Computer Hope
Software => Computer viruses and spyware => Topic started by: clljodoin on October 02, 2008, 05:59:06 AM
-
hey all!!!
so my computer has been gradually geting slower and slower. Now it is so bad that when i click firefox it takes 5-15 seconds for it to open. Also, my cpu usage jumps from 15% to 98%. So here are my logs, any info would be fantastic!!!
[Saving space - attachment deleted by admin]
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Download OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and save it to your Desktop.
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.
[kill explorer]
C:\Program Files\AskSBar
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
----------
How is everything now?
-
hey hey!!!
So here is the log, ill reboot and see how things work!
Explorer killed successfully
Folder move failed. C:\Program Files\AskSBar\SrchAstt\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskSBar\SrchAstt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskSBar\bar\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskSBar\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskSBar scheduled to be moved on reboot.
< EmptyTemp >
File delete failed. C:\Users\Chris\AppData\Local\Temp\etilqs_wTckIBk5Kk2NUqa3acPe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~26405f33d3f.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~26405f424a6.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10022008_122316
-
Umm, it hasnt changed, the cpu usage is at 80 now instead of 98 but it is still slow.
This is a laptop, is it possible its a processor overheating issue? I have hardware warranty i just want to rule out software issues
Thanks
-
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
-
so i tried to run combofix but it takes FOREVER. I had it open for 24 hrs and it was only at sage 16. Is there something I am doing wrong?
-
Try restarting the computer and running it again. It shouldn't take more than 20 - 25 minutes to finish.
-
okay ill try that and be back haha
-
So i tried to run combofix. This time it showed the little box with the ststus bar. Once that finished it never cam back with the prompt? Im very confused now
-
Also, it has been saying "it usually takes 10 minutes" for about an hr now
-
so 2 hrs, stage 6
-
Please print these instructions as they will be needed later when Internet access is not available.
Download SDFix by AndyManchesta (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with Administrative rights
- Double click SDFix.exe and it will extract the files to %systemdrive%
- (this is the drive that contains the Windows Directory, typically C:\SDFix).
- DO NOT use it just yet.
Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Open the SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
- Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
-
when i try to run the batch file the dialog box closes the second it opens. any ideas?
-
Are you booting into Safe Mode before running it?
-
yes i am... do you think the fact that combofix took 6 hrs and didnt finish and this wont open are related?
-
Download DrWeb CureIt (http://freedrweb.com/) & save it to your desktop.
Scan with DrWeb-CureIt as follows:- Double-click on drweb-cureit.exe and then click Start.
- An Express Scan of your PC notice will appear.
- Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the Scan tab and UNcheck Heuristic analysis and click OK
- Back at the main window, select the Complete scan button.
- Then click the Green Arrow (http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg) Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
- When the scan is done.
- In the Dr.Web CureIt menu on top left, click File and choose Save report list.
- Save the DrWeb.csv report to your Desktop.
- Exit Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
[/COLOR]- After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
- Copy and paste that log in the next reply
-
your the best EF!!! ill try that
-
DrWeb should run. Be sure to post the log.
-
its running now, ill post it when its done
-
Process.exe;C:\$Recycle.Bin\S-1-5-21-3190090494-2590576837-2123475989-1000\$RC80WY3\apps;Tool.Prockill;;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
6D952C06d01\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\AppData\Local\Application Data\Mozilla\Firefox\Profiles\mcbr2ru4.default\Cache\6D952C06d01;Program.PsExec.171;;
6D952C06d01;C:\Documents and Settings\Chris\AppData\Local\Application Data\Mozilla\Firefox\Profiles\mcbr2ru4.default\Cache;Archive contains infected objects;Moved.;
8F2ABEC4d01\SDFix\apps\Process.exe;C:\Documents and Settings\Chris\AppData\Local\Application Data\Mozilla\Firefox\Profiles\mcbr2ru4.default\Cache\8F2ABEC4d01;Tool.Prockill;;
8F2ABEC4d01;C:\Documents and Settings\Chris\AppData\Local\Application Data\Mozilla\Firefox\Profiles\mcbr2ru4.default\Cache;Archive contains infected objects;Moved.;
Av-test.txt;C:\Documents and Settings\Chris\AppData\Local\Application Data\Temp;EICAR Test File (NOT a Virus!);Incurable.Moved.;
ComboFax.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\Desktop\ComboFax.exe;Program.PsExec.171;;
ComboFax.exe;C:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
ComboFix01.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\Desktop\ComboFix01.exe;Program.PsExec.171;;
ComboFix01.exe;C:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Chris\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Chris\Desktop;Archive contains infected objects;Moved.;
6D952C06d01\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\6D952C06d01;Program.PsExec.171;;
6D952C06d01;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
8F2ABEC4d01\SDFix\apps\Process.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\8F2ABEC4d01;Tool.Prockill;;
8F2ABEC4d01;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Av-test.txt;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;EICAR Test File (NOT a Virus!);Incurable.Moved.;
ComboFax.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\ComboFax.exe;Program.PsExec.171;;
ComboFax.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
ComboFix01.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\ComboFix01.exe;Program.PsExec.171;;
ComboFix01.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Chris\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
So whatcha think of that? As you can see I saved Combofix a few times to try and get it to work haha
-
Run CCleaner.
What problems are you still having (if any)?
-
So there is pretty much no change. The CPU is still running at 100% whenever i run anyhting. For example it took 2 minutes to open CCleaner. What do you think?> Possibly a hardware issue? I added a Ccleaner log
[Saving space - attachment deleted by admin]
-
Try this.
Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.
You can use the built in Windows Defrag or a faster FREE program. Defraggler (http://www.defraggler.com/) is very effective and easy to use. Be sure to clean out temp files and restart the computer just before using this.
-
okay ill try that!! Thanks
-
After or before defragging also do the final steps. Just don't do them during the defrag.
Download OTCleanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to your Desktop.
- Double-click OTCleanIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it yourself.
.
----------
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.
Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
-
Its runnign great! Thanks a lot
-
Your welcome.
Safe surfing....
-
There may be a worm( a type of computer virus) that infected your computer.
For this probelm use norton anitvirus it will clean your pc instead deleting your infected files
Secondly defregment your hard disk and un install unnecessary software which you won't uze form controll panel> add and remove programs menu
-
There may be a worm( a type of computer virus) that infected your computer.
For this probelm use norton anitvirus it will clean your pc instead deleting your infected files
Secondly defregment your hard disk and un install unnecessary software which you won't uze form controll panel> add and remove programs menu
Do you not see that this issue is already fixed?
Please think before posting.
Also see here Would you like to learn to fight malware? (http://www.computerhope.com/forum/index.php/topic,57605.0.html)
Thread closed.