Help... x.X

Discussion in 'Malware Help (A Specialist Will Reply)' started by ac19189, Jan 5, 2008.

  1. ac19189

    ac19189 Private E-2

    Going to run the recommended steps on the forums I failed to read it so ill edit the post once im done but I dont really think it will help lol...

    Ok normally I dont go looking for help but this time im stuck.. I posted on another forum but I dont think they will be able to help me.. So let me give a quick run down. I downloaded a free game it installed a virus called ntos.exe in turn I had to run a windows repair to simi disable it then manually edit it out of my registry via Winternals now I know the virus is gone because its not showing up anymore.. However i seem to have run into yet another snag an its making me nuts...

    When I start my computer it boots up almost normal the gui boot screen takes a tad bit longer now but nothing to bad. I boot into the system it runs nice an smooth then I open ie an load a website an the computer just about drops dead as soon as i hit that enter key with a url in it. My svchost hits the roof an goes flat out 99% cpu an keeps the page from loading after I end task on it the website loads an everything works great but it just comes back up after a while...

    Anyway iv reinstalled my virus scan iv ran a full scan with my virus scan, spybot, adaware then I removed it because I use spybot as my main... Spysweeper ran housecall, x-cleaner iv looked over my hijackthis log like a mad man uh tried a few recommended ideas I found to fix svchost when its not a virus... So yah im at my ends wit I have tried all my programs an short of reformating the system iv done all I can think of.. An I know this isnt normal it never did it before this... <.< CURSE YOU NTOS!

    Thank you for any help ahead of time!
     
    ac19189, Jan 5, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    Best option is to run the below and attach the requested logs as our malware experts are good at finding malware and they will issue you some further removal instructions if needed. If they deem you clean of malware then we can look into software/OS causes for this, but best to make sure malware is not the cause first.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    DavidGP, Jan 5, 2008
    #2
  3. ac19189

    ac19189 Private E-2

    I ran the scan but the thing the post doesnt make to clear is the zip file wont be in the same dir its back in the c drive as the file u downloaded. So I was lost until I thought about it.. XD Anyway I added the logs... Looked over it myself to see if I could find the issue <.< Found nothing... An its still doing that 99 percent cpu when I open ie an load a website after a reboot so even after all that scanning it didnt fix.. Rats I was hoping I get lucky lol Anyway yah... It removed a few things but it wasnt anything I didnt already know was there... LOL Again thanks for anyone that can help me out..
     

    Attached Files:

    ac19189, Jan 5, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The below quote is from the Using MGtools link in the READ ME
    It explains that it will be in the root folder of your Windows boot drive. We cannot come out and say it will be C:\MGlogs.zip because thousands of people install Windows on a different drive.


    Not sure what you mean. You don't need to add logs. They are put into MGlogs.zip by the procedure.


    You did not attach the log from ComboFix or AVG Antispyware as requested. Please attach them so we can continue. Also you did not follow the instructions about not using Spybot's Teatimer. See the READ ME and disable Teatimer now.


    What process is using all of the CPU time. Is it all iexplore.exe?

    What are the below in your My Documents folder????
    Code:
     "C:\Documents and Settings\ac19189\My Documents\"
5f4a4v~1.jpg  Jan  2 2008      111424  "5F4A4vy4shQ6.jpg"
6msmwa~1.jpg  Jan  2 2008      409437  "6mSMWA7x8Vky.jpg"
c8fx3y~1.jpg  Jan  2 2008      139256  "C8Fx3yhG5ddV.jpg"
cdqcmj~1.jpg  Jan  2 2008      153323  "CDQCmjkEFi1k.jpg"
hkh966~1.jpg  Jan  2 2008       34087  "hKh966tx29P9.jpg"
iihwrb~1.jpg  Jan  2 2008       80747  "IihWRBeWSVfr.jpg"
lexvkh~1.jpg  Jan  2 2008      103878  "LExvkhYkjDjD.jpg"
qymada~1.jpg  Jan  2 2008       63023  "QyMaDah3NeWG.jpg"
twkgll~1.jpg  Jan  2 2008       44193  "TwkGLlMldvZR.jpg"
vjgxjy~1.jpg  Jan  2 2008      325905  "VJgXJYVyDKw7.jpg"
w1miqt~1.jpg  Jan  2 2008       77275  "W1miqt65IjGV.jpg"
w4hfpi~1.jpg  Jan  2 2008       32251  "w4HfpIeI35Dd.jpg"
x27crq~1.jpg  Jan  2 2008      312195  "X27cRQnLs7ym.jpg"
    If unknown, delete them now!!!


    Also uninstall the below old versions of software:
    J2SE Development Kit 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6


    Is your copy of Spy Sweeper a paid version or free trial?
     
    chaslang, Jan 6, 2008
    #4
  5. ac19189

    ac19189 Private E-2

    As I said in the first post the file using my cpu up like a hog is svchost.exe after I reboot an open IE as soon as I go to browse a website the svchost.exe goes to 99 percent cpu an runs up my memory an the webpage wont load an svchost wont drop in cpu or let go of my system until I end task on it. All the images I know what they are I saved them an as for the java stuff I didnt wanna screw with it because I have had issues with java in the past...

    My spysweeper is a paid copy an im running the avg scan now <.< God only knows how long that will take I ended up falling asleep waiting for it to scan last night... Ill throw up the logs for avg as soon as I have them but I already ran the scan an removed everything it found all of them I already knew where there but meh yah harmless ones I just never got around to cleaning.
     

    Attached Files:

    ac19189, Jan 6, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    They are major security risks and MUST be uninstalled now. Vundo infections can occur just due to having the old versions on your PC.

    You must put your PC in normal startup mode and keep it this way as we requested at the very beginning of the READ & RUN ME and then attach a new MGlogs.zip file by doing the below.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.
     
    chaslang, Jan 6, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds