Computer running slowly after removing virus received via msn messenger.

Welcome to Major Geeks!

Did you just install Spy Sweeper to help cleanup these probems? Is it a paid version or a free trial version? It can be very resource intensive which will slow many PCs down.

How much RAM do you have and what processor type do you have and what speed?


You don't really have any malware problems. Do the below which will help a little but SpySweeper could still be your problem. The below could help improve the issues with SpySweeper though since we have seen it have issues with the Sun Java BHO.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

After clicking Fix, exit HJT.


Did doing any of this help?

 

Including uninstalling Spy Sweeper?




Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
C:\Documents and Settings\Scott\Start Menu\Programs\Startup\services.lnk

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Any change to your status? If not, follow the instructions in the below link and attach the GMER log.

Running GMER to detect rootkits

 

Did you copy everything in the quote box?? Including the first line which is Files to delete:

 

Most of the remaining issues could be due to what you are running but I did see something else in your GMER log that is suspicious. We will work on that further down.

Why are you running eMule while trying to fix this? It will slow your PC down too.

The below may be using a load of resources. How do things look if you don't load this at startup?
CCC (C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe)


Now print the below instructions because at a point during them you MUST (this is can be critical) shutdown all browsers. I will tell you when to exit the browsers during the muti-part procedure.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktip or the below will not work. Do not run it!
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have the below icons on your Desktop (double click the thumbnail to expand it)

• Now refer to the above image and use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.



Now run Ccleaner!


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from ComboFix.

Make sure you tell me how things are working now!

 

Sorry. I forgot to rename the ComboFix-do.txt file to CFscript.txt . I just edited the procedure to put in the correct name. Run it again and this time create the CFscript.txt file which was what I intended to do.

 

Just one more item to remove and then we are finished with cleaning.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

That's good. We are finished with your malware removal. Everything else that may be impacting your speed is just what you are running. You will have to decide whether you need all the other processes/software and either uninstall them or stop them from loading if they are unnecessary.

 

You're welcome. Surf safely!