Problem still ongoing - Malware infection Unknown type NEW INFORMATION Post#13

[Oceanbyrd]

My Dell mini 9 netbook (running XP) is experiencing intermittent nonresponsive and extreme slow-down moments both in windows and in the web browser.  I first checked msconfig to make sure my start-up wasn't bogged down with items as well as checked to make sure I was running the latest versions of my programs such as Java.  Then I ran AVG, SUPERANTISPYWARE, Malwarebytes AntiMalware, and CCleaner.  None of them found anything but, because I still have a slowdown and not responding problem I thought I'd post my hijack this log and see if I have some sort of hard-to-detect malware.  Otherwise I can't figure out what my slowdown/freezing problem could be.

[Saving space, attachment deleted by admin]

[harry 48]

you are infected with winrar , wait for a malware expert to help , harry

[cat-bomb]

Please download TFC By Old Timer

• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program
• If prompted, click "Yes" to reboot.

I don’t think it is malware related, the HJT looks clean to me. You might want to tell us more about your computer.

[Oceanbyrd]

you are infected with winrar , wait for a malware expert to help , harry

That is the same name as a program my nephew recently gave me that opens up zipped programs.  He says it is a trail version of a "really good program for packing and unpacking large files."  Does he know what he is talking about or did he give me a virus?  I used it just last night from the flashdrive he gave me to open a big zipped file of family photos sent to me by my sister.  It seemed to work with no problems.  And my computer was already kinda slow before that, though it seems to be worse as time goes on.  I will be kind of ticked if he gave me malware.

[Allan]

Winrar is a legitimate program (and a good one). However, read this: http://blogs.zdnet.com/security/?p=2405

The version your neighbor gave you is a "cracked" (illegal) version - and I'm guessing you knew that, but I don't know that it is infected.

[harry 48]

i did a check with a program that cat-bomb gave me and it said it carried an infection

[Oceanbyrd]

Winrar is a legitimate program (and a good one). However, read this: http://blogs.zdnet.com/security/?p=2405

The version your neighbor gave you is a "cracked" (illegal) version - and I'm guessing you knew that, but I don't know that it is infected.

Twas my nephew.  I have to admit, I wasn't absolutely sure, but I strongly suspected it was after he said it was trial but later told me to "use it to unzip the photos (his) mum gave me" and "then I might want to delete it".  I guess I figured I'd believe him since I only wanted to open that huge picture file and windows wouldn't do it. 

So much for that, eh?  Can anyone tell me how to make sure my computer is OK if I promise not to use anymore "trial" programs from my nephew?

[harry 48]

http://download.cnet.com/WinRAR-32-bit/3000-2250_4-10007677.html

above is the good winrar as alan said , i did have it in my pc for a while

[Oceanbyrd]

Thank you, harry 48.  I wish I had just looked it up myself but I hate looking stuff up on the internet, there is so much stuff to weed through.  Teenagers!  Makes me wonder where he got the one he put on the flashdrive and told me was"trail". 

On the other hand, I was the adult who dumb enough to decide to believe him (even after I saw the program and had strong suspicions) because I didn't want to look up unzippers myself (i.e. being lazy).  I sent him an e-mail warning that it may be infected and if he doesn't want to face the "wrath of Mom" (much worse than the wrath of Khan *end lame Star Trek reference*) he might not want to try to install it on my sister's computer if he hasn't tried already. 

BACK TO THE MATTER AT HAND: 
From looking at my Hijack log you see nothing to worry about?

 As I was talking to ya'all earlier I remembered I still had that little flash-drive card in my computer from last night and took it out of the slot which made that winrar book-looking icon in the tray go away so I assume it stopped the program?  Did it put anything on my hard drive?  I didn't see anything I didn't recognize on add/remove programs but then while I am not a complete computer beginner a lot of that stuff looks like greek to me.

Earlier I was unable to open more than one internet tab/window and play on yahoo games at the same time without tremendous slow-down and intermittent freezing of the computer itself for anywhere from 10 seconds to a minute at a time.  Now I have 4 tabs on this internet window (this tab, my e-mail, the link to the article about the bad WinRAR and the link to the article about the Good WinRAR) plus Open Office open in another window and everything is running just fine.

Does that mean I'm cured?

[harry 48]

it should still be in your pc try it for a few days and then run your , av , sas and malware and post a new hjt log

[Oceanbyrd]

it should still be in your pc try it for a few days and then run your , av , sas and malware and post a new hjt log

I'm sorry, what should (or did you mean could?) still be in my pc?  A possible virus?  If a virus could still be in my system I will do as you suggest and post a new log in a few days. 

One last question.  My boyfriend thinks I run too many anti-malware/anti-virus programs.  I have the following: 
AVG Free 8.0
Advanced SystemCare
CCleaner
Malwarebytes' Anti-Malware
HiJack This (renamed sniper as per suggestion)
SUPERAntiSpyware Free Edition
Windows Firewall (enabled)

I realize not all of these programs run 24/7 but am I overkill?  I also heard that I should try Avast as the latest AVG has issues.

[Allan]

You can do without Advanced SystemCare, HiJack This and ccleaner. And you might add Spyware Blaster (remember to update definitions weekly).

[harry 48]

AVG Free 8.0
Advanced SystemCare
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware Free Edition
Windows Firewall (enabled)

i have these and you should keep them and run the red one's weekly , it's not over kill

[Oceanbyrd]

Thanks guys.  Anyway NEW INFO:

I thought my problem was solved with the removal of winrar.  My computer seemed to be running much better so I thought the problem was fixed.  Then the symptoms started again and I realized that the whole time the computer was running slow I had the internet up if not actively then in the background. 

It seems to me that the computer is slowed almost to a complete halt when I get online and try to navigate and then the problem stays when I finish navigating if I leave up the webpage even if just in the background, to my best knowledge.  Besides the afformentioned winrar I got from my nephew, I run no programs that are illegal or even shareware.  I do occasionally download things given to me by friends in e-mail, recipes, freeware (like the antimalware programs) and I have a few reputable booksellers I buy e-books from. 

I also recently switched between 3 different web browsers (installing and then uninstalling the two I didn't like, keeping the third).  Did I pick up a virus somehow there?

I was able to read an e-book all day with no slowdown but as soon as I got online to read my e-mail I started experiencing the slow down so I posted this and it has taken a  while because my computer keeps pausing for 5-30 seconds at a time every few minutes.  Incidentally I can use the client server for my online game RuneScape with no slowdown it only happens in the regular browser window but has happened in Opera and Internet Explorer.


EDIT: Thanks for your suggestions regarding my anti-spyware, antivirus.  I am thinking of changing from AVG Free to Avira but that is the only thing I will change for now.  Hijack this was only installed after this problem became apparent.  I will probably delete it after this is fixed and only reinstall if I ever have a problem in the future.

SECOND EDIT:  (I had another theory here toward what my problem might be but deleted it when data proved it wrong-edit)

The only things I do on this computer are: Shop for and buy e-books, access my e-mail, browse the web, and play RuneScape which is Java-based so nothing is installed on my computer for it.  It runs Windows XP with the latest Service Pack and is almost a year old now.  As mentioned above it is a Dell Mini9 Netbook with a 16GB solid state hard drive and 1GB Ram.

[harry 48]

cant help with the above , but do take out avg and d/load avira its better