MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 10-06-07, 21:50
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default How do I fix a computer offline?

Hello, This is my first post. My daughter's computer has some kind of malware that prevents me from getting on to the Internet. It goes to some security website (Udefender.com is one of them) and if I try to go to another website it puts Internet Explorer offline. Reconnecting just drives it back to the original website as the home page for Internet Explorer is reset to that, no matter what I do. So, I took the computer offline and using this computer, started to work my way through the ReadThis Before Asking file, but it has been tough. I couldn't run Spybots because it wants to have the files updated and I'm not on the Internet. I'm running CounterSpy now, but it is so slow because the malware is constantly popping up boxes (Windows Security Alert, Work Offline) and I've noticed that at times, the performance goes to 100% CPU usage and then everything just about stops. CounterSpy has been running for 45 minutes and has only scanned 25000 files. It wasn't too happy about not having an Internet connection either. What can I do to get rid of this thing so I can connect her computer back to the Internet?

David
Reply With Quote
Sponsored links
  #2  
Old 10-06-07, 22:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

Welcome to Major Geeks!

Please stop whatever you are doing right now (even though it is the READ & RUN ME) and get the below ComobFix.exe file on to your daughters PC and run the procedure given.

Download this file - combofix.exe
  1. Double click combofix.exe & follow the prompts.
  2. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply See: HOW TO: Attach Items To Your Post
Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Are things any better now? If yes, see if you can continue with the READ & RUN ME.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 10-07-07, 00:13
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

Wow, that took way longer than 10 minutes! Some of the icons from the bogus security programs have been removed and I haven't seen a popup yet. I'll see if I can get SpyBots to run now. I've attached the log.
Attached Files
File Type: txt log.txt (10.2 KB, 4 views)
Reply With Quote
  #4  
Old 10-07-07, 00:18
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

Yes that definitely removed part of your SmitFraud problem, but there could be more to do. Let me know if you can now run thru the READ & RUN ME.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 10-07-07, 00:45
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

Chaslang,
I moved my daughter's computer out of her room so I could put it next to mine. I can't seem to get her computer to recognize the wireless connection, so I'll have to move it back to her room. That's about it for tonight. Spybot won't run without the updates and all of this will be easier if I can get to the Internet on her computer. Thanks so much. I lived in Ridgewood for awhile and my sister and mother live in Summit. I've been thinking a lot about Ridgewood as it's my 40 year high school reunion.
Reply With Quote
Sponsored links
  #6  
Old 10-07-07, 17:01
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

Ok, Moved my daughter's computer back to her room. Reinstalled the software so her computer could get to the Internet through our wireless network. Updated SpyBot Search and Destroy and CounterSpy after making a connection with the Internet. Rebooted in Safe Mode and ran SpyBot S&D. It found an ALEXA object and deleted it. I couldn't figure out how to get a log from SpyBot. Ran CounterSpy. It runs differently in SafeMode on her computer, there's no tool bar. It found 24 cookies. I tried several times to get it to quarantine the cookies, but it wouldn't. It only removed them (I guess). Since there was no tool bar, I couldn't get a CounterSpy log, although I suppose I could get one if I ran it under normal boot. You tell me.

Restarted her computer in SafeMode with Networking. That didn't seem to work out as the computer never went into safe mode, it rebooted into normal mode. When I started Internet Explorer, it tried to go to ucleaner.com, the old site that started this problem. I closed it and it hasn't returned. The firewall found that a program c:\Program Files\HP....\hpqtra08.exe was trying to connect to 208.174.87.25 Port 80. I blocked it, but noticed later when I was trying to print that I couldn't from my HP printer. Does the printer need to contact the Internet to print?

I keep getting a Virtual Memory Minimum Too Low error message. Is this real or some part of the malware?

I ran Bitdefender and have attached the log. Bitdefender said it couldn't update the virus definition files, but I went ahead and scanned anyway. Bitdefender found one Trojan:Downloader which it deleted.

I don't know what was up with PandaActiveScan, but I couldn't make it work on my daughter's computer or my laptop.

Finally, I couldn't get through to majorgeeks forums on my daughter's computer, so I copied the log files to my computer and have attached them.
Attached Files
File Type: txt bdscan.txt (17.1 KB, 1 views)
File Type: txt runkeys.txt (19.0 KB, 1 views)
File Type: txt newfiles.txt (35.2 KB, 1 views)
Reply With Quote
  #7  
Old 10-08-07, 01:21
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

Quote:
Originally Posted by d_n_kuhn View Post
Ran CounterSpy. It runs differently in SafeMode on her computer, there's no tool bar. It found 24 cookies. I tried several times to get it to quarantine the cookies, but it wouldn't. It only removed them (I guess).
Cookies are not problems so don't concern yourself with them.

Please uninstall this CounterSpy trial now since we are finished with it.

Quote:
Originally Posted by d_n_kuhn View Post
The firewall found that a program c:\Program Files\HP....\hpqtra08.exe was trying to connect to 208.174.87.25 Port 80. I blocked it, but noticed later when I was trying to print that I couldn't from my HP printer. Does the printer need to contact the Internet to print?
No you printer does not need internet access to print but is your printer a network printer or is it connected directly to the PC that you are trying to print from.

hpqtra08.exe is installed alongside the drivers for Hewlett Packard Imaging devices and installs an easy-to-use traybar icon for quick access to diagnostics. This is a non-essential process. Disabling or enabling it is down to user preference.


Quote:
Originally Posted by d_n_kuhn View Post
I keep getting a Virtual Memory Minimum Too Low error message. Is this real or some part of the malware?
This is not a malware problem. You may need to adjust the size of Virtual Memory. The way to do this is
  • Click Start
  • Select Control Panel
  • System
  • Advanced tab
  • Settings button
  • then Advanced tab again
  • At the bottom of that page you will see Virtual Memory
  • Click the Change button
  • On the next page do you have the System managed size button checked.
  • If not, what are your Custom size settings and how much RAM do you have in your PC
Which antivirus do you believe you are supposed to be using? I see signs of multiple AV's. I see:
  • CA Internet Security - I expect this is what you use
  • McAfee - I expect this was uninstalled but not completely
  • Avast - I expect this was uninstalled but not completely
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"QuickTime Task"=-
"MCAgentExe"=-
"MCUpdateExe"=-
"avast!"=-
"SunJavaUpdateSched"=-
Now attach new logs from:
  1. GetRunKey
  2. ShowNew
  3. HijackThis
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #8  
Old 10-08-07, 17:18
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

Hi, Thanks for the help and pardon my "bump".

Answers to the questions in your previous e-mail.

Virtual Memory is low problem.

Virtual memory: Current settings: Paging file size 192-384 MB
Amount of RAM in computer: 130,352 Kb. (It's my wife's old computer and we can add RAM if that is an issue.)
Total paging size for all drives:
Minimum allowed: 2 MB
Recommended: 190 MB
Currently allowed: 205 MB

Current Registry size: 24 MB
Max size: 35 MB

There was no system managed button.

Under the Performance Options: It was optimized for Applications not for Background Services.

Uninstalling McAfee and Avast problem.

I had McAfee but couldn't completely uninstall it. The new CA Internet Security that I had a license for wouldn't install Anti-Virus because it detected McAfee. I installed Avast just to have an anti-virus program to do a scan early in the nightmare. I have uninstalled Avast (and CounterSpy) as advised. I actually uninstalled CAInternet Security and reinstalled it. It reinstalled with Anti-Virus this time and I ran a scan and it found 2 viruses in qoobox, which I don't recognize but it may be a part of ComboFix (thank you very much for ComboFix!).

I took the file that you sent to merge into the registry and did that. It got rid of the McAfee install error (although I saw a mention of McAfee in the HijackThis log).
Attached Files
File Type: txt runkeys.txt (18.8 KB, 1 views)
File Type: txt newfiles.txt (38.7 KB, 0 views)
File Type: log hijackthis.log (8.3 KB, 1 views)
Reply With Quote
  #9  
Old 10-08-07, 22:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

Sorry! I forgot you had Win2K. I gave you instructions for Virtual Memory on WinXP.

In reality, you do not have enough RAM to run CA Internet Security and you PC may be too slow too (but I don't know that for sure since we did not discuss processor speed). Simply put, I would recommend against using this or any other internet security suite because they are all massive resources hogs that will slow your PC down. You can bump up your Initial and Maximum page sizes (double or triple both) but you still don't have even the minimum amount of RAM recommended by CA. You really should consider uninstalling this and using some of the free tools we have available.

Quote:
Originally Posted by d_n_kuhn View Post
It reinstalled with Anti-Virus this time and I ran a scan and it found 2 viruses in qoobox, which I don't recognize but it may be a part of ComboFix (thank you very much for ComboFix!).
Yes that folder is just a backup from ComboFix.



We have more junk from McAfee to remove.
  • Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
  • On the page that opens, scroll down to McAfee Task Scheduler
  • then right click the entry, select Properties and press Stop Service.
  • When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
  • Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
    • McAfee SecurityCenter Update Manager
  • Click OK until you get back to Windows.
  • Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
  • At the lower right, click on the Config button
  • Then click the Misc tools button
  • Select Delete an NT Service
  • Copy/paste McTskshd.exe into the box that opens, and press OK
  • If you receive any error messages just ignore them and continue.
  • Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
    • mcupdmgr.exe
  • Now exit HJT and reboot when it tells you it needs to.
After reboot, attach a new HJT log.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #10  
Old 10-09-07, 21:59
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

I only loaded CA Internet Security Suite because we had it. I was surprised when the anti-virus loaded, even though there wasn't enough RAM. Any suggestions for free security programs? I already have SpyBot, I could reload avast.

I ran services.msc. I ran HijackThis (just open the program) but it never asked to reboot. I did reboot anyway and everything has been very slow since. It took forever to get to Major Geeks forum, but that could just be the firewall. I have attached the most recent HijackThis log.

Thanks again for all your help.
Attached Files
File Type: log hijackthis.log (7.8 KB, 1 views)
Reply With Quote
Sponsored links
  #11  
Old 10-10-07, 01:00
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

CA is bringing your PC to its knees. Uninstall it and use the free tools mentioned in step 11 of my final instructions give below. Remember only 1 antivirus, 1 realtime antispyware (you will see what is meant when you read this) and 1 firewall.

If you are not having any other malware problems, it is time to do our final steps:
  1. If we used Pocket Killbox during your cleanup, do the below
    • Run Pocket Killbox and select File, Cleanup, Delete All Backups
  2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
  3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
  4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
  5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
  6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
  7. If we had you run Avenger, you can delete all files related to Avenger now.
  8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
  10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  11. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #12  
Old 10-11-07, 18:47
d_n_kuhn d_n_kuhn is offline
Private E-2
 
Join Date: Oct 2007
Location: Miami, FL
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do I fix a computer offline?

Quote:
Originally Posted by chaslang View Post
CA is bringing your PC to its knees. Uninstall it and use the free tools mentioned in step 11 of my final instructions give below. Remember only 1 antivirus, 1 realtime antispyware (you will see what is meant when you read this) and 1 firewall.

If you are not having any other malware problems, it is time to do our final steps:
  1. If we used Pocket Killbox during your cleanup, do the below
    • Run Pocket Killbox and select File, Cleanup, Delete All Backups
  2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
  3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
  4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
  5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
  6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
  7. If we had you run Avenger, you can delete all files related to Avenger now.
  8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
  10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  11. After doing the above, you should work thru the below link:
Hi, I removed the combofix files and the CA Internet Security Suite. The answer to a previous question about computer speed is 800 MHz. I wanted to change the user profiles so that my daughter couldn't log in as an administrator. I deleted the administrator profile that I had done all the computer cleaning in (like an idiot) and created a regular user file for my daughter. I could log in to that file but there was no wall paper or Start menu, just a blue screen. When I went to Task Manager, there were no applications running. Not quite sure about that. Is there anyway to recover a user profile that has been deleted? All the files in Documents are still there, including the desktop where I had CCleaner and some other stuff. If I could recover that old profile, I could just change the password, so she couldn't log in. But why is there no Start menu for her account (regular user account)? I was hoping this would be my last post and I could thank you profusely for all your help. Now I have to ask for a little more, although this isn't really malware removal. I did load on avast, a squared, comodo and a spyware program which I just noticed didn't show up with an icon on my new administrative account desktop. When I see the problems others are having with their computers, I'm sobered by how relatively easy I got off. Let's hope I can fix these little problems in time for my daughter to finish her Hispanic Heritage project on Puerto Rico.
Reply With Quote
  #13  
Old 10-11-07, 20:42
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,259
Thanks: 61
Thanked 7,623 Times in 4,105 Posts
Default Re: How do I fix a computer offline?

Quote:
Originally Posted by d_n_kuhn View Post
The answer to a previous question about computer speed is 800 MHz.
On the very slow side in this day and age but should be okay for Win2K. You should added as much RAM as possible though.

Quote:
Originally Posted by d_n_kuhn View Post
I wanted to change the user profiles so that my daughter couldn't log in as an administrator. I deleted the administrator profile that I had done all the computer cleaning in (like an idiot) and created a regular user file for my daughter.
All you had to do was change your daughter's account type. Do you mean you deleted the user account name Administrator that only shows in safe boot mode?


Quote:
Originally Posted by d_n_kuhn View Post
I could log in to that file but there was no wall paper or Start menu, just a blue screen.
You mean user account not file. What account do you mean? Your daughters?

Quote:
Originally Posted by d_n_kuhn View Post
When I went to Task Manager, there were no applications running. Not quite sure about that. Is there anyway to recover a user profile that has been deleted?
No!

Quote:
Originally Posted by d_n_kuhn View Post
All the files in Documents are still there, including the desktop where I had CCleaner and some other stuff. If I could recover that old profile, I could just change the password, so she couldn't log in. But why is there no Start menu for her account (regular user account)?
You need to clarify exactly what you have done. I'm not following you. Did you delete your daughter's user account or did you delete some other account with administrator priviledges. If you deleted your daughters, it is gone. You should backup all files for that user account and then you could try, just creating the same user account again. It will not have everything that was in the old account since the registry files were most likely removed so you may need to reinstall various things she needs.

Quote:
Originally Posted by d_n_kuhn View Post
I'm sobered by how relatively easy I got off. Let's hope I can fix these little problems in time for my daughter to finish her Hispanic Heritage project on Puerto Rico.
I reemphasize to make sure you make backups of her files so that nothing is lost while trying to get a new user account created.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why Does my computer kick into the Work Offline Mode? helpneeded Malware Removal 1 02-20-07 11:56
Offline crash Whovian33 Software 14 08-07-05 21:24
Offline crash Whovian33 Malware Removal 5 03-30-05 13:56
gamma download for offline computer paisleydaisy Software 4 01-11-05 01:40


All times are GMT -5. The time now is 04:16.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger