Malware Problem! Please Help

Hi

I have had a problem with my pc for about 2 weeks now.
I use Avast! and almost everytime i startup my pc(about 90%) Avast! either finds a file called a.bat or a file which i think is calle temp.reg(or temp. something i cant remember). I click delete everytime but they keep coming back up.
Also this problem seems to affect my internet, because i will often be playing online games with my 8mb internet and it will either give me pings of up to 50,000 or drop me out entirely, and my internet doesnt come back till i restart my pc.

I will attach a HJT File to this post.

Please help

Thnx guys
Marzi

 

Hi marzi12,
Welcome to Major Geeks!

The files you mention sound like malware files. We don't use HijackThis by itself becauseit doesn't give us enough information to tell what is affecting your computer. Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs so we can see what files might be leading to the problems you're having.

Thanks.
abri

 

Here are the logs you requested

Marzi

 

Hi marzi12,

1) Please disable your guest account if this has not already been done.

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [DRam prosessor] msupdate.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msupdate.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

Do the following belong to programs you know or want to keep? If not, please fix them as well.

O23 - Service: iTALC Client (icas) - Unknown owner - C:\Program Files\iTALC\ica.exe (file missing)
O23 - Service: Samurai Service - Unknown owner - C:\DOCUME~1\Wayne\LOCALS~1\Temp\Temporary Directory 1 for Samurai.zip\SysTrayHook.exe (file missing)

After you click fix, just close hijackthis.

4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Now run CCleaner at the default setting with the Windows tab as the top one.


6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Hey here are the files u asked

and i would just like to say thanks for spending your time to help me.
and sorry it took a while to reply had some school work to do

Marzi

 

Hi marzi,

Are the files you first described still being found by Avast?

Please do the following:

1) Please tell me what the following program is for:

O23 - Service: iTALC Client (icas) - Unknown owner - C:\Program Files\iTALC\ica.exe (file missing)



2) Download and install Erunt. Use it to create a backup of your registry.

3) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

4) Now run CCleaner at the default setting with the Windows tab as the top one.


5) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.


Let me know how things are running now? Are you still having the same problems?
Do you know if you installed any new programs or got any updates around the time you described about 2 weeks ago?

abri

 

Hey
Italc is like a remote assistance program that i was gonna use to help my friend, but i couldnt get it to work so i removed it ages ago(about 3 months).

Also something happened to Avast! it doesnt start at system startup anymore, and it doesnt help by uninstalling and reinstalling either.
So i cant be certain, i will try get Avast! back up today.

And here are the requested logs


Marzi

 

I got Avast! to work again and i will tell you if the viruses pop up anymore over the next few days.

I will also do a scan and resend an updated MGlogs after the scan.

Marzi

 

Here is the updated MGLog after Avast! scan, also avast found no viruses.
I forgot to attach it lol, its in the post above

Thanks again for helping me and i will keep you posted over the next few days.


Marzi

 

Here

Marzi

 

Hi marzi,

This one item in HijackThis is still there:

O23 - Service: iTALC Client (icas) - Unknown owner - C:\Program Files\iTALC\ica.exe (file missing)

If you didn't try to fix it, please go ahead and double click on the analyse.exe program in the C:\MGTools folder. Allow it to do a system scan, then check that one item, close all browsers that are open and click on Fix.

If you did try to fix it last time, it is still there and may need to be stopped as it may still be running. In that case do the next set of instructions:

First I would like for you to disable a Service
Click Start > Run and type services.msc
Scroll down to iTALC Client and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Now we're going to delete the Service
Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis.
Click on Config -> Misc Tools -> Delete an NT service.
In the Delete window, type (icas) and press OK.
OK any prompts, close HijackThis.

After you finish the above, please do the final cleanup instructions in the box:

abri

 

Hey thanks Abri for spending your time to help me, the problm seems to be totally cleared up now

thanks again

Marzi

 

marzi12,
I'm so glad to hear that!
All the best to you and your computer!
abri

 

Hi

i recently got some help from Abri to remove soem malware, which i also thought was making my internet dropout.

http://forums.majorgeeks.com/showthread.php?p=1133655#post1133655

we were able to remove the malware and the internet was working fine for about a week, but recently it has been dropping out again.

It is more often than before now and can it can sometimes take 5 mins of refreshing a webpage to get it to work instead of saying it cand find it.

Also this problem seems to only affect my computer and not the whole internet connection. I say this because i have 3 computers that connect to my home internet connection and myne is the only one affected, also i recently went to my brothers and also my sisters house and their computers were fine but the internet on my pc was dropping out.

Plz help!

I will attach a MGLogs file.

Marzi

Here is the MGLogs.zip

Marzi

 

Hi marzi12,

I had your threads merged as this is still part of the problem you had initially. There are two things you can do which probably won't make a difference, but while you're here, it would be a good idea.

1) You just got caught between one Java version and the next update, so please go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

2) Reboot after uninstalling the above.

3) Install the current version of Sun Java from: Sun Java Runtime Environment

4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

After you click fix, just close hijackthis. Then rerun it by double clicking on analyse this, have it do a system scan and see if the above items have been removed.

One reason why a page takes 5 minutes to load without giving the error message is because the site's down that you're trying to get to. Do the other computers you are networked with have the same function as yours? Are they used for the same purpose with the same programs?

5) I don't see a two-way firewall on your computer. If you don't have one, please go to How to Protect Yourself from Malware and look for the free firewalls. Download one of them, I recommend Zone Alarm because it's easy to use, and be sure to deactivate your Windows Firewall if it is running.

6) Finally, I don't see any logs for the scans we normally have you do when you go through the READ & RUN ME. In post 3 you said you were attaching the logs we requested, but neither the log for SuperAntiSpyware nor the one for Malware Bytes is there. I don't know if you ran Spybot S&D. Please go back to the READ & RUN ME FIRST and run all these three and attach the results with your next post.

7) I would like for you to additionally run two rootkit scans. Please go to Alternate Scans and scroll about half way down the page and find the list of rootkit scans there. There I would like for you to select and run the AVG Antirootkit and GMER and attach the results with your next post along with the results from the scans in Step 6.


Let me know how this goes.
Thanks.
abri