Malware or not? Can't decide.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dmb06851, Dec 19, 2014.

  1. dmb06851

    dmb06851 Specialist

    XP Pro running on HP Compaq DC7100, 160Gb, 106Gb free, 4Gb RAM.

    Machine has become increasingly slow over the last couple of weeks. From switch-on to Windows XP screen takes about 18s. XP screen displayed for about a minute, goes black for a few seconds, then the desktop icons and quick launch icons appear. Only the system clock at bottom right.

    At 2 minutes from switch-on the desktop icons are re-written, still only the clock at bottom right.

    Nothing more until 5 minutes after switch-on when some of the desktop icons are again re-written and running program icons start to appear alongside the clock.

    It takes a bout 6 minutes from switch-on until things seem to have settled down - disc activity l.e.d. off.

    Windows Task Manager shows CPU Usage fluctuating between single digit and medium to fairly high two digit readings.

    Google browser can take a couple of minutes to initially open, and there are often multiple entries of chrome.exe in task manager.

    I have followed the instructions in the Read Me First post.

    While RogueKiller was running it opened up a page on its site saying that "If you land here from RogueKiller…
    …This is because RogueKiller has detected a SSDT hook."

    Its log was not on the desktop, but in Documents and Settings/All Users/Application Data/RogueKiller/Log.

    Malwarebytes scan found nothing and closed itself down before I could find a log. No log in Malwrebytes folder on C drive.

    TDSSkiller found no threats, 2 traces.

    HitmanPro no traces.

    MGtools produced its zip file but the command window stayed open, see "screen2" attachment.

    I don't remember at what point in the proceedings "screen1" appeared but I shall attach it, once this post has been despatched, in case it is relevant.
     

    Attached Files:

    dmb06851, Dec 19, 2014
    #1
  2. dmb06851

    dmb06851 Specialist

    Re: Malware or not? Can't decide. Other screenshaot

    I thought I had already sent this ......
     

    Attached Files:

    dmb06851, Dec 19, 2014
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I will check your logs and get back to you. ( Have an errand to run ). ;)

    Are you using a proxy server?
    After a quick look, I am not seeing any malware. You have remnants from different AV software installed. We will remove them when I get back. In the meantime, I suggest you post in the software forum for additional assistance.

    I will get back with you when I return.
     
    Last edited: Dec 19, 2014
    TimW, Dec 19, 2014
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to delete these:
    C:\Documents and Settings\user1\Application Data\Panda Security
    C:\Documents and Settings\All Users\Application Data\McAfee
    C:\Program Files\Avira
     
    TimW, Dec 19, 2014
    #4
  5. dmb06851

    dmb06851 Specialist

    Thank you TimW , they have been deleted.

    No, I'm not using a proxy server.
     
    dmb06851, Dec 19, 2014
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then I can only suggest that you post in the software forum.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Dec 19, 2014
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds