computer freezes post malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by funkfunkfunk, Jan 22, 2010.

  1. funkfunkfunk

    funkfunkfunk Private E-2

    posted in the software section where it was suggested i post here.


    xp pro sp3
    amd athlon 64 4000+ 2.41ghz
    2gigs ram
    gigabyte mobo

    No problem for a long, long time when a couple days ago i get the malware defense funtimes with some bundled trojans. After some fiddling i ran housecall, malwarebytes, combofix and cc cleaner and was all clear but all of a sudden my computer would hang and then freeze moments after i login to windows in normal mode.

    Runs fine in safemode UNLESS i try to run chkdsk /r at whichpoint it freezes when loading up after i restart after being prompted to in order for it tp get down to business. chkdsk /r also freezes if run from the repair console. In order to get safemode working again i need to run windows in normal mode, cancel the chkdsk when it attempts to start (or else it will freeze after a few moments of being in normal mode as per usual) then restart in safemode.

    chkdsk will run in /p and recognizes some damaged sectors.

    loading the easytune sofware that came with the mobo before it locks up in normal mode it tells me my system fan is not working, but that my cpu temp is only like 25 degrees C. To try to fix this I opened up my box and cleaned it all out: sure enough my system fan was nasty dusty but after cleaning it out it still tells me the same stuff.


    Help a brother out.

    thanks,
    Matt


    I ran everything in the read&run in the order perscribed except for combofix, which i had run previously, and rootrepeal, which froze whenever i started it scanning.

    Logs:


    mglogs attached.
     

    Attached Files:

    Last edited by a moderator: Jan 23, 2010
    funkfunkfunk, Jan 22, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I strongly advise you to cleanup your Desktop. Remove everything but links to run programs. Do not download and save programs here and definitely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    I need you to re-run ComboFix. After which, see if you can run RootRepeal. If not, just run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Jan 23, 2010
    #2
  3. funkfunkfunk

    funkfunkfunk Private E-2

    done. root repeal froze again.
     

    Attached Files:

    funkfunkfunk, Jan 23, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's give it another shot.


    DO NOT 'UPDATE' COMBO OR RE-DOWNLOAD IT!!!


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
AUANCLLQ

File::
c:\windows\System32\auancllq.usp
C:\WINDOWS\system32\SysSFGE.exe
C:\Documents and Settings\All Users\Application Data\sysReserve.ini
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    Last edited: Jan 24, 2010
    TimW, Jan 24, 2010
    #4
  5. funkfunkfunk

    funkfunkfunk Private E-2

    *In case i wasn't clear enough earlier, I am running all of this stuff in safe mode because i can't be in normal mode without everything freezing.*

    fixme.reg won't run,it says "... the specified file is not a registry script. you can only import binary registry files from within the registry editor"
     

    Attached Files:

    funkfunkfunk, Jan 24, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please try to run the registry fix, making sure not to leave any space above the:
    REGEDIT 4 line...and that you choose all files as type.

    Just to be sure because the other items are gone.

    What problems are you having?
     
    Last edited: Jan 25, 2010
    TimW, Jan 25, 2010
    #6
  7. funkfunkfunk

    funkfunkfunk Private E-2

    Alright the regedit ran successfully.

    My problem is that when i try to run windows in normal mode it quickly hangs and then freezes, after about 30 seconds to a minute. I tried chkdsk etc. (all misted in my o.p). This began exactly as I fixed "Malware Defense", prompting me to think they may be related?
     
    funkfunkfunk, Jan 25, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Can you get into normal mode long enough to run any scan? ComboFix was having issues but it is working again. Please remove your old version and download this one: combofix.exe

    Please run it ( in safe mode if that is all you can do ) and attach the new log and after double clicking the
    C:\MGtools\GetLogs.bat file, attach also the new C:\MGLogs.zip

    I am not sure if this is a malware issue or a software conflict.

    Did you do all of my last fix?
     
    TimW, Jan 26, 2010
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds