Possible Infections??

Discussion in 'Malware Help (A Specialist Will Reply)' started by Maleia, Jul 4, 2010.

  1. Maleia

    Maleia Private E-2

    Hello there.
    I am taking over a laptop and it seems there are a few things on here that need to be addressed. I have completed the Read and Run Me First instructions, but I am not above making mistakes so if I missed something I apologize in advance. Please let me know.
    Some problems I am having:

    Slow computer performance and frequent freezing (for a minute or so).

    It seems everything has been deleted from the start menu and programs list (except items that were downloaded RECENTLY). I cannot even right click Start and then Explore; it says that the folder \Start Menu is inaccessible.

    Occasionally, .exe files will not open, no matter how you try (double clicking, right clicking, searching for the exe in its root folder, etc.) This happens completely at random.

    There is also a file on the desktop from an attempt to install a pirated Sims3 game. I deleted the game itself but the .iso I cannot get rid of! It says the file is being used by another program and I have tried everything I can think of to delete it (including programs designed to delete files in use). Also, occasionally it shows up as a trojan virus (because it's a pirate copy, Im sure?) but I cant delete it. Its been a few weeks now and Im desperate to get rid of this junk. (Yes, I read the crack and keygen notice. I really want to get that crap off of here.)

    Here are the attached logs (I am running 64 bit, by the way.)
    Any assistance at all is appreciated. Thank you!
     

    Attached Files:

    Maleia, Jul 4, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    These may not be due to malware based on your logs which are fairly clean. You do have some junk and leftovers to remove though from programs no longer installed like AVG, Comodo, and Norton.

    Also may not be due to malware. Are you sure that you have not done some kind of System Restore or have you been using any registry cleaning tools on your own? You may have a broken Windows Installation.


    This is a folder not a file. The folder may have files in it. Go into the folder and one be one delete everything in the folder. The see if you can delete the folder from the Desktop. Also delete the below from your Desktop which do not belong on your Desktop and the first is extremely large which can result in slow downs.

    C:\Users\Mal\Desktop\AruaROSE_v837.exe
    C:\Users\Mal\Desktop\FixSirc.com
    C:\Users\Mal\Desktop\Java.exe

    Also delete the below which is like from the 1st listed above and the below is also very large:
    C:\Windows\TEMP\AruD2E9.tmp


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

    After clicking Fix, exit HJT.

    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
:Services
cmdAgent
 
:Files
C:\Windows\SysNative\drivers\cmderd.sys
C:\Windows\SysNative\drivers\cmdGuard.sys
C:\Windows\SysNative\drivers\cmdhlp.sys
C:\Windows\SysNative\drivers\inspect.sys
C:\Users\Mal\AppData\Local\kutmjhkft
C:\ProgramData\COMODO
C:\ProgramData\Comodo Downloader
C:\Program Files (x86)\a-squared Free
C:\Program Files (x86)\AVG

:Commands
[purity]
 
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jul 4, 2010
    #2
  3. Maleia

    Maleia Private E-2

    I havent done anything involving system restore points or messed with the registry. Id assume no one else has either because they dont know much about computers, but I dont have any way to verify that unfortunately :( And also, Im using the Windows installation of Vista that was on the computer.

    Also, regarding the file that cant be deleted: its a file inside of the folder. A .iso file. It cannot be deleted. I've tried selected and pressing DELETE, by right clicking and pressing delete, by dragging it to the recycle bin. Ive tried this on the .iso file itself and the folder containing it. I get the same message that its being used by/is open in another program. Even after using defogger to make sure all mounting programs were disabled and using programs designed to delete files in use. No luck. Folder and file inside of it are still there.

    I'm still having problems opening .exe files. Again, its no execution file in specific, its totally random and the file will not open until I reboot.

    After rebooting the computer after following your directions, it was a little sluggish for a few minutes but now seems to be running quite fine! :heart Here are the logs you asked for. Any suggestions on the start program issue and the annoying file/.iso combo I cannot delete?

    Thanks so much for your help!!!
     

    Attached Files:

    Maleia, Jul 4, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In previous logs, it did not appear that Comodo Internet Security was properly installed and my last fix was cleaning up after it. Now it looks like you installed Comodo and my fix broke it. You must not be doing anything except what we ask you to do as stated in the READ & RUN ME. I suggest that you now uninstall Comodo and then reboot.

    Then I suggest that you trying using System Restore to go back to a restore point before where your problems began since it does not look like you are having malware problems.
     
    chaslang, Jul 5, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds