Computer Hope

Software => Computer viruses and spyware => Topic started by: Fez on May 11, 2010, 02:02:23 PM

Title: Post-virus computer behaving very oddly
Post by: Fez on May 11, 2010, 02:02:23 PM

I've had this problem for about a week now, and it's getting to the point where I'm running out of ideas for what to do!

A couple of weeks back my computer ended up with the virus (I can't remember the name of it, unfortunately) that pretends to be an XP virus scanner that tells you that your system has a virus, shuts down your other antivirus programmes and your internet until you buy a license for their full 'product', which then gets rid of their virus. I created the registry fix that was suggested on several websites, and the virus went away perfectly fine.

I thought that was it, but since then, my computer's been behaving in increasingly bizarre ways.

The main problem is with Firefox- it crashes constantly, and every five minutes or so, will throw up a new tab that either leads to a gambling site or a search site with search results to something that I might have searched in Google previously. It crashes constantly, especially when opening new tabs, and closes itself down without warning quite frequently, whereas before this whole issue it's worked perfectly. Also, when using Google (or any other search website), and selecting a link that they give me, it redirects me at least four or five times to another unrelated search site bringing up unrelated answers, and takes several attempts to actually get it to direct me to the website that I want. I've tried uninstalling and reinstalling Firefox itself, but this hasn't actually done anything.

On my computer itself, I've had the start bar changing itself back to the grey Windows 98 scheme several times, and at the same time the windows audio device stops itself so that my audio stops working. When starting the audio device again, my sound settings change themselves back to the original Windows audio scheme (with the noise for emptying the recycle bin, opening folders, etc, whereas I usually have all Windows noises muted), and when I change the scheme to no noises, it tells me that they've all been muted but they still play when they should (for example, when emptying the recycle bin).

My computer's also having increasing trouble shutting itself down- every time now, it brings up several 'this programme is not responding' messages and then crashes on the closing down screen, whereas before, again, it's closed itself fine.

Also, in the C:/ drive I'm finding my free space is vanishing constantly. I should have about 10GB free on that drive, but it's always lingering around the 200mb stage, with this remaining space constantly vanishing and making my computer stall and crash like crazy.

There's a whole load of unrecognised tasks in my task manager, too- things like:

FsynSrvStarter.exe
Generic.exe
CapabilityManager.exe
ClientInitiatedStarter.exe
epmworker.exe
logger.exe

all under my username (as opposed to system or network service etc). I've never seen these in there before, haven't installed any new software, and suspect they may be something to do with what's going on.

The last (and weirdest) thing was just a second ago- I had iTunes and 3DS Max open, and suddenly this audio starts playing on my computer- some lecture about ADD and child psychological issues and how they're not just mental issues but real physical diseases. I shut down both programmes and every background process that might have been causing it, and it continued to play until I shut down my computer completely. Possibly the strangest happening yet!

The reason I'm asking for help is that my antivirus (AVG) and my spyware programmes aren't picking up anything wrong whatsoever, but there's definitely something on my system- so I need to know if anyone knows what it is, how to get rid of it (I'm happy to install new antivirus programmes or whatever, so long as I don't have to pay for them- poor student!).

Any help would be incredibly useful- thank you!


System: Windows XP
Antivirus/etc: AVG, Ad-Aware, Spybot
Internet browser: Mozilla Firefox

Title: Re: Post-virus computer behaving very oddly
Post by: gotapal on May 12, 2010, 07:39:37 AM

It sounds as though you have a 'fake anti virus' installed on your computer. Also, having alot of different security softwares installed on your computer can cause problems, such as system instability. Basically put, all of the different softwares will cause programs and applications on your computer to crash and you will probably end up seeing lots of "End Program" dialogs pop up on your screen when you log off each time.
Edited.

Title: Re: Post-virus computer behaving very oddly
Post by: Allan on May 12, 2010, 07:48:28 AM

Ignore the above post. DO NOT uninstall your anti virus software.

Having said that, Spybot and AdAware are outdated. The current best of breed for anti-malware are MalwareBytes and Super Antispyware. I suggest you replace Spybot and Adware with one of these two, but do not uninstall AVG unless you are going to replace it with a different av immediately.

Title: Re: Post-virus computer behaving very oddly
Post by: gotapal on May 12, 2010, 08:00:17 AM

Uninstallation of security software is completely safe, providing you are not connected to the internet. All of your malware, spyware and virus removal should be done when you are not connected to the internet anyway, as this can allow an attacker to remotely (or forceably) connect to your computer. Also, AVG have a poor record of catching 'In The Wild' viruses, making systems with that software installed vulnerable to infection. We regularly remove viruses from customers' computer who have AVG installed on their system, and also have to remove 'junk' files left behind by that particular software. This software (AVG) has been tested by ourselves within a controlled environment and on a 'test' computer.

Title: Re: Post-virus computer behaving very oddly
Post by: Allan on May 12, 2010, 08:04:14 AM

Quote from: gotapal on May 12, 2010, 08:00:17 AM

Uninstallation of security software is completely safe, providing you are not connected to the internet.

Agreed, but there is no need or reason to do so.

Title: Re: Post-virus computer behaving very oddly
Post by: gotapal on May 12, 2010, 08:09:16 AM

If the software itself is having problems or error messages, it is recommended that an uninstallation is done, and a re-install of that particular software. This ensures that any errors or problems with the software do not occur again. Of course, I am personally open to anyone's suggestions on this forum, and appreciate other 'methods' of solving this particular problem/issue.

Title: Re: Post-virus computer behaving very oddly
Post by: Fez on May 12, 2010, 09:24:54 AM

I had a suggestion from someone to install Malwarebytes and Super Antispyware, and did that last night and ran the scans- they picked up a couple of things, but this morning I'm still having the same issues, so I'm guessing that they didn't get rid of it completely.

At this point I'm just going through a whole load of new antiviruses and seeing if any of them pick it up- I'm going to try NOD32 in a little bit and see if that picks it up.

Any other suggestions would be great, thanks!

Title: Re: Post-virus computer behaving very oddly
Post by: SuperDave on May 12, 2010, 01:39:31 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to uninstall it.

Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post
=====================================

(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
========================================

Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.