DSL effect only

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Perry smith, Jun 9, 2008.

  1. Perry smith

    Perry smith Private E-2

    This problem only happens when using DSL service, when using "air card" i.e. broadband over cellphone signal it doesn't happen. The SERVICES.EXE takes over the processor. Sent spybot and i think 2 ver of combofix, will send C: files next for SAS and MAW. Have been running heatseeker on U3 drive, went for an update denied access to mat. Want to erase all data on U3 drive but scared to even plug it in, as the software selfloads.
     

    Attached Files:

  2. Perry smith

    Perry smith Private E-2

    that was 2 copies of MAW, couldn't find combofix.txt. MG logs included. The SERVICE.EXE will run temp when using air card. but doesn't come back. Can I just delet SERVICE.EXE? Want to eliminate alot of start up programs as well about 5 w/ .dll will try to run combofix again.
     

    Attached Files:

  3. Perry smith

    Perry smith Private E-2

    got the combofix.txt. A few notes, went to a site gurillapokerwars.com before the DSL service. Someone @ UB said it was a virus. The way the site looked I was sup from the start but nothing happened. Also noted a zlob.download.bs on a file a while back. Though it's prob on the logs, i noted C:p F \spybot include error log and a C:pF\SB-s_d\Includes\Trogans.sbi but Im prob not telling u anything not on the logs
    TYVM
     

    Attached Files:

  4. abri

    abri MajorGeek

    Hi Perry smith,
    Welcome to Major Geeks!

    Please attach the logs for SuperAntiSpyware and MalwareBytes. What you attached were logs for a game.

    abri
     
  5. Perry smith

    Perry smith Private E-2

    Sorry about that, thought I saved mbam twice and mistook Romance of the 3 Kingdoms for log file. Thank YOU so much for the time given me, please let me know how I can return the favor. I just noticed last night the SERVICE.EXE is running while using the air card as well, so it's not restricted to DSL like I thought. Love the avitar, used mosaics in the 90' w/ OS/2 warp. Prefer to use netscape vs. IE anyday. I greatly appreciate the help.
     

    Attached Files:

  6. abri

    abri MajorGeek

    Hi Perry smith,

    I'm not sure if this is a malware question, but there are a couple of things to look at before I ask you to start a thread in the Networking section.


    Please do the following:


    4) I would like to have you use ComboFix to look at some files and remove one bad one.


    • Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):


    Code:
    KILLALL::
    
    DIRLOOK::
    C:\Documents and Settings\User\Application Data\U3\[U]0[/U]CE1CB612333B8C2\9F88DF38-FEFC-4cea-A2EE-85738A3F3D93\Exec
    
    FILE::
     C:\Documents and Settings\User\Local Settings\Temp\9um1tnu5.exe
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below


    Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After you do the above, run CCleaner and then attach your Combofix log with your next post.


    What I did pick up in your HijackThis log is that you have entries for the following:
    Mobile Bytes
    Sierra Wireless
    AT&T
    Sprint
    Bell South
    If the entry I had you do the search on with Combofix doesn't show any signs of malware, then I expect the problem will lie elsewhere, but let's check that one folder, as the ControlSet key is unusual. The contents of the folder may give some information as to what that key is being used for.

    Thanks.
    abri
     
  7. Perry smith

    Perry smith Private E-2

    have yet to check the effects, but nothing was corrected in the process. It did run alittle longer than usual. How bad would it be to just delete SERVICES.EXE?
     
    Last edited: Jun 11, 2008
  8. Perry smith

    Perry smith Private E-2

    file didn't want to attach.
     

    Attached Files:

    • log.txt
      File size:
      12.7 KB
      Views:
      2
  9. abri

    abri MajorGeek

    Hi Perry smith,

    Services.exe is a Windows Operating System file. What you could do is to go to Start / Run and copy/paste in sfc /scannow and click on okay. If there's a bad file there, this should replace it with a good one. Try that and let me know how that goes.

    abri
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The first thing that needs to be done is one of the first items requested in the READ & RUN ME. And that is only one antivirus program should be installed. I see the below:
    • AT&T Internet Security Demo(SM)
    • AT&T Internet Security Wizard 1.5.11
    • Authentium AntiVirus SDK - 2
    • AVG 7.5
    It is quite possible that Authentium is what AT&T is using as their antivirus. But you need to decide whether you want AT&T or AVG and uninstall the other immediately.
     
  11. abri

    abri MajorGeek

    Hi Perry smith,

    After you follow chaslang's instructions, please do the following:

    1) Download and install Erunt. Use it to create a backup of your registry.

    2) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files". Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.
    Let me know if you get a success message with this.

    abri
     
    Last edited by a moderator: Jun 11, 2008
  12. Perry smith

    Perry smith Private E-2

    after preforming the CFscript.txt c&p d&d on combofix the problem has yet to show it's ugly head for several hours now.:cool It may be solved. will follow up on chaslang's advice to use 1 AV, didn't even know Auth was even there. My AVG 7.5 is out of date by almost 2 wks, should I uninstall then install AVG 8 free addtion? Will leave Erunt alone rt now. Want to reduce start ups, will exp using Spybot S&D. One thing I def want to do is update my BIOS. I will be going from ver 1.13 to ver 1.20, also requiring upgrade of Embedded Controller Pro from ver 1.3 to ver 1.6. The instructions look simple enough, but I know flashing the BIOS is not to be taken lightly. TYsVM for your help abri, and TY chaslang for giving your 2cents. Will wait to do BIOS until I hear back.:wave
    P.S. will be getting BIOS from lenova support & download
     
  13. abri

    abri MajorGeek

    That's good news!

    I don't like to take things out until I have a clue what they are, but making a backup sometimes works too.

    There are some people still having problems with AVG 8, even though they seem to be getting worked out fairly quickly. What I recommend for the moment is reading the recommendations in
    How to Protect Yourself from Malware and using the different programs recommended there. These will offer you the most protection for the lightest useage of resources.

    If you have any questions, you might find it helpful to post your BIOS intentions in the Software Forum. This will give you a source of feedback and experience.

    Also, I would like to post the final cleanup instructions for you. Due to the kinds of problems you've had, I would recommend keeping HijackThis and the backups folder. There is an extra step (marked with a small red * ) for moving this out of the MGTools folder before deleting the folder. Here are those instructions:
    abri
     
  14. Perry smith

    Perry smith Private E-2

    I will try to follow up on your recommendation, as I do value the time you took to help me. Shortly after my last post, my father passed away. I did want to relay one more effect. When logging on to my air card it use to take 3-5min. now it logs in matter of seconds. Do u lean toward the U3 file or the 9um1tnu5 as being the culprate <sp>? TY again, may be awhile to follow up.
     
  15. abri

    abri MajorGeek

    I think after both of those were removed, you were still having problems, so I'm betting on either the N or the multiple antivirus programs. Hard to know for sure without a lot of effort. One tries. :)
     
  16. Perry smith

    Perry smith Private E-2

    don't have system restore, W2K. didn't get backup when trans HJT. never used fixme.reg or sfc/scannow. all other requested files deleted. got a hint of where to go w/ ad-hoc internet access. May just leave BIOS alone. Thank you for all the help. Let me know if I can return the favor.
     
  17. abri

    abri MajorGeek

    Hi Perry smith!

    You're welcome. Reading through the How to protect yourself from malware thread and browsing the other forums here from time to time is the biggest favor you can do us. What you learn, everyone around you learns.

    Enjoy your computer!
    abri
     
  18. Perry smith

    Perry smith Private E-2

    It may be because I have more time to notice it, but the hard drive seems to be "spinning" alot more than usual. Used spybot only to have it "hang" on Zlobdownloader.bs w/ the HD constantly spinning. Don't know what it's accessing or why, it's usually starts and stops @ random. Have yet to check the 14K files after the hang. Still no problems w/ processor hijack but now it seem to have drifted to the HD.
     
    Last edited: Jun 20, 2008
  19. abri

    abri MajorGeek


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds