covert

Hi JB, no worries just wanted to check I was in the right place, sorry to hear you have a head cold OUCH f8 pressed, started in last known good config, says booting in safe as before directory? It is a Xmas gift from new. I have added when I got it in December - the security products recommended here under security, as always I use for them. They update automatically. As far as I am aware I have done nothing to case this, a friend online said it could be a fault with the HD a bad batch? It is in safe mode. I cant start it out of that. Not a clue how either lol I dont touch anything on these without checking how first as I know I dont have the knowledge. I havent installed anything recently on it. It was running like adream and all of a sudden went off saying it was doing it to protect, then it did the restart but not load windows, and would have to be forced shut down, and would come back on itself but not lad windows. Next day I turned it on it came on but is in safe mode, as it is now after start last known good config I have windows update on auto, and my anti virus updates daily, I havent added any hardware at all since I got it when I added a blue tooth dongle. I have my older machine to use for now until this can be resolved. thanks hun

Have I said something wrong or is this in the wrong place? can anyone help me please

SOrry if this is the wrong place to post this I have a new ASUS EEE on win 7 starter INTEL atom 1gig memory Ok I was on the net last night, I have all the security you recommend under security It Just went off, then a message popped up saying it has shut for safety as there is a problem It would turn on, and had 2 options - start normal windows or start with system fix/recovery (something similar sorry lol) That second was recommended so I did, windows load bar came but stayed tried in normal, same, every time I turned it off by force mode it restarted itself I left it alone Tried again today thinking if I can get it on I can get help. It came on but is in safe mode. I cant get it off safe mode and no idea what to do. Please could you help thanks to add - I havent added new hardware or software recently

yay great, I do keep getting these 'attacks' but thankfully it looks like, thanks to you all, I am well protected. I thought best to get it checked out as they kept poppig up. Thanks so much Chiaz

yep I will try my best, oh there are 3 in quarrantine now all from facebook. 1 - c:\users\(myprofilename)\AppsData\Local\Mozilla\Firefox\Profiles\oaw688gp.default\Cache\8C63E976d01 Quarantine object - 4aef7bdb.qua 2 - c:\users\(myprofilename)\AppsData\Local\Mozilla\Firefox\Profiles\oaw688gp.default\Cache\42EAEB76d01 Quarantine object - 4aef6b96.qua 3 - c:\users\(myprofilename)AppsData\Local\Mozilla\Firefox\Profiles\oaw688gp.default\Cache\4498941Ad01 Quarantine object - 4aed52e4.qua thanks, sorry lol I couldn't copy and paste it so had to do it type bit by bit flcking screens back n forth, my friend had had an attack from Farmville and FB also the same night I made this thread. I have omitted my profile name as I wasn't sure wether to give it or not. Thank you chiaz, and happy Birthday for yesterday :)

And a bit more info. The two files I have sent to quarantine through Avira advice, and uploaded to them as requested are - both say contains suspicious HTML/HEUR malware ? Not sure if this is relivent or even helps.

Now for the bad news, I informed my friends last nite to be careful, and one farm town friend had the exact same problem when entering farm town. The they had a problem with a hack when logging on to Facebook. I also had a proble,, my antivir stopped a bug when I was going onto another app I play daily. Spp.com (super poke pets) Now I know these sites are safe usually, so this is a worry. Ok the report which I don't understand for the Hijack this result is as follows, this I worry won't be so good lol - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:06:52, on 28/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = eBay - The UK's Online Marketplace R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MEDION International R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 8440 bytes

Hi chiaz, well goon news and bad news. The good first - The malwarebites is clear totally. - here's the result file - Malwarebytes' Anti-Malware 1.40 Database version: 2709 Windows 6.0.6002 Service Pack 2 27/09/2009 15:10:30 mbam-log-2009-09-27 (15-10-30).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 189565 Time elapsed: 1 hour(s), 16 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

hi chiaz, yes Ill get on it straight away and get back to you. I did a virus scan after this last nite with Antivir and that came out clear, I also sent the quarranteened file from the app the other night off to them as requested by Avira. I have used Farm Town before a lot and had no problems until last nite, Be back soon :)

I am not sure if this is in the right place but I thougth this was a good place to bring my concerns. Hi everyone Ok, I use Facebook on a daily basis, I had a serious infection from using that site a while ago, but thanks to this fabby site I am cured and well protected. Last night I was messing around and got a pop up from my Avira AntiVir saying Threat detected I should block and quarantine, which I did. The app by the way was to put stars on your photos and hearts on your photo's. I deleted anything to do with it and informed my friends. Today I went to use FarmTown app, and I was re directed by google. Said teh site had been reported for infections, something about hackers etc?? Too tech for me, and I was told nt to go on it, also said my virus software had detected this too and blocked it. Why would google redirect me like this? Is this normal for Google to do this? And what should I do about this? Thanks, sorry for the long type:)

I have told everyone on my facebook about this fancheck app and the word is spreading, thanks

yay Yes I did notice the security team addition, great stuff. I have been notified af a few virus and bugs being passed thru Facebook recently, and so far I haven't had any of them, a good sign that my security is working well And I will always be coming back just to read up on things, or for any help or if I can ever, help others in return. Thank you JB

Could I also recommend you get another virus program, I had AVG free and it let all sorts of bugs into my PC. This site has many great recommendations http://extremetechsupport.com/forum/security-questions-av-firewalls-etc/3597-free-pc-help-recommended-security-products.html#post24984 Try here for which to choose. I have the free Avira AntiVir and it is working great.

You will be glad to know I now have SP2 for vista fully installed. I also haven't had any more infections thanks to you guys, and keep everything updated everyday and running, I feel so safe, THANK YOU :)

Bless you Jelly Bean, you made my PC run fabby dosey, spent a whole day with me helping me get it sorted. GREAT You deserve a break lol