Malware- Jpew- 2017-05-10

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by manilka835, May 9, 2017.

  1. manilka835

    manilka835 Specialist

    When the Computer is turned on, it freezes after the appearance of the desktop background before the appearance of the desktop ions. The Computer functioned in the SafeMode.


    Thereafter, I ran READ & RUN ME FIRST Malware Removal Guide Procedure in Safe Mode, to check whether there were any threats.

    The logs are attached herewith. The Hitman Pro Log could not be obtained due to the closure of the programme upon obtaining the log. However, no threat was detected by it.

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (NTRL/Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Proud to be a Sri Lankan!
     

    Attached Files:

    manilka835, May 9, 2017
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is more than likely not a malware problem. This PC is running a very old, out of date, and unsupported operating system (Win XP SP3 ). In addition, it has too little memory to even run it properly. Logs show:
    Code:
    Total Physical Memory 512.00 MB 
Available Physical Memory 262.42 MB
    And to make things worse there are too many protection programs installed and running. I see all of the below:
    • Bitdefender Antivirus Free Edition
    • Client Security Solution
    • COMODO Internet Security
    • Internet Security Essentials
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • Spybot - Search & Destroy
    • SpywareBlaster 5.5
    • SUPERAntiSpyware

    I would start by uninstalling all of the above and see if your situation changes. It is possible that you may have a problem uninstalling some of them while in safe boot mode.
     
    chaslang, May 11, 2017
    #2
  3. manilka835

    manilka835 Specialist

    The following were uninstalled in Safe Mode:
    • Bitdefender Antivirus Free Edition
    • Client Security Solution
    • Internet Security Essentials
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • Spybot - Search & Destroy
    • SpywareBlaster 5.5
    • SUPERAntiSpyware
    The Computer Re-started in Normal Mode. However the problem occurs when restarted. When restarted after entering the Safe Mode, it sometimes boots in the Normal Mode. When it freezes, Files could be opened using "Run" Command. Only the desktop Icons do not appear.

    After managing to boot ii Normal Mode, I installed Clamwin Free Antivirus Scan and ran a full system scan. As the relevant log could not be attached, the details are given here below.



    Scan Started Tue May 16 14:02:48 2017

    -------------------------------------------------------------------------------



    WARNING: Can't open file C:\Documents and Settings\Administrator\ntuser.ini: Permission denied

    C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun5.inf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\autorun5.inf.infected'

    C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\baseimagefam8.infected'

    C:\Documents and Settings\IBM\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2301728993-4250914820-3689261683-1005\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4.infected'

    C:\Documents and Settings\IBM\Application Data\Sun\Java\jre1.6.0_18\Data1.cab: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\Data1.cab.infected'

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF18FF.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF8EC9.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~DF9CFA.tmp: Permission denied

    WARNING: Can't open file C:\Documents and Settings\IBM\Local Settings\Temp\~WRS0002.tmp: Permission denied

    WARNING: Can't open file C:\hiberfil.sys: Permission denied

    WARNING: Can't open file C:\pagefile.sys: Permission denied

    C:\Program Files\Adobe\Reader 11.0\Reader\AcroBroker.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\AcroBroker.exe.infected'

    C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\AdobeCollabSync.exe.infected'

    C:\Program Files\Common Files\Ahead\Lib\libxml2.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\libxml2.dll.infected'

    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\rrservice.exe.infected'

    C:\Program Files\Nero\Nero 7\Nero Vision\libxml2.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\libxml2.dll.infected.000'

    C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\hxmedpltfm.dll.infected'

    C:\Programme Files\Comodo\COMODO Internet Security\scanners\mach32.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\mach32.dll.infected'

    WARNING: Can't open file C:\System Volume Information\EfaData\SYMEFA.DB: Permission denied

    WARNING: Can't open file C:\System Volume Information\LightningSand.CFD: Permission denied

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP112\A0028999.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0028999.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP114\A0031333.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0031333.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP115\A0037716.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0037716.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP116\A0040734.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0040734.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0052947.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0052947.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0053042.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0053042.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057202.inf: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057202.inf.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057203.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057203.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057204.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057204.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057205.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057205.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057206.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057206.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057207.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057207.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057208.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057208.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057209.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0057209.dll.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP73\A0019305.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0019305.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP77\A0020506.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0020506.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP79\A0021628.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0021628.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP83\A0023739.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0023739.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP85\A0024826.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0024826.exe.infected'

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP89\A0025043.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0025043.exe.infected'

    WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied

    WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied



    C:\Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup\autorun5.inf: Win.Worm.Autorun-456 FOUND

    C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache\baseimagefam8: Php.Exploit.CVE_2015_2331-1 FOUND

    C:\Documents and Settings\IBM\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2301728993-4250914820-3689261683-1005\4bd07e1ba952c6aa9bf83a8d98c08949_44300431-581c-43dc-895b-dffb501105a4: Win.Trojan.Agent-5497009-0 FOUND

    C:\Documents and Settings\IBM\Application Data\Sun\Java\jre1.6.0_18\Data1.cab: Win.Trojan.Ramnit-7017 FOUND

    C:\Program Files\Adobe\Reader 11.0\Reader\AcroBroker.exe: Win.Trojan.Agent-1364155 FOUND

    C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe: Win.Trojan.Agent-1364064 FOUND

    C:\Program Files\Common Files\Ahead\Lib\libxml2.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe: Win.Trojan.Agent-1364970 FOUND

    C:\Program Files\Nero\Nero 7\Nero Vision\libxml2.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\Program Files\RealNetworks\RealDownloader\Common\hxmedpltfm.dll: Win.Trojan.Ramnit-6995 FOUND

    C:\Programme Files\Comodo\COMODO Internet Security\scanners\mach32.dll: Win.Downloader.Upatre-5744088-0 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP112\A0028999.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP114\A0031333.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP115\A0037716.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP116\A0040734.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0052947.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP117\A0053042.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057202.inf: Win.Worm.Autorun-456 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057203.exe: Win.Trojan.Agent-1364155 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057204.exe: Win.Trojan.Agent-1364064 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057205.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057206.exe: Win.Trojan.Agent-1364970 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057207.dll: Win.Trojan.Ramnit-7066 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057208.dll: Win.Trojan.Ramnit-6995 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP119\A0057209.dll: Win.Downloader.Upatre-5744088-0 FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP73\A0019305.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP77\A0020506.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP79\A0021628.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP83\A0023739.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP85\A0024826.exe: Eicar-Test-Signature FOUND

    C:\System Volume Information\_restoreA8393674-085C-4723-B63E-39928C5F4C89\RP89\A0025043.exe: Eicar-Test-Signature FOUND

    ----------- SCAN SUMMARY -----------

    Known viruses: 6284808

    Engine version: 0.99.1

    Scanned directories: 8039

    Scanned files: 72843

    Infected files: 31



    Data scanned: 34484.34 MB

    Data read: 28321.22 MB (ratio 1.22:1)

    Time: 19036.484 sec (317 m 16 s)



    --------------------------------------

    Completed

    --------------------------------------
     
    manilka835, May 18, 2017
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are a lot of false detections in that info. Clam is noted for false positives. I recommend uninstalling it too. But I'm am a little concerned as to whether the Ramnit indications are real or not. We may have to run a different scan later to find out. But we have other things to do first.

    Also try to get Comodo uninstalled.

    Also I recommend that you disable System Restore and then reboot the PC. After reboot, re-enable System Restore. The try to get me a new log from MGtools by doing the below preferable in normal boot mode if possible. Otherwise run it in safe boot mode.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, Win8 or Win10, don't double click, use right click and select Run As Administrator).
    Then attach the below log:
    • C:\MGlogs.zip
     
    chaslang, May 18, 2017
    #4
  5. manilka835

    manilka835 Specialist

    MGlogs.zip is sent herewith.
     

    Attached Files:

    manilka835, May 19, 2017
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have Comodo installed. As I stated earlier, this PC does not have enough memory to run Windows XP SP3 let alone having an antivirus program installed. You have only 57MB of free memory. This PC will crawl!!!!! If you really must use this PC ( not recommended on Win XP ) then you need to install another 2.5 GB of memory to have any hopes of using this PC in a reasonable fashion.

    And additional programs like Skype, IoBit SmartDefrag, USB Disk Security, and Autorun Eater are also adding to your issues since again, the PC does not have enough memory and also it is an old style processor.
     
    chaslang, May 19, 2017
    #6
  7. manilka835

    manilka835 Specialist

    Comodo Firewall does not appear on the list of Programmes indicated in Add or Remove Programmes and in the Comodo Folder indicates no components installed for removal. However the icons on System Tray & Desktop appear along with Firewall Messages.

    I will increase its memory when funds become available.

    It used to function all right once the programmes were loaded which took quite some time. This desktop freeze cameup most recently and still persists.

    Are there any Malware problems and if not shall I proceed with its normal function?
     
    manilka835, May 20, 2017
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then I will try to help you remove it manually because it is likely the source of your slow downs since it requires a significant amount of resources.

    There are no malware issues.

    Let's try forcing Comodo to be uninstalled and cleanup a couple other items that will impact performance.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of the code box
    • Make sure that you scroll all the way to the bottom of the code box to get the whole fix!
    Code:
    :services
cmdAgent
cmdvirth
gupdate1ca612ac4ed974a
gupdatem

:Processes
explorer.exe

 
:Files
C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\Tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410931989.job
C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2301728993-4250914820-3689261683-1005.job
C:\WINDOWS\Tasks\SmartDefrag.job
C:\WINDOWS\Tasks\SmartDefrag_Startup.job
C:\WINDOWS\Tasks\SmartDefrag3_Update.job
C:\WINDOWS\Tasks\SmartDefrag3_Startup.job
C:\Programme Files\COMODO
C:\Documents and Settings\IBM\Desktop\COMODO Firewall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
C:\138b1e7f59884556922d027a
C:\17609fb5841c2fa05801d39db2e48ad3
C:\4f682c84d83543ca509de6be5f50efe8
C:\4f7d96d6bad2092d4628012fa21bc366
C:\5908b47b131609bc824c
C:\6d66a4a0e6c56eaf2d7681835982
C:\aa0dd5d6aebc15618a2a20
C:\WINDOWS\temp\*.*
C:\Documents and Settings\IBM\Local Settings\Temp\*.*


:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"COMODO Internet Security"=-
"Adobe ARM"=-
"IseUI"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, Win7, 8 or 10, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, Win8 or Win10, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXT log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 23, 2017
    #8
  9. manilka835

    manilka835 Specialist

    When the OTM.exe was run, after pasting and clicking "Move it" Button, the system froze and the C:\_OTM\MovedFiles log could not be obtained.

    the JRT.TXT log was saved when the log appeared on screen. On completion, a log (JRT.txt) was not saved to the desktop.

    C:\MGlogs.zip     was available as stated.

    The Computer restarted without the desktop freezing, but I beleive, Comodo Firewall is still installed.

    • Bitdefender Antivirus Free Edition- Antivirus
    • COMODO Internet Security- Firewall
    • Malwarebytes Anti-Malware version 2.2.1.1043
    • SpywareBlaster 5.5
    • SUPERAntiSpyware were installed as instructed in
      "How to Protect yourself from malware!"
      thread. What shall I do if they are not to be re-installed?
     

    Attached Files:

    manilka835, May 24, 2017
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes Comodo is still installed because OTM did not run properly. Please try booting in safe boot mode and running the steps with OTM. If it runs properly then boot back into normal bootmode and get a new log from running GetLogs.bat again.

    Don't worry about How to Protect yet until we get all of the current items off the PC to see how it works. In reality, you are probably not going to be able to install any current versions of protection software on this PC due to insufficient memory and due to it being an old PC that cannot run modern protection software without dramatically impact PC performance.
     
    chaslang, May 25, 2017
    #10
  11. manilka835

    manilka835 Specialist

    OTM was successfully run in Safe Mode.

    The MGlogs.zip obtained by running the GetLogs.bat again is sent herewith.
     

    Attached Files:

    manilka835, May 30, 2017
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay Comodo appears to be gone now and your available free memory has gone up as a result:
    Code:
    Total Physical Memory 512.00 MB 
Available Physical Memory 299.48 MB
    So I expect the PC is running a little better now since a little more memory is available. But you are at risk running this old unsupported version of Windows and also not having a good antivirus program installed and this PC will likely slow down a bunch when any modern antivirus program is installed.
     
    chaslang, May 30, 2017
    #12
  13. manilka835

    manilka835 Specialist

    Sorry for the silence during the past weeks as Internet Connection had been disconnected in our Institute and replies were made from Home and also I was sick.

    There were no freezes up to now with the PC and looks fine.

    If the Memory is increased up to 2 or 3 GB, which I hope to do in the latter part of the year, can this PC accomodate antivirus Programme and other Anti-Malware Programmes installed previously?
     
    manilka835, Jun 15, 2017
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    With more memory the PC would run much better than it would without it. The only issues is that it is a old style processor and most modern protection software are being designed with the assumption that the computer's processor is also more modern. So there will be impact. You may have to do some hunting around to see which program has the least impact. But what ever you do, make sure that you only have one installed at anytime. Also uninstall and reboot, before installing another.
     
    chaslang, Jun 17, 2017
    #14
  15. manilka835

    manilka835 Specialist

    Out of the following 9which were installed previously), which ones can be installed?

      • Bitdefender Antivirus Free Edition- Antivirus
      • COMODO Internet Security- Firewall
      • Malwarebytes Anti-Malware version 2.2.1.1043
      • SpywareBlaster 5.5
      • SUPERAntiSpyware
    Malwarebytes Anti-Malware version 2.2.1.1043 & SUPERAntiSpyware are not loaded during startup.
     
    manilka835, Jun 30, 2017
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    With the small amount of memory that you have, I would only recommend installing Bitdefender and SpywareBlaster.
     
    chaslang, Jul 9, 2017
    #16
  17. manilka835

    manilka835 Specialist

    Only Freeware of the following were installed and they were not loaded during startup but only when scans were run.
    • Malwarebytes Anti-Malware
    • SUPERAntiSpyware

    Is it possible to have them re-installed?
     
    manilka835, Jul 15, 2017
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    They both will still have services running which you do not have enough memory to support without impact performance even more. If you can live with a very slow startup and overall slow PC then you can try loading one ( I would suggest only one and make it MBAM ). But remember your reason for coming here was poor performance.
     
    chaslang, Jul 15, 2017
    #18
  19. manilka835

    manilka835 Specialist

    Does Bitdefender support Windows XP?
     
    manilka835, Aug 26, 2017
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Seems that BitDefender Free addition no longer supports Win XP. This is due to Win XP no longer being a supported Windows Operating System. I believe that Avast, AVG, and Baidu still support XP ( see this page: http://www.majorgeeks.com/mg/sortname/all_in_one_anti_virus_suites.html ) but not sure which one will use the most system resources. But either way, you will notice that the PC will slow down once installed.
     
    chaslang, Aug 29, 2017
    #20
  21. manilka835

    manilka835 Specialist

    manilka835, Sep 23, 2017
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Clam is only an on demand scanner.
    Same for VirusTotal and it is only a single file scanner.
    Phrozen, BgPKiller, and SpyShelter are not antivirus programs.
    AutoRun Antivirus is not a full blown antivirus program.

    Xvirus Personal Guard is an antivirus program but not very good.

    So that leaves McAfee Cloud, Tencent, and FortiClient for you to try.
     
    chaslang, Oct 11, 2017
    #22
  23. manilka835

    manilka835 Specialist

    Thank You for your time & effort.

    See you again when some problem occurs.

    Goodbye & Goodluck!
     
    manilka835, Oct 13, 2017
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Oct 18, 2017
    #24

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds