Need help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Lee07666, Aug 26, 2014.

  1. Lee07666

    Lee07666 Private E-2

    ok, i ran everything.
    please see attached.
     

    Attached Files:

  2. Lee07666

    Lee07666 Private E-2

    Re: Everything Moving Slowwwly...Please Help!

    and tdss attached
     
  3. Lee07666

    Lee07666 Private E-2

    Re: Everything Moving Slowwwly...Please Help!

    attachment
     

    Attached Files:

  4. Lee07666

    Lee07666 Private E-2

    Re: Everything Moving Slowwwly...Please Help!

    i did notice a trojan in one of the results but i didn't remove it because the instructions said to "ignore" for the time being.
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Fix everything Hitman found. Reboot and rescan with Hitman and attach the new log.
     
  6. Lee07666

    Lee07666 Private E-2

    it's telling me that because i used hitman pro in 2011, my "trial" has expired and i need to pay $24.95 to remove the malware.

    please tell me there's another way.
     
  7. Lee07666

    Lee07666 Private E-2

    so i went and manually removed the files listed in hitman pro.
    i ran the scan again and no threats are present.
    computer is still relatively slow
    please advise!
    thanks
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your slowness is not a malware issue.

    Please explain what operations are slow! For example answer the below:
    * Is boot up slow?
    * Is shutdown slow?
    * Is browsing/surfing slow?
    * Is downloading slow?
    * Is running any application?
    * Is it also slow in safe boot mode?
    * Also are any process showing in Task Manager to be using a lot of CPU time?
    * Anything else slow?
     
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What about the zero access infection?! Has that been removed yet? :confused

    ScorpionSaver <<< Needs uninstalling too. I have not checked the logs properly yet. there may be more.
     
  10. Lee07666

    Lee07666 Private E-2

    i didn't think it was malware, but they kicked me here first in order to eliminate the possibility.

    * Is boot up slow? - what takes the longest is my desktop being fully ready to go without the hourglass hanging.

    * Is shutdown slow? - a bit. when i do a restart there are times i get the pop up window showing a specific program taking time to close (and i have the option to click "end program" manually). this is usually for skype, but sometimes i see extensions that i don't recognize.

    * Is browsing/surfing slow? painfully slow and my biggest issue (i use chrome)

    * Is downloading slow? incredibly slow as well

    * Is running any application? i mostly use internet, photoshop, word and excel. opening these applications takes a very long time.

    * Is it also slow in safe boot mode? it's faster in safe mode

    * Also are any process showing in Task Manager to be using a lot of CPU time? sometimes i hear the fans running when i'm not even working on the PC. i see a lot of svchost.exe's running. i've tried ending the processes, but they are immediately replaced by new ones. chrome seems to be high on the usage scale as well.

    * Anything else slow? i'm not the fastest runner in my family...but i can type pretty quickly. (no, nothing else) :)
     
  11. Lee07666

    Lee07666 Private E-2

    i couldn't remove anything via hitman pro (it required a security key) and i could not find the other programs manually (looked, but couldn't find them).
     
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    TimW will post a fix shortly to address the problems. Malware is the cause.

    More to do then. TimW will incorporate what Hitman finds into a fix of his own. Also the host file needs repairing.
     
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You did say you re ran Hitman though and that no threats were present. Which is the case please? Then you said you could not manually delete all it found.

    Re run both Hitman and RogueKiller please and attach the logs from the new scans.
     
  14. Lee07666

    Lee07666 Private E-2

    i manually removed the issues that hitman pro called "threats".
    some files it identified didn't seem to be actual threats (like "zero access") and i couldn't find them anyway.
    then i rescanned and got a clean scan.

    i can't run anything until later today (at work now)
     
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Probably because they are hidden.

    Yes, post the two scan results later today please, it's always best to be safe sorry isn't it.
     
  16. Lee07666

    Lee07666 Private E-2

    here is hitman again.
    after running this, i removed arcadeweb manually
    but when i tried to remove the next one A011... i received an error message saying the program was in use by someone so i couldn't delete it.
    the next 2 "HKU" files - no idea how to find those.
     

    Attached Files:

  17. Lee07666

    Lee07666 Private E-2

    RK report attached.
     

    Attached Files:

  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK RogueKiller no longer shows signs/traces of a zero access infection. I would like for you to attach a log of what Hitman is finding rather than a screenshot. Thanks.
     
  19. Lee07666

    Lee07666 Private E-2

    hitman report attached
     

    Attached Files:

  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.
    Code:
    :Files
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0116558.exe
    
    :reg
    [-HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0}]
    [-HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}]
    
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program


    Now re run Hitman and attach the log.
     
  21. Lee07666

    Lee07666 Private E-2

    OTM log attached
     

    Attached Files:

    • OTL.Txt
      File size:
      263.3 KB
      Views:
      4
  22. Lee07666

    Lee07666 Private E-2

    hitman attached.

    just pulling up this browser (by hitting "new reply") after running these programs you gave me, froze my PC.
     

    Attached Files:

  23. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    No - what you attached was --> OTL logfile created on: 7/2/2011
     
  24. Lee07666

    Lee07666 Private E-2

    oops. here you go
     

    Attached Files:

    • otm.txt
      File size:
      4.1 KB
      Views:
      2
  25. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    How confident are you in the Windows Registry?

    These still remain: Are you able to delete them?

    • HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0}
    • HKU\S-1-5-21-3534371746-1935322057-1064774181-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}
     
  26. Lee07666

    Lee07666 Private E-2

    i actually tried to find those items, but couldn't.
    then again, wasn't really sure where to look.
    i'm confident with guidance, but certainly not on my own.
     
  27. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Actually they are only minor junk, so we can ignore and it wouldn't be a problem. What actual malware problems remain now please?
     
  28. Lee07666

    Lee07666 Private E-2

    none that i know of.
    pc is still spotty though...sometimes faster than before, sometimes still dragging as slowly.
     
  29. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds