I have several viruses and it's deadfully slow on startup

Discussion in 'Malware Help (A Specialist Will Reply)' started by firstphantom, Aug 28, 2006.

  1. firstphantom

    firstphantom Private E-2

    I finished running all required programs listed before posting. I have attached the output files from Bitdefender and HijackThis. There were no problems found after running PandaActiveScan, so there was no extra window displayed to choose saving any reports.

    I use the free versions of Avast and ZoneAlarm. I have gotten notices of JSClassloader-6, JSClassloader-5 and VBS Malware[-gen] on my machine.

    I also keep getting notified every few minutes that my computer's UDP port 1080 is trying to access 167.211.65.1 UDP port 2746.

    Another problem is that startup and shutdown take longer than in the past.

    Thanks in advance for any help you can provide.
     

    Attached Files:

    firstphantom, Aug 28, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You ignored part of step 7 of the READ ME that specifies not to use MSconfig to control startups. You have the below in your HJT log:

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    You must run MSconfig and select Normal Startup. Then reboot and attach a new HJT log.

    You also need to attach the other two logs requested in step 6 of the READ ME (the GetRunKey and ShowNew logs).

    The IP address you mentions is for the below company: Does it ring a bell?
    The slow startup may just be due to all the junk you are running on your laptop. Consider uninstalling all unecessary software and disabling the abiliity of others from loading at startup (not by using MSconfig -Microsoft does not recommend that MSconfig be used that way).
     
    chaslang, Aug 28, 2006
    #2
  3. firstphantom

    firstphantom Private E-2

    Thanks for your reply. I thought I had set the msconfig back to normal. I thought wrong. I reset it properly now.

    As for the IP address blocked by ZoneAlarm, it is a website I visit, but I don't know why my PC would be trying to access it every time I open FireFox.

    I will try looking through msconfig for startup programs to remove after taking any other steps you recommend first. Just in case your recommendations conflict with anything I may do.

    Below I attached the other files you requested.

    Thanks again for your help. It is truly appreciated.
     

    Attached Files:

    firstphantom, Sep 2, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You do not have any apparent malware to be concerned with accept Bearshare which comes bundled with malware (you should uninstall it). However you do need to get proper updates for software you are using. You version of Sun Java is out of date, you version on FireFox is WAY out of date, and you did not install the version of Spybot as requested in the READ ME. The version of Spybot you are using is two years out of date.


    First install the current version of Sun Java from: Sun Java Runtime Environment

    Then uninstall the below old versions of software:
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    J2SE Development Kit 5.0 Update 2
    J2SE Development Kit 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Platform, Enterprise Edition 1.4 SDK
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2_05
    Java 2 Runtime Environment, SE v1.4.2_08
    Java 2 SDK, SE v1.4.2_08
    Mozilla Firefox (1.0.7)
    Spybot - Search & Destroy 1.3


    Then install the current version of FireFox from: Mozilla Firefox


    Then reboot and delete the C:\Program Files\Spybot - Search & Destroy folder. Then download, install, & update to the version of Spybot given in the READ & RUN ME ( SpyBot - Search & Destroy )


    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\me\Local Settings\Temp
     
    chaslang, Sep 4, 2006
    #4
  5. firstphantom

    firstphantom Private E-2

    I updated firefox and removed and reinstalled Spybot, but when I tried updating Java using the link you provided, I got the following message:

    You already have this version of the JRE installed. Please uninstall the product through your add/remove prograns utility before reinstalling.

    Therefore, I didn't delete the JRE files you mentioned yet. As far as not having any critical malware on my machine, are the JSClassloader-6, JSClassloader-5 and VBS Malware[-gen] on my machine not that big a deal?

    Thanks again...
     
    firstphantom, Sep 5, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not according to your newfiles.txt log. The current version would show J2SE Runtime Environment 5.0 Update 8

    Uninstall all the old versions and install the new versions!

    Probably not major but this info is not helpful. I need to see real logs to know what and where these are being found and who is finding them. They are probably just in one of your Java cache folders and you can just empty them.
     
    chaslang, Sep 5, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds