RE-Directed from Software

Hello!

I recently posted in software issues ... they suggested that I post here as I may have Malware issues ...

We are running XP ... 2002 version with service pack 3 ...

I made the mistake of clicking on one of the card.exe links one afternoon 2 days ago when I was in a rush, tired and not thinking straight... I knew right away that it was _bad_ and stopped the process. I then found the file name 627c0a3hpc0a3a.exe and deleted it from my downloaded program files. I then downloaded Zone Alarm free trial and ran it. It found nothing on a virus scan, I downloaded and updated and ran Spybot ... it found the Virtumonde.sci and deleted/fixed it. I downloaded and ran Vundofix ... it found nothing on scan. I reran Spybot after rooboot and it came back clean.
Zonealarm shows nothing.

However .... my system is now slow to impossible to navigate ... I can not log onto Windows at start-up without Control-Alt-deleting several times ... it won't allow other users to log on without the CAD log into my main user and then doing switch user ... the whole thing is making me crazy ... I am ready to just unload the Zonealarm program and/or the Spybot program ...

FWIW ...

I have done:
- ensured that only 1 firewall is running (Zone Alarm)
- Run Defrag with Smart Defrag program
- Deleted all Java Files (not yet reloaded)
- Looked for any malware in my add/remove (none seen)
- run CCleaner (twice) and the fix for Sys Reg entries
- enabled viewing of hidden files/folders
- checked my start-up entries (saw nothing odd)
- set my msconfig to normal start up

I just ran SuperAntiSpyware ... and it didn't find anything (I'll try and attach the log).

.... I will also run rerun Spybot ... I'll try the others in malware .... but it takes literally 10 minutes just to log off & reboot each time ... sigh ...

We are just a little family running a basic desktop computer to check email, do online banking and search the web/Ebay ... I just want it to run and don't know what else to do ...

If someone might be able to give me some ideas, I would be grateful.

Thanks a bunch! Julia

 

Hello again,

SpyBot again found nothing.

I then ran Malwarebytes Anti-Malware and it found a Trojan. It says that it was successfully quarantened and deleted.

I will attach the MB log.

I will now run combofix and MGTools and then post back.

Thanks a bunch! Julia

 

Hi, yet again ...

I can not get the ComboFix program to work properly ... it gives me an error about windows/fat32 being not an opperable system or something ... and it stalls and I can only get out of it with ctrl-alt-del ... even after waiting 45 mins. It has now messed up my internet connection (I'm running my dial-up right now as it disconnected my high-speed) and my clock ...

Also ... Super AntiSpyWare keeps starting itself up ... I don't see it in applications, but it shows up in processes and I see it's opening screen flash up when I log on. I did try manually stoping the process and then running ComboFix ... but got the same error ...

Now what?

~sigh~ Julia

 

sorry ... the message is ' "c:\windows\system32\" ' is not ... valid or something ... not fat32 as I previously stated ...

 

I have the exact error message ...

' "c:\windows\system32\" ' is not recognized as an internal or external command, operable program or batch file.

I have unloaded the ComboFix program using the instructions that I found elsewhere on this board ... thinking perhaps it was a bad/incomplete download.

I am now getting an alert that reads as follows every time I log onto Windows:
SmartBridge Alerts MotiveSB.exe entry point not found
Procedure entry point GetProcessImageFileNameW could not be located in the dynamic link library PSAPI.DLL

I am still hoping that someone here might be able to offer me a hand ... I'm hoping that I haven't done something wrong as I first posted asking for help 2 days ago and have been waiting patiently ever since ...

I'm also wondering if I should just go ahead and re-download comboFix and try and run it again ... or if I should skip ahead to the MG Tools scan...
I'm trying to follow instructions and not run any other scans and follow all the posted steps and not skip anything ... and I'm just looking for some guidance as to how to proceed ...

Again, Thanks for any help that you can offer ... Julia

 

Whew!

So uninstalling and then re-installing ComboFix did the trick ... sorry that I didn't try that before I posted (I was nervous about fooling around with it).

I also ran MGTools ... one error code which I hit OK to "debug" ... I hope that was okay (fingers crossed).

I will attach my last two logs below and wait patiently for a reply and hope for the best ... :wave

Hopefully I've done these steps correctly.

Thanks again for offering to help me out here.
Julia

 

Thanks Tim!

I used to run Norton ... but found it to be a hog ... it was causing constant stalling and extremely slow loading.
Is there a particular Anti-virus program that I should be looking at ... I don't mind paying ... but I am confused by all of them and not sure how to choose one ... I stand in front of the rack at the store and can't make up my mind.

I have now uninstalled ComboFix.

I will keep the others as described in the sticky noted below. Should Super-AntiSpyware open each time I log onto Windows and show up as a logo on the bottom right of my screen?

I am curious though ... I still have my big problems of almost impossible loading ... When I boot up each time it takes more than 5 minutes (literally) to get to the Windows screen with the user names.
Then, my cursor will move around the page, but not be able to "click" on anything until I do CTRL)Alt-DEL and ESC about a half dozen times (and wait another minute - literally)
... and then it brings up the small Windows log-on box for the main user only. Then, after I enter the password, it will hang again until I do the same C-A-D and Esc. keys over and over. I can't seem to log onto any other user.

I am wondering if it is a Zone Alarm or SpyBot problem ... thus I originally posted on the Software issues board. They directed me here ...

Should I just delete the Zone Alarm - it is just the free trial anyways - and load a new full-fledged program? If so ... which one??

Also ... is Clean-Up (the toilet flushing one) a good program to use for general maintenence ... or is it the same as CCleaner?

Also ... if I want to get rid of a program (I see a program on my C: drive once used for uploading photos to a local Rexall drugstore) can I just delete the file if it doesn't show up on my "add/remove" list?
Finally ... do I need this Net Assistant Program? I don't even know what it is ... something to do with my ISP ...

Sorry to ask so many questions ... it is really the loading hang-up that has me flummoxed!


Again ... thank you SO much! It is so wonderful that you are willing and able to share you knowledege and skills with those of us that are less capable.
You must be a very kind hearted person ... either that or a glutton for punishment. LOL!

Again, thank you! Julia

 

Okay ...

So ... based on the recommendations found on the sticky ...

I am now running ...
Online Armour
Avast
SuperAntiSpyware
Java 6

I am also keeping:
SuperAntiSpyware
Malware Bytes
CCleaner
Smart Defrag
Clean Up!

I am considering ...
Firefox (instead of Explorer) ... but what happens to all of my bookmarks and saved files?? Also ... will other programs that currently use Explorer need to have their defaults changed (i.e. Outlook, iTunes)?

Glubble on our kids' accounts

I deleted Zone Alarm and that seems to have solved quite a lot of my problem ... I assume that Avast! and Online Armor will keep me better protected anyways ...

I am just trying to decide which Anti Spyware to buy ... and is there a difference between me going into a store and buying one off of the shelf vs. online downloading ...

Okay ... so just those last few questions about SAS loading automatically, Clean Up! and deleting unused program files ...

Online Armour tells me that I have some issues in my start menu, start up objects and Explorer extensions ... not sure what to do about those either ... ~sigh~
Maybe I need to sign up for some classes or something.

Thanks again! Julia