Malware on Windows XP

I read and strictly followed the guidelines for removing malware on my computer. I had recently discovered a TDSS trojan and finally was able to get rid of it with Kaspersky TDSSKiller. I have Kaspersky Pure on my system for firewall antivirus, etc... and my system has been at times acting strange. The antivirus could not find anything on its scans, but I was still suspicious. I downloaded all the software and ran as directed. There was one program that I could not run because it was only available for Vista. I forget the name but it had to be ran from the desktop. Super spyware and malwarebytes found nothing. I also have the logs from the Root and the MG tools scans. I did notice that when I had the task manager open, under the process tab the last one one the page was "System Idle Process". It was constantly at 95 or more. When I clicked on a program it would do nothing but just sit idle. Sometimes it would take as long as ten minutes or so and finally the system idle % would go down to about 50 and the program would finally respond. It would last from a few seconds to about a minute and then the system idle % would go back up to 95 or so and stay there for long periods of time. 5 -10 minutes or more. While it was high, the program would do nothing. The whole system was just stuck. Nothing would respond. Finally the system idle process % would fall to around 50 and the CPU %% would go up to around 45 or so and the computer would respond. This would only last seconds to maybe a couple of minutes before it would "freeze" again. While the system idle process is high the CPU % was around 4 or 5. Does this mean my CPU is toast? Maybe that is my ""malware". If you could give me some answers I would really appreciate it. Biggest problem is slow running. Seems to almost freeze at times and then will finally respond. What can I do about the system idle process being at 95%?

 

I don't have the logs from the TDSSKiller. Sorry. It originally found a "rootkit.win32.backdoor.gen" I think it was "backdoor". I was told it was a generic thing and that is why the tool would only let me quarantine at first. I had to submit the logs to the virus lab at Kaspersky and after a few days I ran it again and was able to cure it then.

About the MG tools....you wanted me to change the disc to C, but it was run in C the first time. In fact, when I saved it I saved it in C originally, so when it started it was already in C. I will try and run the other stuff as you requested, it just takes a long time to do. It took almost an hour just to download the other four items from yesterday because the computer runs so slow...at times just sitting idle. Do you have any idea about the system idle process and why it is constantly at 95? I will get those ran tonight as long as the computer will let me and post the logs ASAP. One more thing. Where can I download those new items you wanted me to run? Also, what is nwktst? Do I need to do anything with my Kaspersky antivirus while running any of these? It did not seem to have a problem with any of the previous scans I ran.

Thank you for the help.

 

I have a question about running these other scans. I realized these are commands not programs. Duh. So do you want me to open an MGTools scan and in the dos window type cd\MGtools? Then once it has changed to C:\MGtools>then type nwktst and so on until it has run all the new scans? Is that correct? I am smart and can follow directions very well and figure things out, but I am not that computer literate. If you could give me some instructions so I do exactly what it is you want it might be better. I could probably figure it out, but this way it is less trouble for us both. In the MGtools folder in C when I open it I see analyse.exe, but the nwktst, getrunkey and shownew I only see bat files. I don't see an exe for those. You are going to have to help with some directions on how to start this and which files to run, etc.... Sorry to be such a pain I just want to do the right thing the first time because this takes forever. It took over 30 min. to run the original MGtools scan and that was after spending about 30-45 minutes downloading. It is the system idle process.

 

I went back and ran MGtools again tonight and I think it did what you wanted on its own. I guess I stopped it early last night but it had been running for almost an hour. Anyway, here is what the dos window looked like tonight after it was done running.


Last night it only ran two files the first two. It took over two hours to complete though. I am attaching the log files and hopefully that will tell you something. Can you tell me anything about the system idle process? Thanks again for all your help. You guys are great.

 

Kestrel13

understand what the system idle process is from the standpoint of if it is high then the cpu usage is low. The system is "idle" when the idle process is high. You obviously did not read the two posts that Dr. Moriarty replied to. I stated in one of them that I do not have the TDSSKiller logs and also stated why I am "worried" about the system idle process. It takes many times longer to get anything done because my computer is sitting idle most of the time even when a process is supposed to be running. It took over 2.5 hours to run the MGtools scan last night because the system "freezes" for long periods, and then will run for a few seconds and then freeze again. The system idle process sits at 95 or more most of the time even when a process is supposed to be running. That is why I am worried about it. Why is it doing that because it is not normal. I tried to open my computer and the window opened up but sat empty with the flashlight looking for the contents for about ten minutes. Then it finally populates the window with the contents. That is not normal. I will run the MBRcheck and attach the logs as soon as I am done. Thanks again for your help.

 

Here is the log from the MBRCheck. It did not seem to find anything. Does this mean my system is clean? Also would you read the reply to your last post. I quoted your post so it is my post just before this one. That way you won't keep asking me for TDSSKiller logs and wondering why I am asking about the system idle process.

Thank You

 

Kestrel13,

I appreciate you helping me and thank you for all your help and your time. I ran a program called get system info....it is a kaspersky program and sent it to them so that they could take a look as I wanted to see if my problems had anything to do with Pure. They said I need to uninstall malwarebytes paid version because it can interfere with Pure. They said the free version is fine to use. Should I bother with the free version? Will it do anything? Also I did not use combo fix so did not worry about that. Got MGTools off no problem but5 could not find hijack this in add/remove programs. I did not download a program called hijack this so I don't need to worry about that correct? I will post in the software forum and thanks again for all your help and your time.:-D