Computer running very slow. Possible Malware?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Mad-Friend, Aug 16, 2010.

  1. Mad-Friend

    Mad-Friend Private E-2

    I have re-run all scans. Still have same problem (something has been running for over an hour now). PC still slow, but not as slow.
    Posting logs.
     

    Attached Files:

    Mad-Friend, Aug 16, 2010
    #1
  2. Mad-Friend

    Mad-Friend Private E-2

    Re: Unknown programme loads on start up causing major probs. How do I find and stop i

    Struggling here. Head on overload. Too late, re-run malwarebytes & MGTools.
    Also not knowing what the problems was didn't list it to malware forum and don't know how to re-post it to relevant site.
    hidden program? or malware, been running for over 2.5 hours now. Problem getting worse by the hour.:confused.

    Forgot to add: Malwarebytes quarantined 2 Trojan.Agents dated 27-07-2008.
    C:\WINDOWS\DownloadedProgramFiles\PURen.gb.dll
    C:\WINDOWSDownloadedProgramFiles\MsnChat40oen.g
     

    Attached Files:

    Last edited: Aug 16, 2010
    Mad-Friend, Aug 16, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I still need to see the C:\mglogs.zip from running MGTools.exe which is really the most important log, before I can give you a complete fix.
     
    Kestrel13!, Aug 16, 2010
    #3
  4. Mad-Friend

    Mad-Friend Private E-2

    Thanks Kestrel131,
    hope this is the one you need. If I have uploaded the wrong one please let me know.
    AVG resident shield detected possible Trojan Virus. Virus reads Trojan horse Dropper.VB.DCI D:\Trish Docs\Downloads\MGTools.exe Object is inaccessible. 30\4\2010 file C:\Program Files \Mozilla Firefox\firefox.exe
    Also in C:\windows\Explorer.exe
    It is recorded 16 times.
     

    Attached Files:

    Mad-Friend, Aug 17, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    C:\ComboFix.exe <--- We had asked that you place combofix directly on your desktop, please do that now before we continue.
    This is a false positive. Our tools are not malware.
    Are you saying AVG is actually complaining that Explorer.exe and Firefox.exe are infected? You need to be specific.

    Use windows explorer to find and delete old avg8 remains:
    • c:\documents and settings\trish\Application Data\AVG8

    Also delete this file:
    • C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET54D.tmp

    This is why things are running slowly: (I am not seeing any malware in those logs.)

    To run XP you need a minimum of 500MB, 1GB to run it smoothly! Get an upgrade. :)


    Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).
     
    Kestrel13!, Aug 17, 2010
    #5
  6. Mad-Friend

    Mad-Friend Private E-2

    Dear Kestrel131,
    thankyou for all your help.
    I know MGTools is not malware, sorry if it came across that way in my message.
    I've deleted all the things you asked. I've tried to posted a log of the AVG Resident Shield detection so you could view it but couldn't. Please advise so I can show you RS detection file.
    Thankyou again.
     
    Mad-Friend, Aug 18, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Next time it pops up just note down where exactly it is reporting it's threats.

    Just copy and paste if you can.
     
    Kestrel13!, Aug 18, 2010
    #7
  8. Mad-Friend

    Mad-Friend Private E-2

    Thankyou Kestrel131.
    managed to open, cut and paste.
    Resident Shield didn't pop up. I opened AVG, clicked on history, then clicked on Resident Shield Detection.
    This is what it showed.


    Resident Shield detection
    "Infection";"Object";"Result";"Detection time";"Object Type";"Process"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"12/05/2010, 10:55:25";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"11/05/2010, 09:49:18";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"09/05/2010, 11:15:10";"file";"C:\WINDOWS\system32\rundll32.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"09/05/2010, 11:13:51";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"08/05/2010, 10:05:22";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"07/05/2010, 11:31:34";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"06/05/2010, 17:51:07";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"05/05/2010, 17:43:44";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"04/05/2010, 18:41:43";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"03/05/2010, 11:04:49";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"02/05/2010, 15:10:30";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"30/04/2010, 20:17:16";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"30/04/2010, 18:28:56";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"30/04/2010, 17:14:21";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"30/04/2010, 17:10:15";"file";"C:\WINDOWS\explorer.exe"
    "Trojan horse Dropper.VB.DCI";"D:\Trish Docs\Downloads\MGtools.exe";"Object is inaccessible.";"30/04/2010, 17:07:01";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
     
    Mad-Friend, Aug 18, 2010
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    False positive on AVG's behalf. As you know, MGTools.exe is not infected.

    I was not seeing any malware in your logs to begin with apart from what sas/and or mbam removed, so now any outstanding issues you have must be resolved in another forum. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Last edited: Aug 20, 2010
    Kestrel13!, Aug 18, 2010
    #9
  10. Mad-Friend

    Mad-Friend Private E-2

    Dear Kestrel131,
    all requested files deleted, except Perflib_perfdata_18c.DAT in X:\WINDOWS\Temp
    Message comes up saying it is being used by another person or program.

    Something is still running on start up, although it only runs for about an hour now, and PC is a little faster.

    ComboFix is now on desktop.

    I'll now run through the final steps and let you know how things go.
    Thankyou for all your help and advice, I'd be lost without you. God bless and thanks.
     
    Mad-Friend, Aug 20, 2010
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What are you referring to?
     
    Kestrel13!, Aug 20, 2010
    #11
  12. Mad-Friend

    Mad-Friend Private E-2

    Not sure, :-o but it sounds as if some sort of scan is being run. It has that same souns as when AVG is running its scans.
     
    Mad-Friend, Aug 20, 2010
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Lots of legit processes will be being carried out in the background. The hard drive will be almost constantly spinning and almost everything that's running will be constantly scanned. f you wish to view the amount of programs and processes running in your computer, check out you Task Manager. ;)
     
    Kestrel13!, Aug 20, 2010
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds