can someone help

i dont know what to do i think theres virus and hijack homepage report from malware bytes and i have had alert from defense plus please help me or direct me to wher i can get help i dont know what to do

Hello, please run a scan with Malware bytes and super anti spyware

Switch defense+ and firewall into safemode (Right click the tray icon)
Go to;

Comodo → Defense+ → my computer security policy. Delete all the rules you’ve put in there (This includes from pop-up windows you’ve answered) You do not need to delete the ones comodo has already put in there by default.

Also please show us a picture of comodo → Defense+ → events

hi kyle thanks for the prompt reply events alerts jpegs this happened after i went to install sandboxie i got there alerts is this sandboxie doing this is it a virus that sandboxie had?

im running a superanti spyware scan now the results of malware bytes is below thanks

completed super anti spyware scan its no threats detected?

kyle how do i know which one comod put there by default theres a lots of apps in there i dont want to accendlty delete the ones comodo has put there defense + - computer secruity policy there a ton of apps in there thanks

guys threatfire is telling me malware bytes is malware and defense + telling me also malware bytes trying to install a hok? please see jpg below

thanks

[attachment deleted by admin]

Please follow this guide (you can continue after MBAM if you want ;))

And please post back the hijackthis log file

Xan

Hi experience

completed malware bytes malware log is below

completed super anti spyware scan its no threats detected?

do i still need to run hijack this ???

ok the steps are below in jpgs the steps i got the warnings alerts in

installing sandboxie and after that came alert one from comodo (jpg 1)

then installed malware bytes second alert (jpg 2)

then installed super anti alert three (jpg 3)

alert 4 after malware bytes scan (jpg 4 + 5) tried to remove hijack malware from malwarebytes but then threatfire kicks in popup alert

then alert 5 from threatfire (jpg 6) then thratfire qurantines malware bytes and hijack this

what has happened and why is malware bytes installing global hook that defense reports a a virus and why sandboxie file legit kicked off the virus alert please advise what to do next do i need to now run hijack this and i cant find where to delete the rules kyle told me to thanks

now threatfire is telling me malware bytes is malware and defense + telling me also malware bytes trying to install a global hook? please see jpg below

xperiecne do i need to still run hijack this??? and how do i remove the rules kyle told me too theres too many there??? please

[attachment deleted by admin]

log from trend micro

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:32, on 20/06/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVGLS\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM..\Run: [MSConfig] “C:\Windows\system32\msconfig.exe” /auto
O4 - HKLM..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe
O4 - HKLM..\RunOnce: [AVG frw] “C:\Program Files\AVG\AVGLS\avgfrw.exe” /setyahoo
O4 - HKLM..\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe


End of file - 4937 bytes

malware bytes log

Malwarebytes’ Anti-Malware 1.38
Database version: 2311
Windows 6.0.6000

20/06/2009 10:54:33
mbam-log-2009-06-20 (10-54-30).txt

Scan type: Full Scan (C:|)
Objects scanned: 163522
Time elapsed: 1 hour(s), 0 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) → Bad: (1) Good: (0) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guys can you help i justt done a scan with malware bytes log below

please see log above

now im asking malware bytes to remove and threat fire is reporting aswell is please see below this is annoying me someone help

[attachment deleted by admin]

guys can you help i justt done a scan with malware bytes log below

please see log above

now im asking to remove and threat fire is repoting this please see below this is annoying me someone help

Malwarebytes’ Anti-Malware 1.38
Database version: 2311
Windows 6.0.6000

20/06/2009 10:54:33
mbam-log-2009-06-20 (10-54-30).txt

Scan type: Full Scan (C:|)
Objects scanned: 163522
Time elapsed: 1 hour(s), 0 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) → Bad: (1) Good: (0) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

now when i try to remove with malware threatfire popsup a mesage why please ee the threatfire message below and why did my hijackthis log come back clean if there is this stupid malware on here and also stupid avira did also not pick this up so much for the 99.9 percent dectection rate with herlustic shield yeh right so mods ccan you help please comodo team
thanks

[attachment deleted by admin]

Hi Kamy. This is a well known MalwareBytes false positive, it’s been happening for ages. Normally it’s associated with either having Spybot or Spywareblaster installed along side Mbam.

See here:

http://www.malwarebytes.org/forums/index.php?showtopic=5482

Most of those look fine, although It might be worth taking a closer look at the alert attached.

I answered you in your other thread. Please try and keep your posts together, starting new threads is unnecessary. I’ll merge these:

[attachment deleted by admin]

ho toggie im stuck i can no longer go on the internet i did not listen to threatfire warning and i let malware bytes remove no i cant go online help please it has locked me put when i run ie or firefox its say connection interupted and it hangs im stuck i was i just ignored malware bytes but it has made the chabges now i think malware has got my browser help and toggie how do i investigate the suspicious file you told me to look into

what are my options now im stuck help

and i sure sandboxie gave me that file u80rogram guy can anyone confirm this

Hello Kamy, Looks like your going crazy with all those security applications! ;D After your sure you’ve cleaned this pc up then you might like to consider running less.

MBAM is safe. you can allow these with both Threatfire and Comodo.
Sandboxie is a safe application also. Where did you download sandboxie?

kyle i did let threatfire allow malware bytes thats why im in this mess i dont think you sshould allow malware to performe this action as i did let malware remove the above alert and now i am locked out my internet connection has been blocked malware bytes has wrecked my connections so how do i reverse the process i cant even get online im using my friends connection

Hijackthis log seems safe to.

Can you please tell me what security programs you’re running ? I think Kyle’s right, you’re using way to many programs

Xan

experience well i should not of let malware bytes do the removel now im locked out i should have first unchecked the tick removal from malware bytes then threatfire would have never alerted me but instead i first tick remove from malware bytes then firethreat kicked in because threatfire knew malware bytes was messing something up but i allowed malware bytes to continue and should have listen to threafire and thats when i should have not let malware bytes remove its malware bytes that has taken away the file claimed as hijack homepage false postive now im locked out need to reverse process no internet stripped my connection hellllllllllllllpppppppppp

i have wasted a whole hour when i didnt even need to do any extra scan it was false positives wish i had know this sooner

theres not even a jpeg here on the comodo forum to compare default internet policy so i could delete entries from there

i dont know what these popups that comod throws at me for sandboxie and superanti and why on earth does malware bytes install a global hook and why on earth did sandboxie install make defense plus tell me theres a u80rogram i need to investigate what this file is where do i start to find out i have no clue

please you guys need to help us understand these defense alerts and which ones to accept and which ones to block i mean is there a manual please do not take this the wrong way you guys are the bestt and the support team here is very fast but i want to understand how to work the firewall and defense plus

Wow,

Please run this tool and see if that fixes the internet problem, then we’ll continue the cleaning up

Xan

Try System Restore.

yes at last system restore thank god for system restore thank you now i have to install my programmes again i havent even had dinner yet

anyone reading this in the same situation please dont let malware bytes remove that file you will be locked out your connection big time do not do it at all

and also if you are doing a system restore do it in safe mode do not let malare bytes take the file away you wil be locked out and not got online untill you system restore i have spent 2 hours stuck now its finally back connection