A little help please?

Discussion in 'Malware Help (A Specialist Will Reply)' started by kn0ck3r5, Feb 2, 2006.

  1. kn0ck3r5

    kn0ck3r5 Private E-2

    Hi guys! I'm new to this forum and usually goto SWI(don't know if you've heard of that) for my problems but lately theyve been swamped and my questions have been unanswered.
    So anyway, recently my comp has been acting strange. I get random restarts, the programs that I normally use don't connect to the internet anymore, randomly a little white box will come on my screen that I can not move or close and it just stays there for a while and then disapears...
    I havent scanned my comp recently (which is stupid I know) but it seems everytime I try to update my AV my computer restarts in the middle of it.
    Yesterday it caught something called TR/SpyAgent.IP but thats about it. Also, it found something named "fnba56aadf.exe" and classified it as a trojan but it didnt say which one, it just said it was a trojan.

    Just want to know what this might be, and how to get rid of it.

    By the way; if you're wondering why it seems like I have several AV's on my comp, I don't. My boyfriend doesnt want me to delete Norton, so I just disable it and use AntiVir, Prevx1 we used to use but I deleted it about 2 hours ago and never restarted my comp :p so that might be why the update thing is there XD.

    Anyway, thanks in advance,
    Katie
     

    Attached Files:

    kn0ck3r5, Feb 2, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. You need to make sure you install HJT properly as you did not and are running it directly from the ZIP file using WinRar. Also, you must not use msconfig to control startups like you are (not while we are fixing). This is all covered in the Procedures below. You should uninstall questionable software like Messenger Plus. And you must use only one antivirus application, so uninstall all but one. You have Antivir and Symantec right now. Disabling is not the same as uninstalling. The services are still running the way you have it. Symantec software is not that good and is a resource hog.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Feb 2, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why were the below running? Did you have them open for some reason?
    C:\WINDOWS\system32\mspaint.exe
    C:\WINDOWS\system32\notepad.exe
     
    chaslang, Feb 2, 2006
    #3
  4. kn0ck3r5

    kn0ck3r5 Private E-2

    Alright, I'll do that. Sorry! :p
     
    kn0ck3r5, Feb 2, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem! Just attach the logs as requested in steps 6 & 7 of the READ & RUN ME when finished.
     
    chaslang, Feb 2, 2006
    #5
  6. kn0ck3r5

    kn0ck3r5 Private E-2

    Yeah I did have paint open on purpose.
     
    kn0ck3r5, Feb 2, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! It is best not to have unnecessary stuff like paint, notepad, etc open when getting logs. Also browsers (all of them) should be closed. Part of the reason is that some programs (including browsers, notepad, paint, cmd) are sometimes run by malware in the background and we need to know the difference between you running them and malware doing them. Also, if browsers are running when trying to fix things using HJT or even the scanning programs, certain things cannot be fixed because having the browser software running blocks the fixes.
     
    chaslang, Feb 2, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds