question re: malware removal thread..

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sammigold, Mar 5, 2007.

  1. sammigold

    sammigold Private E-2

    applications closing by themselves? Help please

    Hi there, Firstly Hi, I hope that I am posting in the correct forum!
    I am fairly hopeless when it comes to computers and I have been having this problem for sometime...it originally started when I was using internet explorer, I now use Firefox and it didnt happen for a couple of months but has started again and now happens whilst I am in other programs such as word, or window explorer or anything really...

    this is what happens..... everything goes crazy, it is like the mouse has had an attack and randomly starts opening and closing programmes and prompting me and beeping and acting as if I have clicked a million things (which I havent)
    It is very hard to explain... we have tried nearly every free virus checker under the sun. Spyware, and malware detectors.. and then yesterday I found your site. I found a thread which took me through all the scans I need to do to get your advice.
    I have followed the instructions to the best of my ability. I have copies of the logs from counterspy, bitdefender, but I was unable to get a report from the panda activescan although it said I had one spyware. It only gave me an option to buy the program not to print a report..so I dont have a report for that one.
    Anyway here are all the things I have collected....
    counterspy.txt
    bdscan.txt
    runkeys.txt

    and I will repost on this thread to add the other two
    thanks
    sammi
     

    Attached Files:

  2. sammigold

    sammigold Private E-2

    Re: applications closing by themselves? Help please

    here are the other logs..


    I hope I have done everything correctly I was petrified the entire time. lol

    I would appreciate any help that you may be able to give me...

    ps. my computer is very very old but cannot afford to upgrade at the moment.

    If you need any other information I will be happy to try and supply it.

    thank you very very much in advance
    cheers
    sammi:wave
     

    Attached Files:

  3. PrivatePile-sir

    PrivatePile-sir Private E-2

  4. sammigold

    sammigold Private E-2

    Re: applications closing by themselves? Help please

    Sorry.... That is the thread that I read and did all the things that it said to do... so I will re post it then...:eek:

    thanks
    sammi
     
  5. sammigold

    sammigold Private E-2

    Hi, I posted a thread on the software forum but was told that I should have posted it here... I read your thread on malware removal and did all the things that it said to do and was still having the problem so then I posted my query in the wrong forum (doh).... Is there a way that someone can move it to this forum for me.? also I noticed that the thread said not to post log files in line with your post... sorry .... what does that mean?....confused

    please tell me so that when I repost my info I am not doing the wrong thing...
    I am not very computer savvy so please be patient with me.

    thanks
    sammi:wave
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I merged your first thread in Software with this thread in the Malware Forum.

    Text like you are reading right now is inline text. When you attached your logs (which is the correct thing to do) they are not inline! They are attachments. ;)


    99.5% of the time the problems you describe with your mouse are due to a defective mouse or just the mouse connection/cable. With your PC shutdown, unplug the mouse and blow any dust out of the connector area. Then plug your mouse back in and see if this helps. If not, borrow a mouse from another PC and test it out. It will probably work okay as the typical problem is the mouse is bad.

    You don't have any malware to be concerned with but I have a few things for you to do to get some updates to make your PC more secure and to improve performance.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Now download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    After clicking Fix, exit HJT.
    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

    Now reboot in normal mode

    Now attach the below new logs and tell me how the above steps went.

    1. HJT


    Make sure you tell me how things are working now!
     
  7. sammigold

    sammigold Private E-2

    Thank you so much for your reply... I will do all those things you say and get back to you as soon as possible...(I am so computered out at the moment.lol)

    I thought it might be a mouse issue but most of my friends who are more computer minded told me it sounded like a virus... I will go and try another mouse...

    as for everything else it will take me a few hours but i will definitely give you my results.

    Thank you for your time
    cheers
    and big kisses
    sammi
     
  8. sammigold

    sammigold Private E-2

    Hi, it is me again...

    I have performed all the tasks you advised and was doing very well until I did the final reboot.... and the computer would not restart in normal mode.. (I am currently in safe mode with networking so that I could post this)

    I tried reboot in normal mode 3 times each time it froze at the windows xp page where the little blue boxes pass underneath the windows logo...(I hope you know what I am talking about. lol)
    I then tried to reboot with last known good config and it froze in the same place. I was very relieved when it opened in safe mode so at least I can ask what I may have done wrong..

    The only weird thing that I felt happened was when I reset web settings... after I clicked on the delete all offline content and pressed ok an error code came up saying..... "The application or DLL c:\windows\downloadedprogramfiles\oscan81.ocx_x is not a valid windows image. Please check this against your installation diskette" then it had the ok box which I clicked (hoping vainly that that was the right thing to do) and about another 10 to 15 of these errors came with the same wording but different things like bdoscan etc....

    So I am sorry if I am being really dumb but have I done something really drastic now and ruined things.... it all seemed to be going so well up until then.

    thanks again in advance.... I was going to attach HJT log but didnt know whether you can run it in safe mode and thought I would wait to see what you would like.

    cheers
    sammi
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    None of what I asked you to do should have any effect on the ability to boot in normal mode. They are all just minor things that have nothing to do with boot up. Even a reset of web settings only clears all the junk left around in the temp folders for Internet Explorer. It has nothing to do with boot up.

    Yes attach a new HJT log from safe mode also attach a new log from ShowNew. Did you borrow a mouse to try out yet?
     
  10. sammigold

    sammigold Private E-2

    Hi there,

    Here are the Hjt log and the newfile log....

    I have not yet had the chance to borrow a mouse... because of time dif.. It was too late at night to get one but I did clean out the connection whilst the computer was shut down and I did clean out the mouse itself... and so far have not had it close down on me randomly...I will try and borrow my neighbours mouse when I get home..have to go out for a few hours now (work)...

    It (the computer) seems to open sometimes in normal mode but then if you try and restart it it wont start ..ie. I am still in safe mode posting this message.

    thanks again...
    sammi
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I see you either did not run Hoster to reset your Hosts file or you ran some stupid program to add thousands of lines to your hosts file again after running hoster. This is totally unnecessary and slows down surfing and performance while online. Please run Hoster and set your hosts file back to default.

    What is the below file dated with the wrong year?
    Code:
    "C:\Program Files\"
    txppro~1.exe  23 Apr 2009     2952704  "txppro-apc-1.exe"
    What ever it is, it does not belong here!

    Also do you know what the below huge file is from? If not, delete it:
    Code:
    "C:\"
    18a.tmp        6 Mar 2007   623808512  "18A.tmp"

    You're logs are clean but you can have HijackThis fix the below items which are not necessary to load at startup:
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


    If you PC sometimes boots in normal mode and sometimes does not, your problems are not due to malware. Sounds more like a hardware issue or a software conflict issue. It sounds like you are saying it boots up fine after a power down but it will not after a restart.
     
  12. sammigold

    sammigold Private E-2

    Hi,

    firstly I did run hoster (or at least I downloaded the program that your link referred to which said "hostXpert(formerly Hoster) 3.7) I made a file for it like you said and unzipped it into there then ran the program as you instructed selecting restore Microsoft hosts.

    I have not ran any programs other than the ones you have said and my boyfriend ran our normal AVG virus scan.

    I honestly dont know what those other 2 files are that you mentioned. I will ask my boyfriend whether or not it is related to his music program as he does alot of recording which takes up alot of space.

    I am sorry but I do not know what a host file is so what "stupid" program could I have run that does that :cry ... I promise I have only ran the programs you told me too.

    Although my mouse had a couple of spack attacks where it opens and closes things willy nilly....last night before I had cleaned the connection thing... could it have run something as it quite often opens up the "run" thing from start up?...although I have never known it to actually run something...

    I have not had any problems with my mouse since cleaning connection etc but I have obtained another mouse to check with..

    Also I use mozilla firefox now instead of internet explorer am I able to put that back as my default browser without wrecking anything...

    thank you for your time... and for your patience.

    sammi
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run Hoster one more time to reset to Microsoft default. Then immediately get a new log from ShowNew and attach it here.

    It is possible that a feature to manipulate the hosts file is in Tweak-XP Pro that you have running. I don't know since I have never used the program and documentation available does not say anything about the hosts file.

    Yes you can set FireFox to be your default browser.

    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
  14. sammigold

    sammigold Private E-2

    Thanks for your answer... I have rerun hoster and attached the shownew log that I made instantly after the Hoster program ran.

    I am quite happy to get rid of xp tweakpro if you think it is causing a problem.My brother put it on about 2months ago for us as he said it would help things run better. I dont really know anything about it so am happy to get rid of it if necessary.
     

    Attached Files:

  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No that should not be necessary. Your hosts file looks correct now.

    You can delete the below backup that was made of the old file.
    C:\WINDOWS\system32\drivers\etc\hosts.tmp


    Other than that we should be finished as long as you have completed all my final steps. ;)
     
  16. sammigold

    sammigold Private E-2

    I am about to complete them all this very minute.. just thought I would wait for the all ok!! Thanks so much!!

    Cheers,
    Sammi
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds