Different Computer, New Problems

OK guys, you helped with my desktop. I now have someone else's laptop, loaded with problems: this guy knew even less about malware than I did.

Working through the cleanup process, but I'm running into a real problem. At certain points (three different times now, often when 'cleaning up' something), a program begins to repeatedly open either 'help' files or "search' program, or some other such thing. It will open thousands of instances of the program, one after another until the system bogs down. Apparently the only way to stop it is to do a hard shutdown.

What is this and how do I get rid of it?

 

Reboot into Safe Mode and run the READ ME from here if you can. If the program is malicious then see if it's listed in Add/Remove for removal, if it's a legit prorgram also see about temporary removing it so you can clean up the machine.

Be sure you run both online scans whether it be normal or safe mode, attach those logs with a HJT log from normal mode if possible.

 

Yeh, I'm working through that process. But twice, this bug stalled me in the process and I was hoping someone could tell me specifically what to look for.

 

Can you provide some information on it, name, location ? Have you checked Add/Remove for it?

 

No. Problem is I don't know what to look for: I thought maybe someone recognized the problem and could point me somewhere...

 

Oh, I though you meant you knew what the program was called (the one that was coming up so many times). I havn't ever heard of one doing this without user interaction.

Can you get a screenshot or any information from it?

 

I'll try. gotta switch over to that computer to start the process again. when/if it happens, I'll see if I can. It just starts opening some program like Windows Help or Windows (FileManager) Search, MULTIPLE times (literally hundreds of times). Once that starts, you can't do much of anything without a 'hard shutdown': can't even get to 'reboot'...

 

OK, guys, I'm dead in the water here. The computer is a Dell Inspiron 5160 with a 2.8 ghz P4, and 1.25gb RAM, WinXP Pro. 33gb HDD. When I got it it had over 32 gb of used space: no room left. I now have about 10 gb free space, should be plenty.

I've run most of the programs from the help files here, but when I go online to do Pandascan or Bitdefender, it always stalls on the download, and locks up. I went to the inet settings and increased the temp files allotted space. Still stalls on download.

The other problem is the "help" popup. at random times, but more often if I'm on the net, the computer will begin opening sessions of Windows XP Help, as if I had clicked on the 'help' button. It opens multiple sessions, one after the other, and continues indefinitely. I stepped away from the computer a minute and when I stepped back it had opened 187 separate sessions of the Help window, and was continuing to open additional sessions.

The only out is to open task manager (C/A/Del) and reboot. Gotta have some help here, boys and girls. I haven't attached any HJT files because I haven't finished the process, but I have those files and startup logs. Tell me what to do next. I'm lost here...

 

Attach a HJT log and we will go from there.

 

Ok. Here's the HJT log and startup file. And any suggestions on the 'help window' prob would be GREATLY appreciated. I'm lost here.

 

Please see the below thread on how to run WinPfind and attach the log.

• Running WinPfind by OldTimer

 

Ok. I'll do that now. Note: I'm working from my desktop but running the laptop to do the fixes. When I booted this morning I started running the 'checkup' programs, and while running Spybot, the 'help file' problem started: multiple sessions of Spybot Help started opening. Rebooted, and so far it is doing ok, though the laptop is not linked to the net. Ran Spybot, Spysweeper, Norton, and Counterspy without problem. We'll see. I'll post the log as soon as I get it.

 

Here is the WinPFinder log for the laptop.

 

Download the attached file, save to your desktop. Right click to extract the contents. Reboot into Safe Mode with Admin rights and then run the fix.

Once in Safe Mode, locate the file "fix.bat" and double click to run it.

After you complete the fix, reboot and run the below...

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

Ok. got tied up, but I'm downloading/following directions now. Prob be late or tomorrow befoer I respond. Thanks

 

Okay, I must add that when I post fixes they need to be done fairly quick because some of the infections may mutate causing the fixes to be useless.

 

OK: didn't know that. I'll try to do better.

 

I will check back later on.

 

OK. went to safemode and ran the fixbat. Then ran the Ewido, which found nothing. I'm attaching the saved log, as well as the Process and Startup reports, just for good measure.

 

Attach a fresh HJT log from normal mode.

 

Here it is. It's 0200 here so I gotta quit and get some sleep.

 

Okay, I will check your log and post a fix.

 

Your HJT log looks good, what problems are you currently experiencing?

 

Well, right this minute, none. That just occurred to me: within the last couple posts, the problems have stopped. Even though nothing new was removed (far as I know). Let me shut down, and I'll run it some this afternoon and see what happens... Post back here to let you know, either way.

 

Okay!

 

Hey, I'm back. Been tied up and unable to fool with the laptop for several days. Spent the time recently to recheck everything, run all the spyware stuff again, and try the laptop. It was working fine: apparently all the 'bad stuff' has gone away.

However, this morning I booted up, and was running the ewido anti-malware program, when the problem started again with the multiple help windows opening. I can't seem to find any pattern to when this occurs. I wasn't logged onto the internet (infact, not even connected). This time the ewido help windows started opening (as before, about 3-4 new windows per second) until I rebooted. that was three or four hours ago and after reboot, it hasn't done it again. yet.

any suggestions? This seems to act on whatever program is in use at the time; and if more than one is open it seems to 'attack' whichever one is currently in use. No specific pattern of time, level of activity, program type, anything.

 

I don't understand what your saying? When you say help windows, are you talking and windows help and support?

 

Yes. It is as if you had clicked the 'help' icon. HUNDREDS of times...

 

Do you use the Help and Support?

 

Yes, for some programs I use 'Helpfiles' regularly. Whether I use the 'icon' or the dropdown menu/selection depends on the program. But if you plan to suggest deleting/removing the Help files, that would really put me in a bind with some programs.

 

I'm not talking about every help tab, I'm talking about the "Help and Support Center" in Windows.

This is what's popping up, correct?

 

Well, the "Help and Support Center" in Windows is ONE of the things that pops up. The one that popped up this morning was the Help for Ewido (which was running at the time). Also in the past, I've had Word open and that 'help' window popped up. so it doesn't seem to be just one "help" program.

 

I'm not sure what's going on with this. What I do know is that it's not malware related.

I would post that issue in the Software Forum, those guys may have some suggestions for you about that.

Are you having any current malware issues?

 

OK, I'll repost the issue there. I seem to be clear of malware problems in THIS laptop. I got one problem in MY laptop, but if I can't get rid of it I'll start a separate message link here on that one. You've been a great help clearing up the mess on this laptop. Thanx

 

Your Welcome!