need help with my laptop

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bigdarren, Dec 29, 2004.

  1. bigdarren

    bigdarren Private E-2

    Hello, im having trouble with my laptop.... bought it two months ago. Internet worked fine from the cable in my house, then one day nothing. It said it was receiving everything but all pages came up blank(I could only recieve messenger and Party Poker(poker-site). Since then i have moved to Spain. Here at my apartment we have a wireless connection. i tried and... same result.. Online but nothing would load up(my two roomates use the same feed and it works fine). One of my roomates gave me a copy of norton anti virus 05, i ran that a few times through and by morning i was online!...skip ahead 5 days... same connection was running great, then it cut off, back to the same problem, online but nothing will load up. I ran the virus scan a few times but nothing. We actually have a few weaker wireless feeds available at my place so i tried one... it worked.? That was two days ago and since then its been unavailable. So i read the ´major geeks´ hijack this manual of sorts. Ran all those programs through(adware, spybot etc.), still no dice. Now im at the run hijack this stage... should i run it and post a thread here or does anyone have any ideas what it may be causing this.... thanks for your time and help, Darren
     
    bigdarren, Dec 29, 2004
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed,including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    bjgarrick, Dec 29, 2004
    #2
  3. bigdarren

    bigdarren Private E-2

    Hello, Im replying with my hijack this log attached.
    I did all the scans(updated versions), everything is clear as far as those go, but still same problem... im connected(online) but everything times out instead of loading up.
    Thanks for your time.
    Darren
     

    Attached Files:

    bigdarren, Dec 30, 2004
    #3
  4. tagged

    tagged Private E-2

    bigdarren,

    Are you sure you ran the Trend Micro Housecall scan? It doesn't show up on your HJT log. Can you get on websites when you're in 'Safe Mode with Networking'? Check to see if you've done everything READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal ,
    and post back with results and any problems you had.

    Good Luck!
     
    tagged, Dec 30, 2004
    #4
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    You have some pretty nasty malware, Also before we continue please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal You have some trojans in your startup items. TrendMicro's online scan will remove many infections. You was supposed to do this in that thread. READ AND DO ALL STEPS IN THESE THREADS BEFORE WE CONTINUE!

    After you have completed all task as stated in the stickies we will continue.
     
    bjgarrick, Dec 30, 2004
    #5
  6. bigdarren

    bigdarren Private E-2

    hello, sorry for any inconveniences i have caused in being retarded as far as computers go.... anyways...
    I have actually ran the trend micro house scan. i ran as followed in the lead up to doing the rest of the scans. It found ´BKDR-FLOOD.J(1)´ and BKDR-FLOOD.J(2)´ .... sorry for not mentioning this before.
    If i need to run this again, i have a problem, now i am totally unable to access the internet, normal or safe mode. I´ve tried my own wireless feeds, two separate internet cafes wireless feeds... and nothing, once again online but not receiving ´packets´.
    So im not sure what to do now... should i do follow all the steps exactly(minus any online scans) again and then get back to you?
    thanks again for the help
    Darren
     
    bigdarren, Dec 30, 2004
    #6
  7. bigdarren

    bigdarren Private E-2

    oh oh oh, also, i was not able to delete those two files from trend micro scan, it said it was unable to delete them?...
     
    bigdarren, Dec 30, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, right click on them and select End Process Tree (do that for each one):
    C:\WINDOWS\praxis.exe
    C:\Program Files\Windows ControlAd\WinCtlAd.exe
    C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
    C:\WINDOWS\system32\svphost.exe <--- note this is svphost.exe not svchost.exec
    C:\WINDOWS\system32\w?wexec.exe


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {1EAC4453-EE36-2ACF-D502-175508807D4B} - (no file)
    O2 - BHO: (no name) - {608C89CF-3650-19A6-5136-3436219FAE93} - C:\WINDOWS\system32\mfmpi.dll
    O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\praxis.exe
    O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
    O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
    O4 - HKCU\..\Run: [Fcttj] C:\WINDOWS\system32\w?wexec.exe

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\praxis.exe
    C:\Program Files\Windows ControlAd <--- the whole folder
    C:\WINDOWS\system32\svphost.exe
    C:\WINDOWS\system32\mfmpi.dll

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    If you now have internet access, you should complete running all the steps of the Read ME First thread, especially the online scans (both of them). If you cannot run them in safe mode, run them in normal boot mode.
     
    chaslang, Dec 30, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds