Concern over changes in computer operation

ellen46240 · May 16, 2013

Hi,
On a Dell computer, XP Pro 32 bit, V 2002 SP3, 1 G RAM, about a month ago, I noticed several different types of problems. (so maybe it has a hard disk and/or PS issue?). But thought I would check for malware issues first. Symptoms include long load times (but IP admits to having bandwidth issues). Was running Avast with Comodo FW (both free versions, but Avast has now expired, but all testing has been done off line). At one point, the computer hung at Bios password.

No threats found (as best I can tell on logs, but did see flaky listing in RK report. Not critical timing, as I'm on a lap top (previously cleaned, but not 100% verified). So will go with looking at Dell first, before rescanning this lap top. Sorry, no intent to load up.

I could not get datebase update for MB.exe to load. Showed on dot in center of page and appeared to hang. Logs attached.
Help is greatly appreciated!

TimW · May 17, 2013

Use windows explorer to find and delete:
C:\Documents and Settings\Administrator\Templates\y5x3do826b8

Otherwise, I am not finding any malware in your logs. I suggest you post in the software forum for additional assistance.

Since you are not having any malware related problems, it is time to do our final steps:

Any programs we had you download and/or install can be removed at this time.

If we had you download and run ComboFix, here is how to uninstall it:

Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.

This opens the Run dialog box.

Copy and paste the below text inside the text-field:

"%userprofile%\desktop\ComboFix" /uninstall

Now press ENTER

ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.

You can re-enable your Disk Emulation software at this time via DeFogger.

If we had you create or download a registry patch or "fix" script, these can be deleted at this time.

Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.

Now we will toggle System Restore to remove any infected system restore points.

Read this: How to Disable And Enable System Restore

Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!

Be safe

ellen46240 · May 18, 2013

When I searched for the y5x3do826b8 file to delete, I also located it in ..\All Users\Application Data, and in \Administrator\Local Settings\Application Data. Do I delete those two as well?

Another question.. I know I dis-abled Disk Emulation, but some time back I had run the same scans (so was likely disabled then). What if it didn't get re-enabled back then? Will this current action be retro-active to when it was actually disabled before? Or would it need to be done more than once? Does it use a log of some type, and if so, any easy way to know if it was re-enabled then? Or is it an issue at all?

I'll wait to hear back, before I do the finalize steps. Many thanks!

TimW · May 18, 2013

Yes, remove all instances of that file.

And disc emulation is not a critical issue.

Log in or Sign up

Concern over changes in computer operation

ellen46240 Private First Class

Attached Files:

RKreport[1]_S_05092013_02d1512.txt

TDSSKiller.2.8.16.0_09.05.2013_16.28.23_log.txt

HitmanPro_20130509_1643.log

mbam-log-2013-05-09 (16-00-13).txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ellen46240 Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member