XP nightmares...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by midnite_gin, Mar 8, 2006.

  1. midnite_gin

    midnite_gin Private E-2

    I am running windows XP, SP2 installed - and somewhere along the way I got a nasty bug - I have used Norton 2006, AdAware, Spybot, SpySweeper, Trojan Hunter, Microsoft Anti Spyware and AVG - but none of these will find what is causing my task manager to work improperly - even after I run them all in safe mode as well.

    I did see windows trying to shut down a process called "sw.exe" when rebooting one day, but I have been unable to locate it anywhere on my system.

    I am attaching my most recent HJT log...if anyone can help I would be very greatful. I hope that I have not left out any steps...sorry if I have.
     
    midnite_gin, Mar 8, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    Do not attach a HijackThis log until you have completed all steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support There are also two logs from online scanners that must be attach first too. And all steps must be run BEFORE HijackThis is used to get a log.

    You need to explain what your problem is with Task Manager. Saying it does not work properly does not tell us anything useful.
     
    chaslang, Mar 8, 2006
    #2
  3. midnite_gin

    midnite_gin Private E-2

    Okay, I followed all the steps in the link you posted - my system info is as follows:

    OS: XP home with SP2
    CPU: AMD Athlon XP-A, 2200 MHz
    Motherboard Chipset: VIA VT8378(A)
    Memory: 448 MB
    BIOS Type: Award, Phoenix - Award BIOS v6.00PG

    I am attaching my Bitdefender and Panda Scans - as well as my HJT log.I got rid of AVG and am only running on Norton antivirus 2006 at the moment.

    My Task Manager problems go like this: when I Ctrl+Alt+Delete I can only view current tasks and am unable to tab over to my processes to see what is running. I can't even close it without right clicking in my system tray to close.

    Any help would be much appreciated, otherwise I am about to wipe my box and start fresh - not a pleasant idea as I do most of my work from this PC.

    midnite_gin
     

    Attached Files:

    midnite_gin, Mar 9, 2006
    #3
  4. midnite_gin

    midnite_gin Private E-2

    okay...found the answer to my task manager problems in another post, but would really appreciate if someone could take a look at my logs...I feel like there are still some bugs on here...
     
    midnite_gin, Mar 9, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Start by emptying your Symantec\Norton AntiVirus\Quarantine folder.


    Did you buy AdwareAlert? If not, uninstall it as it is of no use to you. Also at one time it was considered a rogue and it still is not a very good application.
    Did you install Remote Packet Capture Protocol (also called WinPcap)? Some people install it when installing Ethereal. If you did not install it and do not know why you have it, use Add/Remove programs to uninstall it.

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\WINDOWS\country.exe
    C:\WINDOWS\drsmartload2.dat
    C:\WINDOWS\tool2.exe
    C:\WINDOWS\tool3.exe
    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Mar 9, 2006
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds