging. The other items are in System Restore and that will be reset once we are sure your not going to need to use it. MBAM has updated many times since you have. Please update it run a quick scan. Post that log and then HJT please do in this order MBAM then HJT, before you scan with HJT shut down all unnecessary programs and close all browsers.

[Logs for bot preventing install/run even in safe mode]

Yes there are much newer definitions, are you able to get the infected machine online? If so update MBAM that way, quckscan, post the log.

C:\Documents and Settings\John Doe\Desktop\HiJackThis.exe move HJT to program files into it's own folder. I need that log with an MBAM log always and after you have ran MBAM.

[Malware Problem]

So how are you running? Logs look pretty good. Please run HJT in scan only mode and put a check next to the following, then click fix.

O18 - Filter hijack: text/html - {53184a8a-5ad5-4533-b3be-204bfb930c30} - (no file)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Reboot, updtate MBAM, run a quick scan if it's clean and your running smooth go to this next step, if not please post the log from MBAM and then the HJT log.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.

If you clean even after this we have a last step.

[DELETION OF INFECTED REGISTRY KEYS...HELP]

I didn't tell you to remove anything. I want to see the log in order to see what is bad. I also asked for a new updated scan and log from MBAM. Update MBAM run a quickscan, post that log and then post a new HJT log. Please follow this order MBAM then HJT. Update MBAM.

[Can you give me examples of where you can get antiVirus2009]

Hi robinb and welcome to Malwarbytes. A list of where not to go is impossible, better to install prevention tools, SpywareBlaster, SiteHound, SiteAdvisor, hpHosts, Spybot Search & Destroy and use the immunize feature. Those programs and host file all use site blocking or warnings about bad sites to help and hpHosts targets more rogues than others IMO.

Common sense is huge, don't believe the popup telling you program x is needed. Or a certain codec. Stay off the pr0n, free game, poker and torrent sites. No P2P period or cracks, warez, keygens.

[DELETION OF INFECTED REGISTRY KEYS...HELP]

Hi and welcome to Malwarebytes. Please get HiJack This! install it to C:\Program Files

Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment after you update MBAM and post that log, be sure to remove all items found.

[Matrix on Windows]

You will laugh.

[Tr/Trash Gen Vundo AGAIN]

You need to go to the proper forum and post the logs, if you do indeed have new things showing in an MBAM scan. But as I said, your not infected by what Avira is telling you. You jump to conclusions because you don't understand what the program is saying, and you don't follow instructions, you argued about whether updating MBAM was going to help during the clean up. Learn how your programs work. This is part of the instructions you didn't follow.

Read the overviews of what each program below does so you have an understanding of their importance and how to use.

I stand by my statement, if you had cleaned all Restore points no malware could be found in them. The Avira log showed stuff found in System Restore, it was removed moved to quarantine renamed and awaits your deletion. Turn on the rootkit scan, choose a second action when malware is found.

I already have Spybot Search & Destroy but do not use it for prevention since I have only 1 gb memory. I have to balance protection with functionality -- have learned that too many programs that load on startup really impact speed and performance (have really tried hard to trim that list down to bare minimum). Since I implemented much of what you suggested I thought that was a reasonable course of action given my memory restrictions.

1 gig of memory is huge. You are NOT limited, and again, you don't know what SBS&D does, or how the protection works, it uses nothing from system resources. Immunize! If you would just do as you have been advised and not double guess or assume, you would be fine. SpywareBlaster doesn't load into memory, if you had read the program details in the instructions you would know that. I make all recommendations based on how the system will be affected, cost, which is free and how well it will save someone. Secunia will scan for stuff known to be exploitable if not updated. It will not protect you if you don't update what it tells you is in need of that. It is not a stand alone program.

I might be a bit jaded, and I lose patience when people will not read and follow instructions. I tend to be short and to the point, I have lots to do in a short time. Sorry if you were offended that was not my intention.

[New and Needs Help]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[I need help... Computer running very laggy/choppy]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Trojan.Vundo]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Help vundo.h]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Task Mgr disabled, regedit can't be accessed]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

[Need help with removing virus]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.