Malware Problem - Request for help (logs attached)

Discussion in 'Malware Help (A Specialist Will Reply)' started by Richy Rich, May 7, 2010.

  1. Richy Rich

    Richy Rich Private E-2

    Hi

    Firstly thanks for all the advice on malware removal on the board. It has been a great help.

    However I still have a persistent problem and I wonder if someone can help.

    I followed the procedures and the logs are attached. As I wasn't able to post to board until now I've also used findykill and those logs are attached also.

    Here is an outline of what happened:

    - On tuesday I tured on my laptop for the first time in 6 weeks. I used it for some emails and then shutdown. Before this it had always worked perfectly and was very quick. Windows downloaded its patches when I shutdown.
    - The next day when I turned the machine on it got stuck in a loop as it reached the desktop. I had to do a hard reset several times to end the loop and eventually it got through to the desktop.
    - There was obviously a problem and the CPU was 100 per cent before any apps had been started. Looking at my taskmanager I thought that there might be a conflict between Rapport (banking software) and F-Secure so I removed Rapport and disabled F-Secure. This didn't help.
    - It was at this point I realised that my keyboard was partially disabled and it has been ever since. I am typing this in SAfe Mode. Also the CPU is stuck at 100 per cent all the time though again not in SAfe Mode.
    - I then ran F-Secure and it found bagle and gemini but didn't clean it.
    - I then downloaded Kasperky and ran that. It found about a dozen infections cleaning 8 of them. The other 4 I deleted or in the case of system restore I turned off.
    - The problems of the disabled keyboard and 100 per cent CPU remained. The keyboard would nearly always work for the first 30 seconds after start up and then very periodically after that or sometimes complete nothing.
    - I contacted F-Secure support who ran several scans of my computer. These found nothing though it did find and clean bagle in between scans.
    - I then followed the procedures on the board and the logs are attached.
    - As I wasn't able to post due to the keyboard not working after my four scans (which ran successfully) I uninstalled firefox completely and turned off the hibernation function to remove that respective file as I had seen these come up in the logs.
    - The issues remained so I ran Findy Kill research and deletion and the logs for those are attached.
    - After running Findy Kill the machine feels more precarious than ever as on start up and shutdown it hangs on the blue screen for a long time (2 to 3minutes) and I fear the blue screen of death. I am tempeted to do a sytem restore.
    - It was at this point I remembered that the recovery console had been downloaded and booted up safe mode with networking which seems to work fine. Both keyboard and CPU are normal here. I've been back to normal mode though and the problems still remain.

    Any advice in getting the machine back to normal would be most appreaciated.

    best wishes

    Richy Rich
     

    Attached Files:

    Richy Rich, May 7, 2010
    #1
  2. Richy Rich

    Richy Rich Private E-2

    Here are the remaining logs. Apologies for lack of clarity on the naming of the files but with the keyboard not working it wasn't possible to always names them accurately.

    thanks again in advance for your help.

    Rich
     

    Attached Files:

    Richy Rich, May 7, 2010
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm not sure exactly what procedure you are following but you should have been following this: READ & RUN ME FIRST. Malware Removal Guide


    Please attach the missing requested from MGtools ( that is the C:\MGlogs.zip file )


    Exactly what problem are you still having? Don't tell me what problems you previously had. I just want to know what problems you still have.
     
    chaslang, May 7, 2010
    #3
  4. Richy Rich

    Richy Rich Private E-2

    Thanks for your welcome chaslang.

    Missing MG tools log is attached.

    Yes, I followed the READ & RUN ME FIRST. Malware Removal Guide. However since I wasn't able to post my logs I went a little further with Findy Kill and removed a few files myself.

    Current problems are (in normal mode):

    - Keyboard does not work. This is either completely or one character every 5-10 minutes or so. However after start up I can probably get a dozen characters out on notepad before it is disabled.

    - CPU stuck at 100 per cent or near 100 per cent from start up.

    - Hangs on blue screen at start up and shutdown. (This is not a problem, more a concern.)

    Thanks again

    Rich
     

    Attached Files:

    Richy Rich, May 8, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on your logs, the remaining problems are not related to malware. More likely they are related to drivers or other software that you load. Especially since they do not happen in safe mode. You will have to debug this in the Hardware Forum by trying to isolate which drivers and process load during startup.

    Report in the Hardware Forum if any processe are using a lot of CPU time. Do not report System Idle process since it is not a process. It is just a report of the PCs idle time and should be very high under normal conditions.


    Since you are not having malware problems, it is time to do our final steps. I'm not toggling System Restore since it is an option you may wish to try.
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, May 9, 2010
    #5
  6. Richy Rich

    Richy Rich Private E-2

    Thanks very much for your time and efforts Chaslang.

    It is helpful to know that I have a clean bill of health.

    I fear in my initial efforts to eradicate the malware I may have damaged the registry and/or system files and I may now have to re-format my C drive.

    Thanks again and best wishes.

    Rich
     
    Richy Rich, May 11, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, May 12, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds