Computer Hope
Software => Computer viruses and spyware => Topic started by: cj85 on September 07, 2008, 12:42:59 AM
-
I've been meaning to do this for a while, but hadn't because I hadn't had the time. But tonight, I'm not doing anything and figured it would be a good idea to do it since I have some free time. My computer has been running really slow, for a while now. I don't know what caused it or anything. It takes a while for the computer to boot up on start up, and takes a while for the desktop itself to load. When you get on the internet, it takes about 2 minutes to load the IE itself along with the page contents. Sometimes when you have a window up such as IE and go to open some thing like a program up at the same time, it takes twice as long to load. I don't have idea what's wrong with it at all. I figured I'd post the neccessary information, and hopefully get some help on what's going on.
Here is some general information on the computer itself:
Operating System
Microsoft Windows XP Home Edition
Version: 5.1.2600
Service Pack: 3.0
Location: C:\WINDOWS
PID: 76477-OEM-0011903-00103
Hot Fix: KB953839
Specifications
GATEWA
System Model: SR84510A
BIOS Version: Intel Corp. SR84510A.46T.0014.P06.0410050243
Memory (RAM)
Capacity: 512 MB
Processor
Intel(R) Celeron(R) CPU 2.80GHz
Version: x86 Family 15 Model 3 Stepping 4
Speed: 2800 MHz
General Computer Info
System Name: EMACHINET3830
Domain: NONE
Time Zone: Eastern Daylight Time
Connection: Workstation (standalone)
Proxy Server: None
IP Address: 192.168.0.193
IPX Address: Not Enabled
Local Disk
Total Capacity: 74.51 GB
Sum of Hard Disks: (C: D: )
Used: 27.78 GB
Free: 46.72 GB
Log files are found below as attachments.
[recovering disk space -- attachment deleted by admin]
-
Note: I moved this topic to the Computer Virus and Spyware Section for the Malware Specialists to have a look. ;)
-
Thanks, I wasn't sure how to move the topic after I realized I possibly posted it into the wrong category. My bad, again I apologize!
-
Thanks, I wasn't sure how to move the topic after I realized I possibly posted it into the wrong category. My bad, again I apologize!
No harm done. :)
-
So Carbon, are you able to help with the PC issue? Just curious! :)
-
I'm afraid this is a task for one of our Malware Specialists. (Evilfantasy or CBMatt)
-
Alright, I will be sure to wait for one of them to see what is going on. Thanks!
-
I had only did the hijackthis log, and went ahead and did the other logs that were asked in a post. So I have done all 3 required logs. Hopefully someone can help me out with this! I'd highly appreciate it as it's really bugging me. lol
-
I am no expert, but the first thing I would try is increase the RAM to 2 G from your 512 Mb. I did this and the speed increase was incredible. Also Defragging and cleaning up the dive may help a bit as well. Good Luck.
-
Alright I can try the defrag and I do the clean up like once a week. But the ram, I'm not going to be able to afford right now. But if there is something else I can do to get it to be a little faster, that would be great! Any suggestions, anyone?
-
Download FixWareout by LonnyRJonesfrom one of the two below links and save it to your desktop.
- Link #1 (http://downloads.subratam.org/Fixwareout.exe)
- Link #2 (http://"http://download.bleepingcomputer.com/lonny/Fixwareout.exe")
- Run Fixwareout.
- Click Next
- then Install
- Make sure Run fixit is checked
- Click Finish.
- The fix will begin; follow the prompts.
- You will be asked to reboot your computer; please do so.
- Your system may take longer than usual to load; this is normal.
.
When you run fixwareout, just follow the prompts, you will need to restart when prompted.
After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.
- Go into Control Panel > Network Connections.
- Right click on your connection
- and click Properties.
- On the Properties page, highlight Internet Protocol(TCP/IP)
- Click Properties. This will bring up another page.
- Select Obtain DNS Server Automatically.
- Click the ok button. The page will close.
- Press ok on the page in front of you.
- Restart the computer.
- Reconnect to the Internet using Internet Explorer.
- Add the log from fixwareout in your next reply.
- It will be located at c:\fixwareout\report.txt
.
Go to Start > Run and type in cmd
Click OK.
This will open a command prompt.
Type or copy and paste the following line in the command window:
ipconfig /flushdns
Hit Enter.
Exit the command window.
Restart your computer.
Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.
-
Okay, I have done the steps you have given me. I have attached a new hijackthis log, and report from the fixwareout.
Thanks for helping me out with this! I appreciate it.
[recovering disk space -- attachment deleted by admin]
-
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted IP range: http://195.38.81.182
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
-
Wow combofix took a while, ha... At first I thought when after it was producing the log, that it had froze. But it eventually gave me the report. Here's the report attached.
[recovering disk space -- attachment deleted by admin]
-
Your logs are clean.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.
Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
- Under Main: Select Files to Delete choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- Click Exit on the Main menu to close the program.
.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.
Important: Restart the computer before continuing.
----------
Download OTMoveIt2 by OldTimer OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it installed)
1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2
----------
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.
-
I did the following steps you had given me. But computer seems still slow. I'm not sure what I'm doing wrong, or if it's just plain old and slow. Then again it's a decent computer, it's not "that" old and use to run real smooth. But now it's lags and when you boot it up it is slow, and takes about 5 minutes for the desktop to completely load.
Thanks for your help, but if you have any other suggestions. That would be highly appreciated!
The only thing I can think of is maybe my boyfriends family has way too much stuff on this computer? How can you tell if it's being crowded and not enough space?
-
The only thing I can think of is maybe my boyfriends family has way too much stuff on this computer?
Thats very possible.
A few things to do.
Download and install CleanUp!.exe (http://stevengould.org/downloads/cleanup/CleanUp452.exe)
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:- Click Options...
- Move the arrow to Standard CleanUp!
- Uncheck the following: (if checked)
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
.
- Click OK
Click the CleanUp! button to start the program. Reboot/logoff when prompted.
----------
Look into a good startup manager. this one will tell you which programs are not needed to be running at startup.
Malwarebytes StartUpLite - http://www.malwarebytes.org/startuplite.php
Just install it to the Desktop and run the exe.
----------
Defragment your hard drive
You may want to install a good third party defragment program. They work much faster then the Windows built in defragger.
http://filehippo.com/download_defraggler/
Boot into Safe Mode by restarting your computer - keep tapping F8 until the menu appears.
Use your up and down arrow keys to select Safe Mode
Then click Start > Run > type dfrg.msc
In the top of the window click on the C: drive
Click the Defragment button
This can take some time so please be patient.
Close Disk Defragmenter when finished
Restart into Normal Mode.
A tutorial for disc defragmentation is available at BleepingComputer.com (http://www.bleepingcomputer.com/tutorials/tutorial55.html)
-
Click the CleanUp! button to start the program.
When I ran this program, and it was done running a box popped up and said:
If you would have run CleanUp! this time for real - i.e. not in demo mode - it would have deleted 2924 files and freed 311.8MB of disk space. take a few minutes to review the output log and make sure that you are happy with the files selected for deletion. Then try running CleanUp! for real.
Should I post the log?
-
No please don't!
Just run the actual cleaner and not the Demo mode.
-
Okay, I did that. Now I talked to my boyfriend about actually going through the computer and cleaning it up a bit. I had told him that it would probably help if I were to actually remove some games that are never played.
My question is, would that actually free up some space and actually make computer run smoothly? Also what are some steps of how to make sure a game contents or whatever program being removed from the computer is completely gone? Like all traces of it.
I ran the defrag, but it had said that it wasn't needed and so I ran it anyways. It freed up no spaces since it had originally said it wasn't needed. Not sure if it was supposed to do that, but I don't know.
Any suggestions on how to successfully remove junk, as far as making sure all traces of games and so forth are removed?
-
Use Revo to remove all (or almost all) traces of software.
Download Revo Uninstaller (http://www.majorgeeks.com/Revo_Uninstaller_d5706.html)
- Go in to Revo, right click what you want to uninstall and choose Uninstall.
- Next choose Advanced Mode
- This will launch the programs built in uninstaller and go through the normal uninstall process.
- Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
- This scan can take several seconds.
- Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
- Choose Select All then click Delete
- Click Next and Revo will scan for any files or folders that were not removed.
- If any files/folders are found choose Select all > Delete
-
Okay, I removed my first program with Revo Uninstaller, but when it was going for registers and what not. I'm not even sure if I should remove it or not? I don't understand any of it. lol
Here, I have added a print screen of what I see.
Also the program is called ZoneAlarm
[recovering disk space -- attachment deleted by admin]
-
Click the little + signs to drop them down and see more information. I have used Revo for about a year and it has never removed anything it shouldn't have.
Be sure to choose Select All then click Delete and then click Next to scan for any folders/files left over.
-
Okay, I've been removing games and programs that are not in use at all. Actually, still working on removing some. But I'm just curious if I should run a program once I'm done removing games/programs from the computer?
Also, is there any other suggestions other than removing programs/games from the computer to try and get it running a bit smoother?
-
Run CleanUp! again now that you are done with that.
Look here for more suggestions. Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html).
-
Okay, will do. If I have any questions, I hope you don't mind but I'll post here.
Thanks again, until that next question... lol
-
No problem. I'll be around for a bit longer.
If not then I will see the questions tomorrow. Everything is pretty well explained though.
-
Now I hope I don't sound like a pain in the *censored*, but I do have a question.
I was wondering, what programs should I have running that are supposed to be like ad-aware and what not. I mean my boyfriends bother has several on the computer, and I'm not sure if they're really needed as far as if one does what the other does and what not. I guess I'm just curious, because if one does what the other does there isn't any need for both, right?
The programs that are on the computer are:
ZoneAlarm - Which I removed today...
AVG Anti-Virus Free Edition - Always had it
CCleaner - Downloaded today
HiJack This - Downloaded today
Malwarebytes Anti-Maleware - Downloaded today
SuperAnti Spyware Free Edition - Downloaded today
Ad-Watch - Always had it
CleanUp! - Downloaded today
Defraggler - Downloaded today
BigFix - Always had it
History Kill - Always had it
Spybot S&D - Always had it
Power Toys For Windows XP - Not sure what this is? lol
CompuApps SwissKnife V3 - Always had it
Lavasoft Ad-Aware SE Personal - Always had it
This kid has a lot on here, and I'm just curious if I need all of these or which ones I should get rid of or if this is what is causing such a slow down on the computer?
Now I think I read on your blog that AVG is no longer giving updates? Is this what is causing AVG to say it needs updates almost every day? I could be mistaken though.
-
Personally I would uninstall these.
Ad-Watch < Malwarebytes Anti-Maleware and SuperAnti Spyware Free Edition and Spybot S&D are all you need.
BigFix < I would uninstall this and ocasionally run the Secunia Software Inspector (http://secunia.com/software_inspector) instead.
History Kill < CCleaner is better and safer.
CompuApps SwissKnife V3 < Not sure what this is http://www.compuapps.com/download/Swissknife/swissknife.htm
Lavasoft Ad-Aware SE Personal < Malwarebytes Anti-Maleware and SuperAnti Spyware Free Edition are all you need.
Spybot S&D < Keep this and be sure to open it and check for updates and then also click on Immunize to update and protect your Hosts file. Do this every other week or so.
Now I think I read on your blog that AVG is no longer giving updates? Is this what is causing AVG to say it needs updates almost every day? I could be mistaken though.
AVG 7.5 is no longer supported but the new AVG 8.0 is. Good antivirus will update every day, every other day at the very least. You have AVG 8.0 now. Honestly by uninstalling that and using either Avira or Avast instead you may notice a difference. AVG can use a lot of resources.
Avast! Home Free Edition (http://www.avast.com/eng/download-avast-home.html)
Avira AntiVir Personal (http://www.free-av.com/)
-
Okay, I did all that. Kept the ones you told me to keep, and got rid of the ones that weren't needed.
Also, when I was finally done removing programs and what not. I ran CleanUp! and I got an error:
Error Deleting File or Folder
Cannot delete Dc101: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.
Not sure what it means?
-
Must be a file Windows is seeing as still in use after you deleted it.
Restarting the computer should clear it up.
-
Alright, I think my computer is running a little faster. But it's definately made a huge difference from before. I just wish there was other things I could do to get it to run faster.
Like when I opened up IE, it takes about 10 seconds for everything to load, and that's not including the website itself. Have any ideas?
Also, when I opened up CCleaner, I was curious about the Registry part of the scanner. So I scanned and this is all that came up which is added as a attachment. I guess what I'm saying is should any of that be selected and deleted? I'm not going to touch any of it till I get a go on it because I'm not even sure.
Again, thanks for the help!!
[recovering disk space -- attachment deleted by admin]
-
That all looks OK te remove, but there is always a risk when running a registry cleaner. I've never had a problem with CCleaners registry tool.
You might have a look here and try the suggestions. http://www.tweakxp.com/article37127.aspx
-
I ended up removing AVG 8.0 last night and installing Avira AntiVir Personal instead. When I ran the scan, it did end up finding a file that was harmful as it said.
I sent it to the quarantine but my question is, how do I get it out of there or does it stay there? I guess I'm just wondering how do I delete it from the computer?
File name: flt-r2ww.rar and it says Detection: Is the TR/Dloader.EJIX
Not a clue in the world what that is! lol
-
That's a rapid share file I think. Possibly from a cracked game?
Open Control Center, go to Quarantine tab, select the files and press Delete button.
-
I went to check and see what size or free space that I have on the hard drives and this is what it says:
Local Disk (C:) Total : 70.9 GB Free : 50.2 GB
Local Disk (D:) Total : 3.52 GB Free : 1.66 GB
Is it good that there is only 1.66 GB free on D drive?
-
Local Disk (D:) Total : 3.52 GB Free : 1.66 GB
I would imagine this is your recovery partition and it doesn't effect your main C drive.
-
Okay, I guess my next question would be is this why the computer is so slow because there is only 50.2 GB free on C drive?
-
50.2 GB out of 70 is plenty of space. Not sure why it has slowed down. How old is the PC? They all loose a bit of speed over time.
Let's run one more scan just for a final check.
This scanner works with Internet Explorer only
Go to the BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report
(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit.jpg)
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit2.jpg)
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
Add the bdscan.txt as an attachment in the next post.
If the log is too big to attach use the below site to host the file.
Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.
-
I went to the site as you asked. It was doing fine, till a box popped up saying it wasn't able to update the virus definitions or some thing like that and then it said it could still scan though but it wouldn't be 100%.
Then this is what happened: Picture is attached not sure why it did that.
[recovering disk space -- attachment deleted by admin]
-
I just updated and started the scan. try restarting Internet Explorer then try again.
If it doesn't work this time we will use another scanner.
-
I did the scan, and was successful. Woohoo!
Now, when I went to save the log. It didn't give me the option to select file extension *.txt so I just typed in the file name 'bdscan.txt', and it saved as a text file. Although, it still has the html coding and what not. Not sure if that was supposed to be like that. If so, the attached file can be found below.
[recovering disk space -- attachment deleted by admin]
-
Yes that's right, I just have to change the file name to .html to view it.
That cleared out a few more things but nothing too bad. Any improvement?
-
Yeah, some improvement. But it says at the top of the scanner, that my computer is still infected even after the completion of the scan was done.
Is that a bad thing or no? Also during the scan, it had said that there was a virus. And on the Statistics tab, it says towards the bottom this:
At least one of the infected files could not be disinfected or deleted. These files are displayed in the <Detected Problems> tab.
Is there some thing I need to do? or do you think I should try another scan like this to see if it brings anything else up that this scanner had possibly missed?
-
Is that a bad thing or no?
More like a ploy to get you to buy the full version. Don't worry about that.
The only thing found that couldn't be fixed is this.
"C:\Program Files\AIM\Sysfiles\WxBug.EXE Update failed"
That's Weather Bug and it isn't malicious in any way.
Is WeatherBug Spyware?
According to their website, Weatherbug is not spyware, however it is adware. It does not monitor, collect data or 'spy' on its user base, however the program is considered adware since the free version is ad-supported. You can read more about why Weatherbug is not considered spyware by clicking here. (http://ww3.weatherbug.com/aws/default.asp?cid=306)
http://www.pchell.com/support/weatherbug.shtml
We can do another scan. I don't think it will turn up anything bad but it's worth a shot.
This log will be HUGE and will need to be uploaded at SaveFile.com so I can download it. Instructions fro SaveFile will be added.
Download to your desktop ISeeYouXP.exe by ShadowPuterDude (http://downloads.malwareteks.com/ISeeYouXP.exe)
Next double-click on ISeeYouXP.exe on your Desktop.
ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.
Double-click ISeeYouXP.bat to run the script.
Once complete a log will be saved to the Desktop named ISeeYouXP.txt.
Post the following logs in your next reply:
ISeeYouXP.txt
If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.
Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title and Description and security code then click Upload
Copy the download link next to Your link to the file: and post the link back here.
-
Download to your desktop ISeeYouXP.exe by ShadowPuterDude
I can't seem to get the link to load, it says Internet Explorer cannot display the webpage.
Not sure why it's doing that?
-
It took a few seconds but I got it to load.
Please try again. http://downloads.malwareteks.com/ISeeYouXP.exe
-
If not try to get it here. http://www.filedropper.com/iseeyouxp
-
Okay that worked, but now my AntiAvir is going nuts. It keeps saying this:
C:\Documents and Settings\Owner\Desktop\ISeeYouXP.exe
Contains recognition pattern of the WORM/KillProc.C worm
-
Okay, finally have the log for you.
Hopefully this will tell us some kind of some thing. LOL
Here it is...
Also, just so you know the alert for that post I just posted is still happening. Is that a bad thing?
[recovering disk space -- attachment deleted by admin]
-
You can delete ISeeYouXP.exe now. We are done with it.
It will take a while to look through this log.....
-
I do have a question. I was wondering if you have a link to where I can download Spybot Search and Destroy, for some reason it's been removed but the files and folder in start menu are still there. Strange if you ask me.
-
Disregard that please. I'm running spybot S&D right now. :)
-
No problem.
I got busy with other things and had to step out for a but but am looking at the log now....finally.
-
Okay, I hate to bug about this right when your looking at the log file. But I went into my task manager, and was hoping you could tell me if this is okay to run this much:
System Idle Process CPU/99 and it goes into the range of 70 and bounces back up to 99 but it tends to stay in the 90's most of the time.
Also, just curious how do I check my CPU temp?
PS: I will be back in a bit, definately. I want to get this computer back to top shape. LOL Try to anyways ha ha.
-
Maybe some of the next steps will help with the task manager running high.
SpeedFan is a freeware program that monitors fan speeds, temperatures and voltages in computers with hardware monitoring chips. http://www.majorgeeks.com/download337.html
----------
Download ViewpointKiller.zip (http://bellsouthpwp.net/p/r/prprogramsstudios/viewpointkiller.zip)
- Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
- Double click the ViewpointKiller icon to run ViewpointKiller.exe.
- Select the File menu, and select Check to see if you have Viewpoint installed.
- If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper Kill option in the File menu.
- Follow the prompts and instructions very carefully, answering Yes or No depending on which option you are most comfortable with.
- The MsConfig instructions are very important, so be sure to read them carefully.
- Note: When done with ViewpointKiller right click and delete all files that were unzipped.
.
----------
Stop these running processes with StartUp 1.3 - http://majorgeeks.com/StartUp_d4436.html
Install StartUp to the desktop. Run it and right click any process you don't want running at stsrtup and choose Remove. After you are done click Apply then Exit.
shwiconem.exe
Used by your computer to communicate with your Alcor_Micro Multimedia Card Reader - necessary if you're using this software
winampa.exe
winampa.exe is a product from Nullsoft, called WinAmp. This is a non-essential process. Disabling or enabling it is down to user preference.
LifeChat.exe
Related to LifeChat from Microsoft.
mssysmgr.exe
Simple Star PhotoShow_Deluxe photo editing and organizing software. This program is not required to start automatically as you can run it when you need to.
----------
You should actually set MSCONFIG to Normal Startup and then use StartUp 1.3 to remove anything you don't want running. MSCONFIG is a troubleshooting tool and not a startup manager. Using it as one can eventually do damage to the registry.
----------
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Now download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 and save it to your Desktop.
- Extract avenger.exe from the Zip file and save it to your Desktop
- Run avenger.exe by double-clicking on it.
- Do not change any check box options!!
- Copy everything in the Code box below, and paste it into the Input script here window:
Comment:
Files to delete:
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmdata10.sqm
C:\sqmdata14.sqm
C:\sqmdata04.sqm
C:\sqmdata18.sqm
C:\sqmdata08.sqm
C:\sqmdata11.sqm
C:\sqmdata15.sqm
C:\sqmdata05.sqm
C:\sqmdata19.sqm
C:\sqmdata09.sqm
C:\sqmdata12.sqm
C:\sqmdata16.sqm
C:\sqmdata06.sqm
C:\sqmdata13.sqm
C:\sqmdata17.sqm
C:\sqmdata07.sqm
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\Documents and Settings\Owner\Desktop\ISeeYouXP.exe
C:\Documents and Settings\Owner\Desktop\ISeeYouXP.lnk
Folders to delete:
C:\ISeeYouXP
- Now click the Execute button.
- Click Yes to the prompt to confirm you want to execute.
- Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
- Your PC should reboot, if not, reboot it yourself.
- A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
- Add the Avenger log in your next post.
.
----------
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
-
I got up to downloading and running Avenger. I ended up getting the log for viewpoint killer, and avenger. Wasn't sure if you needed both or not. But when the computer rebooted after avenger, I ended up getting an error.... I attached a screen shot of the error which you can see below, I can't seem to get it to go away and it's still here hovering over IE...
[recovering disk space -- attachment deleted by admin]
-
I was able to get rid of the error message, but what was it? Why did it happen? Is it a bad thing?
Also, here's my hijack this uninstall list attached...
[recovering disk space -- attachment deleted by admin]
-
I don't know what that was all about.
Rlease restart the computer again and see if it returns. if so we should fix it now by doing a System Restore. Hopefully it won't come back.
-
Use Revo to uninstall the following:
Ask Toolbar
BearShare <- You should choose another p2p client. This one is known to distribute malware. See Clean/Infected P2P Programs (http://www.malwareremoval.com/p2pindex.php)
Download JavaRa (http://www.majorgeeks.com/JavaRa_d5967.html)
- Unzip the file and open the JavaRa.exe
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- Exit JavaRa.
- Delete the JavaRa files from the Desktop.
-
Okay, I'm restarting computer after this post. As soon as it's up and running, I'll let you know if that error comes back up again.
As soon as we're good with this step, I'll do the next step you have provided.
-
Sounds good.
-
Okay, no error. Woohoo! lol That scared me because I figured some thing went wrong. Ha! No sweat though, it never came up. :)
-
Use Revo to uninstall the following:
Ask Toolbar
BearShare <- You should choose another p2p client. This one is known to distribute malware. See Clean/Infected P2P Programs
Download JavaRa
Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Exit JavaRa.
Delete the JavaRa files from the Desktop.
Also the ask Toolbar, I believe has some thing to do with my virus program I just recently downloaded and installed to the computer. Do I need it in order to keep pop-ups blocked because it does have an add-on for pop up blocker.
-
Nevermind, I went ahead and did that now I'm working on the java part. :)
-
I ran the JavaRa and it was deleting stuff, and then stopped this box popped up. This also happened with Spybot earlier as well... I went ahead and sent an error report, but no suggestions were given.
I also added you to my yahoo messenger just so you know...
Also reran the javara and it gave me a log file. Not sure if you wanted to see it or not. But attached anyways.
[recovering disk space -- attachment deleted by admin]
-
JavaRA looks like it worked. I am wondering why you are getting so many errors. Let's check that the file associations are all OK.
Download Deckard's Association File Tool (DAFT) (http://www.techsupportforum.com/sectools/Deckard/daft.exe) and save it to your desktop.- Double-click the daft.exe icon. Read the disclaimer and click OK
- Click on the Scan button.
- If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
- Click the Fix button.
- Re-scan and save a logfile.
- By default, it will save as daft.txt
- Post the contents of that logfile in your next reply.
-
I downloaded it to my computer, and ran it. It says: All associations okay! and gives me the okay option.
Now what? Because I wasn't getting these errors before. lol
OH, and about this:
You should actually set MSCONFIG to Normal Startup and then use StartUp 1.3 to remove anything you don't want running. MSCONFIG is a troubleshooting tool and not a startup manager. Using it as one can eventually do damage to the registry.
Can you explain this a bit better, I didn't understand it and I meant to ask but forgot till I looked back at previous posts.
-
Go to Start > Run and type msconfig then press OK
This will open the System Configuration Utility.
Check the box that says Normal Startup - load all device drivers and services
You will have to restart the computer for it to take effect.
Then use StartUp 1.3 to remove anything that you don't want running at startup. Or there is another tool called WinPatrol that you can use for more then just startup items, like stopping unnecessary Services.
WinPatrol
- Download and install WinPatrol (http://www.winpatrol.com/wpsetup.exe) By Bill Pytlovany.
- Doubleclick the Scottydog icon in your taskbar to launch the program.
- Click on the Startup Programs tab.
- To stop a programme starting automatically at startup, click on it to highlight it, then click the Disable button.
(It will be up to you to research items first to see whether they should be disabled)
- Exit WinPatrol.
.
If you've disabled something you later wish to re-enable, do the following.
- Launch WinPatrol (as described above).
- Click on the Startup Programs tab.
- Click on entry you wish to re-enable.
- With a disabled entry, the Disable button will turn into an Enable button.
- Click Enable
- Exit WinPatrol
-
I did that, rebooted. It seems to reboot a lot faster without all the junk that it starts up with the desktop and what not. I'm amazed ha ha.
Also, I like the way I can understand the Startup 1.3 program, so I think I might stick with that.
Also, I am looking through startup 1.3 and I noticed there are 2 of the same file listed... Why I don't know... Here's the list...
ctfmon.exe and both are from same location on the computer which is: C:\WINDOWS\system32\ctfmon.exe
Any ideas? Also, I was curious... Should I have my new virus program started up with windows so it's on at all times or no?
-
Should I have my new virus program started up with windows so it's on at all times or no?
Yes definitely!!
C:\WINDOWS\system32\ctfmon.exe
I was just going to mention that. You can't turn off ctfmon by normal means. you have to do multiple steps.
How to turn off the speech recognition and handwriting recognition features in Office XP (http://support.microsoft.com/kb/326526)
-
I made a log file of what was in the startup 1.3 program, I hope you don't mind. I'm not sure what to disable and what to keep enabled. Some of the ones listed, I have no clue what in the world they are.
[recovering disk space -- attachment deleted by admin]
-
I would turn off SpybotSD TeaTimer and leave it off. It doesn't offer that much protection and uses too many resources.
SSBkgdUpdate - ScanSoft OmniPage auto updater. This program is not required to start automatically as you can run it when you need to.
Adobe Reader Speed Launcher - Not needed.
SunKistEM - Used by your computer to communicate with your Alcor_Micro Multimedia Card Reader. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it.
WinampAgent - Not needed.
Related to LifeChat from Microsoft. - Up to you. Not needed to run at startup.
OpwareSE4 - ScanSoft's OmniPage_Pro. This program is not required to start automatically as you can run it when you need to.
QuickTime Task - Not needed.
Adobe Gamma Loader.lnk - Not needed.
-
Also, just curious about the whole SpeedFan... How do I read it, and what do I read to get the information? LOL Do I just want to take a screen shot and post here so you can see what it looks like because it looks like a whole other language to me. ha!
Actually, here's a screen shot now. LOL
[recovering disk space -- attachment deleted by admin]
-
Scroll down this page and see the chart for temps. I'm not very educated in this area to know what I'm talking about. http://www.technibble.com/what-is-my-computers-maximum-cpu-temperature/
-
You know what, I'm just going to say it's all good with the temp because I looked at the site, i looked at the program and was like... :o So yeah, anything else you can think of that would help computer run smoother or check for any other things that you can think of?
-
I think we have done all we can. I'm out of new ideas...
-
Okay, well thank you until next time!
I really do appreciate you taking the time to help me! I really do.
-
No problem ;)