Mystery File / I'm ready to send my hijack this log file

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by IceMaiden, Jan 14, 2005.

  1. IceMaiden

    IceMaiden Private E-2

    mystery file?

    Hi, I have done all that you said in the tutuorial up to running HiJack This and am ready to post a log file. What I did before removed a registry key for side step but there is still a tab in my internet explorer bar under view, toolbar, sidestep. I need help to remove this. Symptoms that led me into this: almost imossible to shut down computer-Windows 98, always sounds like something else is signing on and signing off, desktop is rearranged and things just disappear including wallpaper screensaver, when I tried to run defrag it said couldn't run because disk was corrupted, when I tried to run scan disk it said a system file was missing. Each day running the computer is more difficult to run. When I was running the scanner a message popped up and said, "scanner is calibrating, do not open cover, will take one minute" After that, everything I scanned to fax, the faxed part was solid black. Eventually scanner quit altogether and had to be reinstalled. When I was using lotus to type a paper, a message popped up and said something about a better version, did I want to save, and when I said yes, my good version disappeared forever and I was left with an older incomplete version. It's like having gremlins inside the computer all the time.
    Finally, the MYSTERY FILE! And no I'm not hallucinating but I was drinking a beer at the time...I needed to print a copy of a tax form stored in My Documents. a message came on and said,"Cannot print, not enough memory. Please close other things running but nothing else was running. Thinking this was a printer glich I tried moving the file other places, including sending it as an e-mail to myself. At first when the file would come in , it would read done but there was nothing there like it was invisible. This happened several different places. Later, when I went back and checked it again, the file was there. Finally, I thought of just trying to pick it up in my fax machine, Ring Central, because ultimately I wanted to fax it out anyway. I went to get it with Ring Central and a message said,"There is no attachment with this file, do you want to open it in Notepad, I said yes, it said, The file is too large, do you want to use wordpad, I said yes and so it starting loading. 700 pages later, I shut it down, afraid it might take over my whole computer. So then, I went to wordpad and opened the file. It was all in coded symbols. Millions of them. I started to print it in my Canon and almost every line of symbols represents a different page, some pages have nothing at all on them, some just one square symbol, and some as many as 12 lines of code. I have no idea how many pages are hiding behind this one file or where it came from? I haven't deleted it because I want to find out what it is and what it's ramifications are. Any takers out there? I tried to load it onto a diskette and again there was nothing there. Thanks for any help. Hurry, before my computer doesn't work at all. IceMaiden from the land of ice where it was 18 below zero last nignt! brrr...
     
  2. IceMaiden

    IceMaiden Private E-2

    I'm ready to send my hijack this log file

    Why is no one responding to my posting? Did I do something wrong? I thought that I had done everything in the tutorial that you said to do first, and I have run HiJack this 1.99. See my posting earlier today for more information.
    Thanks, IceMaiden
    and if I am posting incorrectly, please let me know.:confused:
     
  3. PhilliePhan

    PhilliePhan Guest

    Re: I'm ready to send my hijack this log file

    Please attach your HJT log. There are only a couple of us offering advice here and we lost you in the shuffle - Sorry :)

    I merged your threads so we won't get confused.

    PP :)
     
  4. IceMaiden

    IceMaiden Private E-2

    I am having trouble attaching my log file. It said my Fix Autoupder.exe file is missing. So I printed and then rescanned the logs into bitmap because that was one of the file formats that you could upload but so far, I push upload files and it says it is it is uploading but I wait and wait and nothing happens. I don't think bitmap is a very good format but you don't accept tif. Can you tell me what I am doing wrong here or a shortcut to getting those log files to you. I'm not very adept at working between files. Thanks so much for offering to help me. I know I shouldn't have named myself IceMaiden. It's 35 below zero here now.
     
  5. IceMaiden

    IceMaiden Private E-2

    Re: I'm ready to send my hijack this log file

    Thank you so much for offering to help me. Sorry I'm having trouble attaching the log file.
     
  6. IceMaiden

    IceMaiden Private E-2

    Re: I'm ready to send my hijack this log file

    I think I did it but I don't know if you wlil be able to read it. Thanks for being patient! IceMaiden
     

    Attached Files:

  7. PhilliePhan

    PhilliePhan Guest

    Hi IceMaiden,

    I am (happy? / sorry?) to say that I do not see anything terribly evil in your HJT log. At least nothing that would cause the kinds of problems you describe.

    There are a few lines that can be fixed with HijackThis:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
    O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL (file missing)

    But they are not causing the problem.

    O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE ---> This is legitimate, but makes me wonder. Please take a look at this link: http://support.microsoft.com/?kbid=831426
    Could it be that this is running?

    I think you can pretty much rule out Malware as a cause for this problem.
    Perhaps you ought to ask the guys in the Hardware forum for an opinion?


    Let me know what you think. I will try to check back tonight, but my weekend is busy and may not be able to hit this forum until Sunday Night.

    PP :)
     
  8. IceMaiden

    IceMaiden Private E-2

    Thanks so much. I will look at all of this and get back to you. IM
     
  9. IceMaiden

    IceMaiden Private E-2

    I fixed the items you said to fix with HiJack This.I uninstalled ConfigSafe. It came bundled with the computer and I never liked it anyway. I went to the page you said on Microsoft. I have Win98 not XP but it gave me the idea anyway and so I went and disabled for the time being all of the maintenance programs that were scheduled to run at all different times. I think you are right that there is something wrong with the hard drive and I will talk to those guys but I still don't feel completely sure that there isn't some, yet undetected malware hidden in there. I will try to be more specific and list problems.
    1.My task bar and startup bar keep changing.
    2.Something is changing my desktop and taking things away.
    3.Sidestep is still in my explorer bar- Go to View-Explorer Bar-Sidestep(I would like to learn how to remove this)
    4. The file that has over 700 pages of symbols that I can't read when it should only be a one page file stored in My Documents. (Please refer to 1st posting)
    5. I still can't shut down properly.
    I have since run a-squared but it found nothing. I would like to run the ADS
    scan if someone would be able to help me interpret it.
    Thanks again for help.
     
  10. PhilliePhan

    PhilliePhan Guest

    Hi IM,

    Did you remove SideStep via Add/Remove Programs?

    Did you remove the SideStep files from Program Files Folder & search for any other instances? That BHO you removed was SideStep related.

    You should remove these via HJT if they are not desired:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.traffer.ru
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.traffer.ru


    I also wonder about TextBridge:

    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

    Has this caused any issues?

    If you like, please unzip this tool to the folder of your choice and run Find.bat I doubt it will find anything, but we'll see.

    Find It 9x/ME

    Then, attach that log and a fresh HijackThis log and we'll take another look. I am not sure I'll be much help here - Not too familiar with Windows98. Definitely think things are cattawumpas, but not sure if Malware to blame!

    PP :)
     
  11. IceMaiden

    IceMaiden Private E-2

    Yes, I did remove Sidestep with add/remove but I am not sure if I used that tool the first time I tried to remove it but I know I did later on. I also removed it with EasyCleaner because when I ran Easy Cleaner there was still an entry there for Sidestep. I was able to remove the entry from Easy Cleaner's add/remove but there is still an entry for Sidestep in my explorer bar and there is still an entry that I can't delete
    in my Windows Add/Remove Programs. I removed the two entries with HiJack
    that you suggested removing and I also removed TextBridge altogether. I had tried to use it not long before I had the trouble with the scanner.I couldn't get Textbridge to work properly and I don't know where it came from so I uninstalled just uninstalled it. I ran the Find it9x/Me and I have attached a log and a new hiJack this log. Nothing has rearranged my desktop in the last two days or changed my start bar. However, I still can't shut down properly. It ends up going to a screen with strings on it that looks like the matrix and I have to finally use the shutdown button on back of the computer and then turn it back on to get anywhere.

    You haven't commented yet on the weird file. Thanks, IceMaiden
     

    Attached Files:

  12. PhilliePhan

    PhilliePhan Guest

    I have no idea what the weird file could be. . .
    The two logs show nothing to be alarmed about. I do not see the cause of your problems there.
    The problem at shutdown could be an OS issue. Certainly seems more likely to be Software related than Hardware. I'm sorry to say that it may be beyond my meager abilities to diagnose the problem long-distance via this forum.

    I am going to leave a message with one of our more knowledgeable members to see if he can offer an opinion as to how to proceed.
    Hang in there!

    PP :)
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Win9x shutdown issues were notorious. There were many reasons for having shutdown problems. You should search on MS Knowledgebase.

    Here is one link: How to troubleshoot Windows 98 shutdown problems

    Here is a list of other possibly related issues:
    http://support.microsoft.com/search/default.aspx?query=shutdown&catalog=LCID%3D1033&pwt=false&title=false&kt=ALL&mdt=0&comm=1&ast=1&ast=2&ast=3&mode=a


    Your last HJT log looks like it was from safe mode. You need to post logs from normal boot mode.

    As far as this file you mentioned. Perhaps it is just a binary file that is not supposed to be print. What is the full file name (including the 3 character extension at the end)?
    Maybe it's a PDF file or a file that was created for Postscript printers.

    One thing I noticed (and I don't know if it has been mentioned), you way out of date with your Internet Explorer updates. Obviously Win98 itself is old, but are you also out of date with you Win98 updates? (Is this a cause of all your problems. No not necessarily. But being that out of date is a severe security risk). You should go here and check for updates: Windows Update
     
  14. Turcoloco

    Turcoloco MajorGeek

    I was amazed with the extra effort PP has shown, great work PP and I must admit I read the whole thread ( :rolleyes: my eyes hurt) and I have to admit my thoughts swang from virus to HW to SW to virus to HW back to....this would honestly be where I personally would draw the line and re-install the OS (I can hear Kodo's and PP's screams already) but let's troubleshoot this problem a bit and see if I can provide some help:

    First off, download Startup Control Panel right from MajorGeeks and for our troubleshooting purposes, disable (meaning UNcheck the boxes so they appear 'clear') each and every startup entry on each page (except of course the 'Deleted' page). This way if the problem still continues then simply re-checking the related boxes would re-enable the startup entries though in my opinion no program has to start along with Windows except a real-time virus scanner if one was installed. After disabling all the entries (yes try all please), then reboot then try to shutdown and see what happens.

    If Windows shutdown problem still exist then try this:
    download the Windows98se shutdown supplement from M$ site and install it to see if it remedy your problem. To download click on 'Next' on the page that opens up from that link, once downloaded to your machines double-click on run the patch. Let us know how it went afterwards. ;)
     
  15. IceMaiden

    IceMaiden Private E-2

    IT's A Miracle! I did the Start-up Control Panel and unchecked everything. I was able to shut down and start back up for the first time in weeks. I will look at everything else suggested by you and Chaslang tomorrow. My poor tired brain might mess up something serious, if I try it tonight. And you're right PP did a wonderful job of working on this. Thanks so much, IceMaiden
     
  16. PhilliePhan

    PhilliePhan Guest

    That's nice of you to say, but PP was pretty easily stumped on this one! Fortunately, I'm not to proud to ask smart guys like Turcoloco for help ;) Hopefully you guys will work this one out!

    Best luck :)
    PP
     
  17. Turcoloco

    Turcoloco MajorGeek

    Good Job Maiden! Great teamwork, huh? Anyhow, I'd suggest you leave everything unchecked the way they are...not only the system will shutdown (shutdown faster) but also the startup times would be quicker as well. Your programs should still start and run the same way regardless.

    My take on the cause: a problematic process running in the background and locking the thread not letting the kernel end it, it could also be a device driver most commonly for modems but since you didn't havethe problem occruing after connecting to internet via dial-up that was obviously not the case! I am guessing it was the real-time virus scanner or one of the internet filtering/security programs I recall seeing on the HJT list.

    Follow Chas' instructions for the other problem and repost again letting us know what is still a problem (if any).
    Take care. ;)
     
  18. IceMaiden

    IceMaiden Private E-2

    I am attaching my Hijack This file from normal mode. Sorry, I was confused and thought it was supposed to be from safe. I am slowly going through the steps you suggested with Microsoft TroubleShooter. And it is very slow for a "wannabe geek"! I declared my miracle too soon. It was fine when I added Nortons 2005 back into start-up but failed to shut down when I reinstalled my Canon Scanner. Maybe, I will find out it is only the scanner. Will post back when I determine something or need more help. Thanks so much. IceMaiden
    P.S. I still would like to remove that Sidestep bar from Explorer Toolbar. I know it can be done because someone helped me removed one a year ago. I haven't been able to find the record of that posting.
     

    Attached Files:

  19. IceMaiden

    IceMaiden Private E-2

    Now I am attaching the log from FindThis from normal boot mode. I am curious about the entry with Troj in them. They look suspicious to me.
    Thanks, IceMaiden
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to do what I mentioned way back in message #13. Without doing this, you are going to keep having problems! Do it now!

     
  21. IceMaiden

    IceMaiden Private E-2

    I do have most of the windows updates that I thought applied to my computer. Re: Internet Explorer Update, do you mean to IEBrowser 6.0? We used to have 5.0 and tried to upgrade to Internet Explorer 6.0 with Service Packs. It almost brought our whole computer down so we didn't think our computer was new enough to handle it. We removed it and got 5.5. Maybe we misinterpreted what happened but this also happened to my brother. I have been afraid to go to 6.0 since then. Can you comment on this?
    The other mistake I made when trying to attach my log from Findit9xMe was just operator error in reading directions, not the computer. It should be attached this time.
    Thanks, IceMaiden







     

    Attached Files:

  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is called Internet Explorer not IEBrowser and yes that is what I mean. I run it on many different Win98 systems with no problem. What is your Processor type and speed? How much RAM do you have?

    Most is not all! You need ALL!
     
  23. Turcoloco

    Turcoloco MajorGeek

    Hello again IceMaiden, I can see Chas has been helping you with the infection and system patch process...anyhow, I just wanted reply to your 'PS' request about the Sidestep bar issue which I am sure Chas was going to handle in due time but I wanted to let you know that my downloading the free ToolbarCop from MG, you can disable/delete that entry from IE tool bar, ok? It is a stand-alone utility meaning you don't have to install it and it is fairly straightforward to use but if you need help just let us know.
    ;)
    Take care.
     
  24. IceMaiden

    IceMaiden Private E-2

    Success! I used the ToolBar Cop download and Sidestep is gone from the Toolbar. Thanks so much for helping with this. Ice Maiden
     
  25. IceMaiden

    IceMaiden Private E-2

    I have 160 Ram and My processor is AMO-K6-2/333. I am ready to update to the Internet Explorer 6.0 if you think my processor can handle it. Thank you. IceMaiden
     
  26. Turcoloco

    Turcoloco MajorGeek

    Since you are using Windows98, 160MB RAM is plenty for most anything and upgrading to Internet Explorer 6 with all service packs should not pose any problems.
    I am glad to hear you got rid of the sidestep nuisance...good job! ;)
     
  27. IceMaiden

    IceMaiden Private E-2

    I installed successfully the Internet Explorer 6.0 and all of the updates. The only ones I didn't add were
    all of the languages, agent 2.0, Reg.Wizard Update, and Euro Conversion Tool. Do I need to add those as well? I haven't had any problems from the new browser. Improvements are that I can now run DiscScan without error and Defrag without it stopping. However, the miracle was shortlived on shutting down. Once in a while it reboots without a problem. Sometimes, you can restart it with ctrl/alt/delete but most often it says: a fatal exception has occurred. push any key and if you do this it goes to the blue screen with all the strings running down it and you have to shut down from the button on the back of the processor. After doing this, it starts up just fine. It's just the shutdown.I will continue to go thru the steps offered by Microstart Troubleshooter but if you have any other ideas I would appreciate it. I have also taken everything out of start-up including Norton's and I have uninstalled the printer and the scanner. Thanks again, Ice Maiden
     
  28. Turcoloco

    Turcoloco MajorGeek

    Hi IceMaiden, I am not sure what Chaslang or PP will suggest but I don't believe you need any of those add-ons you mentioned up above, so it is ok if you didn't d/l and install them. For the shutdown issue, have you tried downloading and applying the Windows98 shutdown supplement I mentioned a few posts ago? Try that if you have not (even if you did apply it, after the updates you might have to re-do it).
     
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I agree with Tuurcoloco! You don't need the other updates.

    As far as shutdown issues! You need to finish working thru the links that he and I gave you. Note I suspect a possible hardware/driver conflict. I have seen many cases where this shutdown problem existed and systems were fully updated and all apparent suggestions from MS were tried accept changing out hardware. And in all of the cases it was the a hardware conflict of some sort. In most cases, it was a dial-up modem board conflict that for some reason (even with lastest modem drivers) was not truly supported. In a few cases there were problems with a Network Interface Card (NIC) that was being used.

    How do you connect to the internet? Is it via dial-up? If so, you could try removing internal modem and experimenting to see if it always shuts down with out the modem being installed. Obviously you would not be able to connect to the internet but you can run other things.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds