MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-14-05, 13:33
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default mystery file?

Hi, I have done all that you said in the tutuorial up to running HiJack This and am ready to post a log file. What I did before removed a registry key for side step but there is still a tab in my internet explorer bar under view, toolbar, sidestep. I need help to remove this. Symptoms that led me into this: almost imossible to shut down computer-Windows 98, always sounds like something else is signing on and signing off, desktop is rearranged and things just disappear including wallpaper screensaver, when I tried to run defrag it said couldn't run because disk was corrupted, when I tried to run scan disk it said a system file was missing. Each day running the computer is more difficult to run. When I was running the scanner a message popped up and said, "scanner is calibrating, do not open cover, will take one minute" After that, everything I scanned to fax, the faxed part was solid black. Eventually scanner quit altogether and had to be reinstalled. When I was using lotus to type a paper, a message popped up and said something about a better version, did I want to save, and when I said yes, my good version disappeared forever and I was left with an older incomplete version. It's like having gremlins inside the computer all the time.
Finally, the MYSTERY FILE! And no I'm not hallucinating but I was drinking a beer at the time...I needed to print a copy of a tax form stored in My Documents. a message came on and said,"Cannot print, not enough memory. Please close other things running but nothing else was running. Thinking this was a printer glich I tried moving the file other places, including sending it as an e-mail to myself. At first when the file would come in , it would read done but there was nothing there like it was invisible. This happened several different places. Later, when I went back and checked it again, the file was there. Finally, I thought of just trying to pick it up in my fax machine, Ring Central, because ultimately I wanted to fax it out anyway. I went to get it with Ring Central and a message said,"There is no attachment with this file, do you want to open it in Notepad, I said yes, it said, The file is too large, do you want to use wordpad, I said yes and so it starting loading. 700 pages later, I shut it down, afraid it might take over my whole computer. So then, I went to wordpad and opened the file. It was all in coded symbols. Millions of them. I started to print it in my Canon and almost every line of symbols represents a different page, some pages have nothing at all on them, some just one square symbol, and some as many as 12 lines of code. I have no idea how many pages are hiding behind this one file or where it came from? I haven't deleted it because I want to find out what it is and what it's ramifications are. Any takers out there? I tried to load it onto a diskette and again there was nothing there. Thanks for any help. Hurry, before my computer doesn't work at all. IceMaiden from the land of ice where it was 18 below zero last nignt! brrr...
Reply With Quote
Sponsored links
  #2  
Old 01-14-05, 21:47
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Question I'm ready to send my hijack this log file

Why is no one responding to my posting? Did I do something wrong? I thought that I had done everything in the tutorial that you said to do first, and I have run HiJack this 1.99. See my posting earlier today for more information.
Thanks, IceMaiden
and if I am posting incorrectly, please let me know.:
Reply With Quote
  #3  
Old 01-14-05, 22:37
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: I'm ready to send my hijack this log file

Please attach your HJT log. There are only a couple of us offering advice here and we lost you in the shuffle - Sorry

I merged your threads so we won't get confused.

PP
Reply With Quote
  #4  
Old 01-15-05, 13:39
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

I am having trouble attaching my log file. It said my Fix Autoupder.exe file is missing. So I printed and then rescanned the logs into bitmap because that was one of the file formats that you could upload but so far, I push upload files and it says it is it is uploading but I wait and wait and nothing happens. I don't think bitmap is a very good format but you don't accept tif. Can you tell me what I am doing wrong here or a shortcut to getting those log files to you. I'm not very adept at working between files. Thanks so much for offering to help me. I know I shouldn't have named myself IceMaiden. It's 35 below zero here now.
Reply With Quote
  #5  
Old 01-15-05, 14:39
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: I'm ready to send my hijack this log file

Thank you so much for offering to help me. Sorry I'm having trouble attaching the log file.
Reply With Quote
Sponsored links
  #6  
Old 01-15-05, 14:41
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: I'm ready to send my hijack this log file

I think I did it but I don't know if you wlil be able to read it. Thanks for being patient! IceMaiden
Attached Files
File Type: log hijack this.log (5.7 KB, 9 views)
Reply With Quote
  #7  
Old 01-15-05, 15:58
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: Mystery File / I'm ready to send my hijack this log file

Hi IceMaiden,

I am (happy? / sorry?) to say that I do not see anything terribly evil in your HJT log. At least nothing that would cause the kinds of problems you describe.

There are a few lines that can be fixed with HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL (file missing)

But they are not causing the problem.

O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE ---> This is legitimate, but makes me wonder. Please take a look at this link: http://support.microsoft.com/?kbid=831426
Could it be that this is running?

I think you can pretty much rule out Malware as a cause for this problem.
Perhaps you ought to ask the guys in the Hardware forum for an opinion?


Let me know what you think. I will try to check back tonight, but my weekend is busy and may not be able to hit this forum until Sunday Night.

PP
Reply With Quote
  #8  
Old 01-15-05, 20:14
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

Thanks so much. I will look at all of this and get back to you. IM
Reply With Quote
  #9  
Old 01-16-05, 16:56
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

I fixed the items you said to fix with HiJack This.I uninstalled ConfigSafe. It came bundled with the computer and I never liked it anyway. I went to the page you said on Microsoft. I have Win98 not XP but it gave me the idea anyway and so I went and disabled for the time being all of the maintenance programs that were scheduled to run at all different times. I think you are right that there is something wrong with the hard drive and I will talk to those guys but I still don't feel completely sure that there isn't some, yet undetected malware hidden in there. I will try to be more specific and list problems.
1.My task bar and startup bar keep changing.
2.Something is changing my desktop and taking things away.
3.Sidestep is still in my explorer bar- Go to View-Explorer Bar-Sidestep(I would like to learn how to remove this)
4. The file that has over 700 pages of symbols that I can't read when it should only be a one page file stored in My Documents. (Please refer to 1st posting)
5. I still can't shut down properly.
I have since run a-squared but it found nothing. I would like to run the ADS
scan if someone would be able to help me interpret it.
Thanks again for help.
Reply With Quote
  #10  
Old 01-16-05, 18:41
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: Mystery File / I'm ready to send my hijack this log file

Hi IM,

Did you remove SideStep via Add/Remove Programs?

Did you remove the SideStep files from Program Files Folder & search for any other instances? That BHO you removed was SideStep related.

You should remove these via HJT if they are not desired:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.traffer.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.traffer.ru


I also wonder about TextBridge:

O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

Has this caused any issues?

If you like, please unzip this tool to the folder of your choice and run Find.bat I doubt it will find anything, but we'll see.

Find It 9x/ME

Then, attach that log and a fresh HijackThis log and we'll take another look. I am not sure I'll be much help here - Not too familiar with Windows98. Definitely think things are cattawumpas, but not sure if Malware to blame!

PP
Reply With Quote
Sponsored links
  #11  
Old 01-19-05, 00:10
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

Yes, I did remove Sidestep with add/remove but I am not sure if I used that tool the first time I tried to remove it but I know I did later on. I also removed it with EasyCleaner because when I ran Easy Cleaner there was still an entry there for Sidestep. I was able to remove the entry from Easy Cleaner's add/remove but there is still an entry for Sidestep in my explorer bar and there is still an entry that I can't delete
in my Windows Add/Remove Programs. I removed the two entries with HiJack
that you suggested removing and I also removed TextBridge altogether. I had tried to use it not long before I had the trouble with the scanner.I couldn't get Textbridge to work properly and I don't know where it came from so I uninstalled just uninstalled it. I ran the Find it9x/Me and I have attached a log and a new hiJack this log. Nothing has rearranged my desktop in the last two days or changed my start bar. However, I still can't shut down properly. It ends up going to a screen with strings on it that looks like the matrix and I have to finally use the shutdown button on back of the computer and then turn it back on to get anywhere.

You haven't commented yet on the weird file. Thanks, IceMaiden
Attached Files
File Type: txt New Text Document (3).txt (3.7 KB, 5 views)
File Type: log hijackthis1.log (4.3 KB, 4 views)
Reply With Quote
  #12  
Old 01-19-05, 00:46
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: Mystery File / I'm ready to send my hijack this log file

Quote:
Originally Posted by IceMaiden
Nothing has rearranged my desktop in the last two days or changed my start bar. However, I still can't shut down properly. It ends up going to a screen with strings on it that looks like the matrix and I have to finally use the shutdown button on back of the computer and then turn it back on to get anywhere.

You haven't commented yet on the weird file. Thanks, IceMaiden
I have no idea what the weird file could be. . .
The two logs show nothing to be alarmed about. I do not see the cause of your problems there.
The problem at shutdown could be an OS issue. Certainly seems more likely to be Software related than Hardware. I'm sorry to say that it may be beyond my meager abilities to diagnose the problem long-distance via this forum.

I am going to leave a message with one of our more knowledgeable members to see if he can offer an opinion as to how to proceed.
Hang in there!

PP
Reply With Quote
  #13  
Old 01-19-05, 01:57
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,669
Thanks: 62
Thanked 7,790 Times in 4,224 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

Win9x shutdown issues were notorious. There were many reasons for having shutdown problems. You should search on MS Knowledgebase.

Here is one link: How to troubleshoot Windows 98 shutdown problems

Here is a list of other possibly related issues:
http://support.microsoft.com/search/...2&ast=3&mode=a


Your last HJT log looks like it was from safe mode. You need to post logs from normal boot mode.

As far as this file you mentioned. Perhaps it is just a binary file that is not supposed to be print. What is the full file name (including the 3 character extension at the end)?
Maybe it's a PDF file or a file that was created for Postscript printers.

One thing I noticed (and I don't know if it has been mentioned), you way out of date with your Internet Explorer updates. Obviously Win98 itself is old, but are you also out of date with you Win98 updates? (Is this a cause of all your problems. No not necessarily. But being that out of date is a severe security risk). You should go here and check for updates: Windows Update
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 01-19-05, 02:38
Turcoloco's Avatar
Turcoloco Turcoloco is offline
Major Geek
 
Join Date: Jul 2004
Location: Phoenix, AZ
Posts: 1,161
Thanks: 0
Thanked 1 Time in 1 Post
Cool Re: Mystery File / I'm ready to send my hijack this log file

I was amazed with the extra effort PP has shown, great work PP and I must admit I read the whole thread ( :: my eyes hurt) and I have to admit my thoughts swang from virus to HW to SW to virus to HW back to....this would honestly be where I personally would draw the line and re-install the OS (I can hear Kodo's and PP's screams already) but let's troubleshoot this problem a bit and see if I can provide some help:

First off, download Startup Control Panel right from MajorGeeks and for our troubleshooting purposes, disable (meaning UNcheck the boxes so they appear 'clear') each and every startup entry on each page (except of course the 'Deleted' page). This way if the problem still continues then simply re-checking the related boxes would re-enable the startup entries though in my opinion no program has to start along with Windows except a real-time virus scanner if one was installed. After disabling all the entries (yes try all please), then reboot then try to shutdown and see what happens.

If Windows shutdown problem still exist then try this:
download the Windows98se shutdown supplement from M$ site and install it to see if it remedy your problem. To download click on 'Next' on the page that opens up from that link, once downloaded to your machines double-click on run the patch. Let us know how it went afterwards.
Reply With Quote
  #15  
Old 01-20-05, 00:16
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

IT's A Miracle! I did the Start-up Control Panel and unchecked everything. I was able to shut down and start back up for the first time in weeks. I will look at everything else suggested by you and Chaslang tomorrow. My poor tired brain might mess up something serious, if I try it tonight. And you're right PP did a wonderful job of working on this. Thanks so much, IceMaiden
Reply With Quote
Sponsored links
  #16  
Old 01-20-05, 00:30
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: Mystery File / I'm ready to send my hijack this log file

Quote:
Originally Posted by IceMaiden
And you're right PP did a wonderful job of working on this. Thanks so much, IceMaiden
That's nice of you to say, but PP was pretty easily stumped on this one! Fortunately, I'm not to proud to ask smart guys like Turcoloco for help Hopefully you guys will work this one out!

Best luck
PP
Reply With Quote
  #17  
Old 01-20-05, 03:41
Turcoloco's Avatar
Turcoloco Turcoloco is offline
Major Geek
 
Join Date: Jul 2004
Location: Phoenix, AZ
Posts: 1,161
Thanks: 0
Thanked 1 Time in 1 Post
Cool Re: Mystery File / I'm ready to send my hijack this log file

Quote:
Originally Posted by IceMaiden
IT's A Miracle! I did the Start-up Control Panel and unchecked everything. I was able to shut down and start back up for the first time in weeks. I will look at everything else suggested by you and Chaslang tomorrow. My poor tired brain might mess up something serious, if I try it tonight. And you're right PP did a wonderful job of working on this. Thanks so much, IceMaiden
Good Job Maiden! Great teamwork, huh? Anyhow, I'd suggest you leave everything unchecked the way they are...not only the system will shutdown (shutdown faster) but also the startup times would be quicker as well. Your programs should still start and run the same way regardless.

My take on the cause: a problematic process running in the background and locking the thread not letting the kernel end it, it could also be a device driver most commonly for modems but since you didn't havethe problem occruing after connecting to internet via dial-up that was obviously not the case! I am guessing it was the real-time virus scanner or one of the internet filtering/security programs I recall seeing on the HJT list.

Follow Chas' instructions for the other problem and repost again letting us know what is still a problem (if any).
Take care.
Reply With Quote
  #18  
Old 01-23-05, 20:54
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

I am attaching my Hijack This file from normal mode. Sorry, I was confused and thought it was supposed to be from safe. I am slowly going through the steps you suggested with Microsoft TroubleShooter. And it is very slow for a "wannabe geek"! I declared my miracle too soon. It was fine when I added Nortons 2005 back into start-up but failed to shut down when I reinstalled my Canon Scanner. Maybe, I will find out it is only the scanner. Will post back when I determine something or need more help. Thanks so much. IceMaiden
P.S. I still would like to remove that Sidestep bar from Explorer Toolbar. I know it can be done because someone helped me removed one a year ago. I haven't been able to find the record of that posting.
Attached Files
File Type: log HiJackThis3.log (3.5 KB, 2 views)
Reply With Quote
  #19  
Old 01-23-05, 23:09
IceMaiden IceMaiden is offline
Private First Class
 
Join Date: Jan 2004
Posts: 87
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

Now I am attaching the log from FindThis from normal boot mode. I am curious about the entry with Troj in them. They look suspicious to me.
Thanks, IceMaiden
Reply With Quote
  #20  
Old 01-23-05, 23:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,669
Thanks: 62
Thanked 7,790 Times in 4,224 Posts
Default Re: Mystery File / I'm ready to send my hijack this log file

You need to do what I mentioned way back in message #13. Without doing this, you are going to keep having problems! Do it now!

Quote:
One thing I noticed (and I don't know if it has been mentioned), you way out of date with your Internet Explorer updates. Obviously Win98 itself is old, but are you also out of date with you Win98 updates? (Is this a cause of all your problems. No not necessarily. But being that out of date is a severe security risk). You should go here and check for updates: Windows Update
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:25.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger