Fatal Dose of Evil

My computer takes 25 minutes just to boot-up.

Applications do not open. If they do, they will not run properly. Or they close un-expectedly.

Clicking a mouse results in not what is intended.

Every action is very slow.

Word processing programs seem to be an attractive target.

Internet connection--forget it.

It says: "CPU Usage 100%" It is pegged, all the time at 100%.

I tried, 6 days ago, to employ my Antivirus and malware, but the Evildooer will
shut them down or make them blind.

I tried "Safe Mode," but "Safe Mode" will not even open now.

I went to another support site, and they thought I was crazy.

I have seen tow "blue screens" in the last 2 days. The Evildooer apparently hates a program called "Rootkit Unhooker LE," version 3.8.389.593, Sevice Release 2. for when I click "scan" in that program, twindows goes blue, with a "physical memory dump" message.

I have read your rules for XP Cleaning Procedure, I have done the steps in order, and I append the required scans.

Thank you for your support.

 

At three in the morining, as I was sleep-waliking I pre-viewed the answer that you have posted today. And, I thank you for the answer.

I basically ran through the routine you describe: scanning--removing--rescanning.

The machine is clean now. The logs are comming out blank. (See Attached.)

One thing that bothers me still is the "running processes" which eat up CPU capability. Especially svchost.exe. I hace 5 of those running at any one time. But, I downloaded MajorGeeks' recomended scanner and fixer for that.

Observation: After the machine was cleaned, I still ran RootKit Unhooker LE. It seemed to knock loose some backward, or out-of sequence, strains of the retrovirus. Then, when TDSS Killer was run again, it was able to detect and capture more infections. I am repeating the process.

I am pretty happy, and I thank your organization for its work.

One last irritation: A small yellow shield in the desktop taskbar. It has an exclamation point in the middle of it. To me, the shield is a signal that I'm not quite 100%. Because I never put the shield there. Somebody else did. And that bothers me. But, I am very happy to live with 95% efficiency. And with the knowledge and recommendations contained in your website, I can be assured that help is only a [couple of] click(s) away.

With much appreciation,

Ed Fahey
Texas, USA

 

I guess the next MG Log just overwrites the last MG Log. I hope that's true.
Because I only find one zip file in the folder.

Here ist is: (Appended to this reply).

Thank you for your kindness,

EF

 

To chaslang:

The items you list from Hijack This, I have clicked "Fix" on most of them, except Pareto Logic. I've clicked "Fix' multiple (over 15) times, but they keep re-appearing. After "fix" is clicked, HJT puts up an error message, to the effect that: "It has already been fixec, or no file information can be found, you'll have to fix it another way." Something like that.

EF

 

All right. Took me 5 passes to get Avenger to do what we wanted.
My bright idea was to hand type the commands, instead of using copy/paste. Can't get in a hurry in this business. Hand-typing is OK if you are a 20 year-old stenographer. But, my eyes are getting old. Can't tell an "i" from a "1," or an "l" or a "I."

So, you have 5 Avenger logs, in 5 passes. and the most recent MG log.

I have iobit uninstaller at your site's suggestion, and I am working on those extra AV, like AVG, which did not install completely, so, it can't be uninstalled completely. iobit has ways around this, though. I'll keep working.

With much appreciation,

EF

 

Here is Avenger, pass 1, which exceeded the maximum # for attachments in my last message.

Happy Holloween,

EF

 

Yes Sir: the Pareto Logic xoft was un-installed without event.
SpyHunter was un-installed 3 days ago by iobit.
But, it still shows up on the Add/Remove software list.
Clicked uninstall on spyhunter again today.
Gave me an error message: "Installation in process, cannot uninstall now," or,
something close to that. Sum: Can't get spyhunter uninstalled. Can't find the *.exe file anywhere. Will continue.

Avira found something called "BAT\Delplug A01333274" I quarrantined it. Then, deleted it. But, it comes back. The full path is:

C:\System Volume Information\_restore{046DB58D-22D8-48E0ABF4-970E3DBE488F}\RP 391\A0133274.bat

Whatever.

The computer is working pretty good. I would say "back to normal." With "normal" being: way over-worked. No crashes, No blue screens. Bootup time greately reduced. CPU useage, at idle, about 15-20%. But, if you ask it to do something, it gets close to 97%, and if you ask it to do two things at once--it pegs 100% until somebody finishes what they were doing.

What can I say, it's an old machine, Pentium III with 1 GB RAM. Good for word processing. Basic Internet. It's not a race car. It's a VW Microbus. I can see that, in the past, Ive been asksing the machine to do too much. A little scaling back is in order.

Thanks.

The little yellow shield is still there, but it dosen't bother me anymore.

I'm getting more confident with the new tools you have taught me how to use.

EF

 

Uniblue--Speed Up My Computer was uninstalled today with no problem. Should appear on the MG Log, posted a bit earlier today.


EF

 

Today, TDSS Killer ran into a wily, old hitchhiker named BlackBox.sys.
Over the past week or so, TDSS found him and deleted him. I even went to the command prompt and erased him manually. But, like dragon's teeth, he keeps regenerating himself. I put him in quarrantine today, just so I know where he is at.

See Logs, Attached.

I bet there is a permanent fix for BlackBox.sys, contained in the knowledge base. So, I will search the fora for the fix and do it, unless you tell me otherwise.

thanks,

EF

 

Googling "Black Box Removal," I came across this suggested manual fix:

Black Box Manual Removal:

Follow these steps to remove Black Box from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

Remove these files (if present) with Windows Explorer:

000[1].htm
a.asm
a.class
a.idb
a.lst
a.map
blackbox.asm
blackbox.class
blackbox.idb
blackbox.lst
blackbox.map
dummy.asm
dummy.class
dummy.idb
dummy.lst
hardcoreover[1].htm
in[1].htm
rukz[1].backs
verifierbug.asm
verifierbug.idb
verifierbug.lst

If there are no objections, I will do this late tonight.

thank you,

EF

 

Dear ObiWan:

Now I can feel The Force.

I have done as you instruct. On the blackbox thing.

Attached are the logs you request.

Each time I do what you say, my computer gets better and better.
I got no major complaints. Or minor ones, for that matter.

One thing I want to say: "You and your friends are selfless fighters. Much to be admired. I can see that you are motivated by a higher ideal than 99.9997% of the people involved with computers. These fixes are tedious and time-consumming. Not so much for me, but for you especially. I deeply appreciate your involvement in my petty problems. And, in your honor, I am going to dedicate 10 hours of my time, free, to a person, any person, that needs my legal services, and cannot pay for them. In fact, it will be the next person so situated that happens to appear before me. The World should be on its knees, thanking God, or The Force, or Whatever, for people as dedicated as you."

Sincerely yours,

Ed Fahey
Laredo, Texas
USA