Computer Running Slow, Need Help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by marcinito, Feb 29, 2008.

  1. marcinito

    marcinito Private E-2

    Hi!

    I have a problem with a Toshiba Satellite running slow. I have already done some maintanance tasks myself including, uninstalling unused apps, CCleaner, cleaning Startup and Disk Defrag with IO SmartDefrag.

    I have downloaded HijackThis, in order to show you what's up with my registry, but I'd rather wait for your instructions on how to use it.

    There's also a bunch of pre-installed apps that come with this laptop. I have never tried to remove them, as I though it might damage the performance of the machine, but they seem to me as useless - at least I have never used them. Should I leave them alone, or bin them (Toshiba Assistan, Notebook maximizer etc.)?

    Looking forward to your advice!

    marcinito
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Slow PCs are not always are not always caused by malware. This is the Malware Removal Forum and we cannot decide for you which valid programs you may or may not use or need. You need to decide that and uninstall what you don't use or need.

    If you wish to find out if you are having malware problems then please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. marcinito

    marcinito Private E-2

    Hi again,

    It took me a while (since the computer is running slow..), but I now have all the requested logs.

    The problem with this machine is that it's running slow. I started having this problems a long while ago, at least some months, and it has gradually been getting worse, so that now it takes ages to boot and open any applications. It also tends to freeze.

    In addition to your guide, I freed some hard disk space. After the scans it seems a tiny bit more responsive, but I don't think it does the trick.

    Thanks for all the help!
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have the below infection:

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FAUTORUN%2EDY&VSect=P



    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    After clicking Fix, exit HJT.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    File::
    C:\WINDOWS\system32\psgtxbv.exe
    C:\WINDOWS\system32\trab.exe
    C:\WINDOWS\Tasks\A934E814918F9F3C.job
    c:\docume~1\niki\applic~1\ballab~1\Lovepuresign.exe
     
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a316b632-6e98-11dc-80b4-00c09febdc72}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b286b4a4-ac0b-11dc-811e-00c09febdc72}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  5. marcinito

    marcinito Private E-2

    something went wrong.

    everything was all right until the combofix started working. I did everything as you told me. Once I dropped the CFscript.txt on top of combofix.exe it produced an error message with two options: Closer or Ignore. I clicked Ingore. 5 seconds later it produced another error. I clicked close, but the program kept running. It produced some 20 error messages like that, to which I kept on clicking Close.

    Now the program is still running, stopped on Completed Stage 41 and doesn't do anything. I am writing from another computer.

    What should I do?
     
  6. marcinito

    marcinito Private E-2

    hey, no reply from you.
    any ideas what to do now? I restarted the computer and don't see any damage, but I guess the malware is still there, since the operation you advised didn't work.

    peace
     
  7. marcinito

    marcinito Private E-2

    guys, please let me know what's going on!
    if you're working on this issue, tell me so - I'll wait.
    if not - would like to look for help elsewhere...:confused
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Each of these posts just cost you further delay. The first one cost you 2 days. And the second one cost you another 2 days. Please read the sticky/pinned threads posted in the forum. In particular see this: Don't Bump! It Only Hurts You!!! We are incredibly busy and the best thing you can do is post you first message and then wait for a response. If you post anymore messages, you loose your place in the queue as stated in the above sticky thread. Potentially if you kept posting, you would never get an answer.


    Please attach the follow MGlogs.zip file that was requested so we can see where things are at. If a new ComboFix log was generated, attach it too.
     
  9. marcinito

    marcinito Private E-2

    hi!

    sorry for the late reply. here are the attached logs. i didn't ru combofix anymore after it returned errors so im not sure about the date of the report.

    thanks for help!
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs appear to be clean. If you are not having any other malware problems, it is time to do our final steps:
    1. Uninstall COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
      • Click START then RUN
      • Now type cf /u in the runbox and click OK.
      • Note: The space between the cf and the /U, it must be there.
    2. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    3. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    4. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    5. After doing the above, you should work thru the below link:
     
  11. marcinito

    marcinito Private E-2

    thanks for reply chaslang!

    I did all the requested operations and installed the preferred software in order to protect myself from spyware / malware in future. that was yesterday. today my windows explorer crashed - just like that. twice. i had to restart it manually from the task manager level. now i am running Spybot S&D scan, but i am afraid something is wrong. any suggestions?

    p.s. i will update this post as soon as i have the scan results.

    thanks again for all your help.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    While Windows Explorer crashes can be due to malware, they are often caused for other reasons. Often times it is a software conflict of some kind. Spybot will not find problems like this and neither will any of the other malware scanners. Normally you would have to look at the Event Log in Windows to try and see if there are any messages showing up there to indicate problems. You could try the below; however if it turns out to not be malware, I will be sending you to the Software Forum.

    To do so, you need to view the event log

    Do the following:
    Start -> Run
    type eventvwr.msc
    Click 'OK'

    Click System, scroll down the page, and look for an error around the time you Explorer shutdowns

    Right-click on the error and select 'Properties'. I need to know exactly what is in the Description Field. Word for Word.


    Now just to be on the safe side to make sure no malware has found its way back in, get me a new log from MGtools and run the below and attach the log

    Using Sophos Anti-Rootkit
     
  13. marcinito

    marcinito Private E-2

    Spybot found AdRevolver and HitBox and fixed it. Do you think it might have been the cause? Do you still need the MGtools?
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! They are just cookies and are not problems.

    Are you still having problems? If yes, then you need to do all of what I requested.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds