miekiemoes

It looks like everyone received this PM here. Look at the online users today :s This appears to be the same/similar bot/spammer that was active 2 weeks ago at SEVERAL other IPB Boards. Many users got infected then. It may be a good idea to set a PM policy here, for example, Only the ability to PM when you have at least 3…

If you don't want the addon (Toolbar), then uninstall it. I don't know what Toolbars are installed there, but one of them should be a conduit toolbar. Conduit has loads of different toolbars though.

This smells like a File infector. Most probably Virut or Sality, since both are common viruses nowadays. These files should be disinfected and not deleted. It appears to be a heuristic detection here, so it may be a great idea to submit some samples here. See here how to do this:…

It's most probably one of these Conduit/EffectiveBrand "Free Community" toolbars that your client has installed - This one modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality.

Hi, It may be a great idea to install Bitdefender in order to clean up the infection, because in above (incomplete) log, I don't even see bitdefender installed.

Hi, Since it's located in your system restore points, the easiest solution is to Flush your system restore points: To do this, you have to disable systemrestore and enable it afterwards again. (note: this will delete all your system restore points and malware that were present in it). Read here how to disable system…

Hi, ErrorSmart 2009 is a well known utility to maintain windows system As a matter of fact, there's a good reason Bitdefender detects some components from Errorsmart as infected. Errorsmart is one of these so called Registry cleaners (Rogue) that brings up a ton of false positives and forces you to buy the program in order…

Hi, I don't see why Bitdefender should delete all cookies, temporary files and orphaned registry entries as Ccleaner does. Bitdefender will only delete / fix in case if it's detected as malware. The other question I have is on startup I have an entry called BD agent. Is this to do with BitDefender and what is it? There is…

Imho, this is no false positive at all. Hacks/cracks/Keygens are always a risk and install/download malware in 80% of the cases.

Hi, I have already answered your log somewhere else. It appears that you have started this same thread at a lot of different forums. This is confusing for the people who are helping you and actually a waste of time since many helpers will now analyze your log while someone else is already helping you. That's why it may be…

Hi, Not sure what I can add to the instructions that were already given there though...

So I assume it's resolved now?

So, it's in All Programs if you RIGHTclick any of them there? Rightclick your taskbar > properties > start menu tab > customize button > advanced tab In the list there, scroll down and make sure: "Enable dragging and dropping" is ticked. Btw, this is no virus causing this.

Why do you think this is a virus causing this? when i choose either one program and right click it will not come a bos indicate the menu Please elaborate.. a "bos indicate the menu" ? Do you mean the context menu?

Thanks Cd-MaN

And mine http://forum.bitdefender.com/index.php?showtopic=3987

Yea I am using IE7. I had tested using IE without add-ons, at first, there was no problem, but then after surfing a few website, the virus appear again... Can you tell me what add-ons (Browser Helper Objects) are present there? Actually, it may be easier to find out if you posted a HijackThislog. I also used Spybot:Search…

hehe86, I am pretty sure that your problem relies in the BHO components of your Internet Explorer, which means the Browser Helper Objects. Not sure if you're using IE7 or not, but if you do have IE7, you can test this by running IE7 in "no addons" mode. To do this, rightclick your IE icon on your desktop if present and…

I understand that it was suspicious - especially since all your extensions were disabled. Actually I don't know if there's any type of malware that does this, but it does make sense in a way to disable FF extensions.. For example, NoScript disabled and other Firefox security extensions disabled... We don't want to give…

Good to hear you solved it already

I don't know what caused the "loss" of extensions. Most probably it was just a buggy install. I don't think that your extensions are lost/disabled though - I rather think that a new "clean" firefox session was started/created. Take a look in this folder: C:\Documents and Settings\yourusername\Application…

Niels, are you sure this inf file is related with what you were dealing with? Reason I am asking is... When I performed a googlesearch on the "VIDC.MFZ0=MyFlashZip0.ax", I arrived here: http://www.siteadvisor.com/sites/shmyl.com...nloads/4366729/ Seems like it's getting installed with Moyea SWF to Video Converter (what's…

Niels, can you PM me with the link where you got infected? Thanks. If I delete everything what I can read in the .inf file is it then gone? If the .inf files contains all information what files were installed and registry keys were added.. and you deleted them, then it should be gone. However, always doublecheck.

If it's possible to upload the Virtumonde variants here, please do so, and I'll forward them to the person who maintains our removal tool. Collected and attached some undetected samples (recent ones) from different computers. I assume ConHook variants are also targetted by the removal tool?…

You may want to check for rootkits. Have seen this a lot when rustock* is present. http://vil.nai.com/vil/content/v_140181.htm Read here how to remove it: http://www.geekstogo.com/forum/How-to-Remo...ns-t140682.html

You're most welcome.

You can also try Vundofix: http://www.atribune.org/ccount/click.php?id=4 This will be the fastest and easiest option. Run the tool and it will scan for virtumonde/Vundo/Conhook related files and delete them. In case it doesn't recognise the ones you have, you can rightclick in Vundofix and select the option to add more…

A somewhat better approach would be to find out first which process loads those DLLs When it's indeed Adware.Virtumonde.GFH, it will be loaded under winlogon.exe and explorer.exe/iexplore.exe (since it runs as a Browser Helper Object as well). if you're under Vista, then you can deal with this easily since Vista doesn't…

Remember that if someone updated from SP1 to SP2 without any format (just a simple upgrade), the Messenger Service would remain Enabled. No, it will be disabled - it's one of the extra "Security features" of SP2 and that is to disable the Messenger Service. I don't think that malware would start the Messenger Service to…

As far as I know, I haven't seen any Messenger Service popups where Messenger Service wasn't on top.. But everything can be tweaked ofcourse. But by default, it displays Messenger Service. Anyway, concerning the popups in general, if they only appear when you visit a certain site, then there's nothing to worry about. Some…