Computer Cutting Off

Discussion in 'Malware Help (A Specialist Will Reply)' started by sunnyred, Jun 29, 2010.

  1. sunnyred

    sunnyred Private E-2

    About a year ago, my computer had started to cut off randomly, but usually after it had been on for several hours. Now it is happening more frequently.

    There were some viruses found on my computer by AVG and Malwarebytes that had gotten there when I was going to free music download sites a couple of months ago. I continued to scan every few days and it seemed like viruses just continued to appear.

    Last week, AVG picked up a trojan horse called (something)17.BEMO that it couldn't remove. I searched on the AVG forum for what to do and it said to uninstall and reinstall AVG. So I did this, and scanned again and it found nothing. I wasn't convinced that nothing was there. I saw in this thread on the forum to download and run GMER so I did that and it picked up "cydwn". When I clicked "remove" it said that removing this file may cause the system to crash, so I did not remove it. Instead I did a web search on what to do and found myself here.

    I went through the steps you instructed on "Read and Run Me First" and I am stuck at the "Vista Cleanup" section. I have downloaded and installed the anti-malware programs. I have been trying to run SUPERAntispyware for two days. It starts to scan, and then after a half hour or so the computer shuts off again. It just turns off by itself and doesn't actually shut down.

    Some info you might want:

    This is a Dell Inspiron Notebook Model# 1501 purchased in May 2007. It runs on Vista. It has 1.5 gigs of memory. It is a 32 bit processor. I am currently using Ntelos wireless as my internet provider.

    Please help.

    Thanks,
    Christine
     
    sunnyred, Jun 29, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Quote from the Read and run me first:
     
    Kestrel13!, Jun 29, 2010
    #2
  3. sunnyred

    sunnyred Private E-2

    I finally finished running the scans. Attaching the logs. It did cut off quite a bit and that's why it took so long. I did think that perhaps the computer was overheating and my cooling pad was insufficient so I elevated the computer on a milk crate so now it has lots of air underneath it. It isn't cutting off quite as often, but it still cuts off.

    I noticed my computer running much faster after running combofix, and that program also was able to delete the "cwdyn" file that GMER had picked up. I did run Rootrepeal, however was not able to get a log. A message popped up saying "Could not read our index block", and I clicked okay, and then the program closed. When I reopened it, there was no data to save to a log. But I was able to run everything else and get logs. I am not sure if the .BEMO file is gone; as I have not run my antivirus since I started this process because it was not listed in the instructions. I only did what was listed in the instructions. I will not do anything else until I receive further instructions from you. Thank you for your help!

    Also, I did disable Spybot Search & Destroy when I ran combofix, but for some reason it shows it as still running. One more thing, (and this is a little embarassing) but my husband goes to porn sites and that could be where the viruses are coming from as well.
     

    Attached Files:

    sunnyred, Jul 4, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Overheating issues will have to be worked out in the Hardware Forum.

    No! Combofix did not delete this. It merely show registry entry related to it. We will remove it below.

    Uninstall the below old versions of software:
    Java(TM) SE Runtime Environment 6


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 4, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Thanks for replying Chas. I had half a day off yesterday and I was out.
     
    Kestrel13!, Jul 5, 2010
    #5
  6. sunnyred

    sunnyred Private E-2

    Thank you for your help. The logs are attached. The computer is running much faster now. Do you know if the virus (something).BEMO is gone?
     

    Attached Files:

    sunnyred, Jul 5, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps given below. Do not run any other scans (like with your antivirus) until you have completed 100% of the below.
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jul 5, 2010
    #7
  8. sunnyred

    sunnyred Private E-2

    Thanks again for your help. The computer speed is fine now, but it still cuts off, which I guess is caused by overheating and not by a virus?

    I'm in the process of following your instructions for resetting my computer, and I was wondering how to uninstall Rootrepeal.exe. Also there is a file on my desktop called settings.dat; what do I do with it?

    Thanks.
     
    sunnyred, Jul 6, 2010
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Correct.

    Just finish the final instructions and after running MGclean.bat, they should be gone along with many other things. ;)
     
    chaslang, Jul 7, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds