Malware

I'm in trouble.

I tried to follow the guidance in the Malware Removal Guide: identified and deleted a number of infected files. Some still left on the system

Unable to go on-line while in SafeMode+Networking, so had to go out live.

Bitdefender worked OK: several viruses identified.
Active Scan crashed out 2/3 through so unable to generate a text report.

Hijack seemed to work OK.

Did not restore system as there was evidence of continued infection.

What do I do now ? Try the whole thing again ?

Help and advice very welcome.

Bill

 

I was originally working through Fixya web-site who recommended I contact you re the problem. Here is the correspondence. Advice would be really welcome !

Problem:
posted by regimra on Apr 01, 2007
Report abuse

I've just bought a new monitor. I use MS XP.

When not in use the screen freezes with an egg-timer in the middle. I have to reboot each time in order to free it up.

I've checked the power-off in Control Panel - OK.
I've down loaded the correct driver.

The previous 'older' tube monitor worked fine: problems have arisen since installing this one.

Can you help ?

Bill

Comment by regimra, posted on Apr 01, 2007

Thanks for your comments. You are clearly correct - it cannot be a monitor matter, the same thing occurred when I reconnected my old one. However, I have run a full virus check with up-to-date checker (Norton 2007), I have cleaned up the HD, got rid of unnecessary files,(I have yet to defrag); I have tried (without success) to restore the system to a point some 2 weeks ago. For some reason it could not do it. So I am still left with the problem.

If the computer is left running for, say, 5-10 minutes, the screen goes blank, the mouse is inoperative, and there is that damned egg-timer in the middle of a blank screen. The only way out of this is to re-boot.

One thing which may help you advise further is that I can forestall the crash by constantly moving the mouse. (I sat and read a book for some 3 hours, with the mouse in my hand !). That way, the system stays 'up'.

Any further ideas, please ?
Comment by regimra, posted on Apr 02, 2007

Hi cousin !

Thanks very much for the careful advice. Much appreciated !

I've done all that and it has cured the screen freeze problem - without any evidence of the egg-timer.

I will go carefully through the Malware procedures as suggested, but it does look very 'techy' so it will be a very careful expedition on my part. I have one further complication which has arisen and which I am negotiating with MS support over. For some reason I am now getting an error message indicating a failure to load document viewer, together with a similar one to do with MS.Net Framework. There is a download dealing (I think) with the latter, but it has failed twice to download successfully - hence the contact with MS Tech Support.

If you have a view on that I'd be interested.

Many thanks

Bill
Comment by regimra, posted on Apr 02, 2007

By the way: when can I (or should I) check the tick box on Hiberation in Control Panel Display ?
Best Solution
posted on Apr 01, 2007
Excellent (5)

printerhater
By Master printerhater
Rank: Master
Rating: 78.82%, 17 votes

The hourglass / egg-timer you're seeing has NOTHING to do with your new monitor. It is an indication that some program (possibly something NASTY) is running and using the CPU. While the CPU is tied up by the (possibly unknown) program, Windows displays the hourglass so you will know that the system is busy...

First, update your antivirus program, then use it to scan your ENTIRE hard drive; this could take HOURS, so you might want to let the AV program work all night. If you don't have an AV program, you can do an online scan of your system in order to find the culprit; open Internet Explorer, then open this link:

http://housecall.trendmicro.com

Run the FREE online scan; again, this could take HOURS to finish, so you might want to let it run all night to see if the problem can be resolved...

There are OTHER types of nasty software ("malware") which could have the same effect on your system, so if you can't find the source of the problem, open these links for more information:

http://forums.majorgeeks.com/showthread....

http://forums.majorgeeks.com/showthread....

I realize that this probably isn't what you expected, but at least now you know what is most likely to be causing this problem, and the links I've posted can help you correct this problem...

Lastly, this COULD be caused by a program you (or someone else with access to your system) has intentionally installed, but you didn't mention adding any software recently, and I think it is best to atacck this problem head-on. Best of luck; let us know what you learn...

Comment by printerhater, posted on Apr 02, 2007

Moving the mouse keeps the CPU busy updating the position of the mouse pointer (AKA the cursor), which prevents the unknown program from taking control of your system...

Open Control Panel, and click on the Display icon. When the Display Properties open, click on the Screen Saver tab. Next, click on the Power button. Look on the Power Schemes tab; set your system to the "Home/Office Desk" option, then set the "Turn off monitor", "Turn off hard disks", and "System standby" options to "NEVER". Next, click the "Apply" button, then click on the "Hibernate" tab. Make sure the "Enable Hibernation" box is NOT checked; if there is a checkmark in the box, use the mouse to remove it, then click the "Apply" button again, then click the "OK" buttons, and finally, close the Control Panel. Once you're back to the Desktop, test the system to see if the monitor still goes blank, and if the hourglass reappears. The monitor SHOULD remain active, though I suspect you will still see the hourglass... Making these changes will eliminate the chance that Windows itself is responsible for blanking the monitor (for power-saving purposes), though you'll still have to deal with whatever program is causing the hourglass to appear...

Since you've scanned the system with your AV program and found no problems, the odds are that your system is infected with a "malware" program which the AV program cannot detect, which is why I suggested following the steps listed on those MajorGeeks.com webpages to try to disinfect your system. As a general rule, antivirus programs are NOT designed to solve the type of problem you're experiencing, but it was best to begin this process by scanning your computer with an AV program to rule out the worst-case scenario, which you've done.

I hate to tell you this, but I suspect that you're going to have to follow the steps listed on the MajorGeeks webpages here:

http://forums.majorgeeks.com/showthread....

and here:

http://forums.majorgeeks.com/showthread....

to find and eliminate the rogue program (or programS) which are causing the problems you've described. I KNOW that it seems like a LOT of work, but it is the BEST method I've ever found for fixing the types of problems you're experiencing... I get paid to repair computers, and I can attest to the effectiveness of the methods used by the advisory staff at MajorGeeks.com; their procedures are as thorough as any you'll find, and the advice they provide is outstanding. I use their methods to clean (and protect) the infected systems I encounter each week, and I can only hope you'll take my advice here and begin the system disinfection process they recommend, so you will have the peace of mind of knowing that your system has been properly scanned, cleaned, and protected...

 

Thanks for your time. Much appreciated.

Logs attached.

Various viruses identified, as you will see. Big mail-box hi-jack problem and much slowness of response.

You're talking with a computer-illiterate here, so step by step help would be very helpful.

Bill

I've uploaded all the reports I have: will you need any more ?

 

I've done all that - at least I think that the registry merge was carried out OK.

I'm not sure what changes I should have seen.

Bill

 

You're very patient: thanks.

Registry patch successfully added now: Message displayed "successful entry on registry..."

F:\WINDOWS\BBStore deleted

The original malware symptom of screen freezing, eggti8mer displayed, mouse inoperative, needing to reboot in order to carry on - all of that has gone. But I'm still getting evidence through email of misuse of addressbook.

I inadvertently copied the registry patch first time into another folder - not desktop. Repeated in to desk-top and carried out the patch procedure. I assume it is OK to delete the unused copy from the other folder.

HJT, ShowNew logs attached.


Appreciate all this !

Bill

 

Log attached. It seems OK

Life seems very slow on this machine: e.g. several seconds to change pages within MS Excel.

Also, I have now got a registry problem : Fatal error 1606 MSI selfinstallingportmonitor which is to do with re-installing my printer (one of the casualties of the recent virus attack). Checking the error on the HP website, it is a registry issue, which may well have occurred during our recent regedit process - do you think ?

Bill

 

Thanks Chas. I think we've chased this rabit down enough borrows !

Many thanks for your help.

Bill