Second Time Round

Hiya Chaslang

I thought the problem was solved even with the few error messages etc which popped up last time.
I noticed lately that the file c:\t2mq2a.com along with the old "fool0.dll" are still on my computer! :cry

So I've done the Malware Removal Guide once again (again, with a few error messages) and I'll be attaching my logs in the next couple of posts.

I will also include the error messages I received from Malwarebytes and MGTools.

 

And the other three logs.

 

Oh Hi there.

Yeah well I figured the fool0.dll or c:\t2mq2a.com (or possibly the kxvo.exe? i've been told they are sort of the same thing?) is still infecting my system because I still can't 'show hidden files or folders,' it just reverts back as soon as I set it.
I've been told that not being able to do that is one the virus's effects.

Other than that I don't think I have too many problems. Just while i'm here though, how do I find which program is using the 'svchost' application? My computer sometimes starts going extremely slow, and when I look in the task manager a 'svchost' is using 90 percent of the CPU.

Would the error messages have any major side-effects on the scanning etc?

Thanks.

 

Ok sorry about that, I did some more scans etc and the hidden files and folders is now working.

The C:\Unknown is just a folder I made, that's not anything suspicious, but the C:\Ckis folder is hidden and I don't remember making it... it's got a hidden 'crack.lst' in it. Neither Kaspersky nor Malwarebytes detects anything, but I may just delete it to be safe.
I just hope the svchost thing isn't an issue, and I'm all good!

Thanks.

 

Forgot to mention, when I close the 'svchost' process Kaspersky alerts me of 'svchost' trying to 'inject into another process,' which I deny. This is one of the main reason's I am suspicious of it.

 

Hmmm... I suspect what removed the c:\t2mq2a also removed whatever was making this particular 'svchost' as it hasn't appeared in the last two days when I was waiting for it, however if the problem arises again i'll do what you asked.

Thanks for the help

 

Ok here goes...

Kaspersky has recently started producing pop-ups just after I boot windows:

followed by:

I don't think this is an issue since Majorgeeks referred me to Combofix... but I figured I might as well include it anyway.

Now last night my computer started running unusually slow again, so I ended the svchost process that was using up the most memory (45k or somewhere around that amount), then this came up -

Shortly after my desktop went into what looked like Windows 95 mode for about a second, and after that, the sounds on the movie that I was watching stopped, while the 'back' key still made the click sound. (I may have ended a sound codec or something?)
Kaspersky's history has many other reports similar to this one, but with different PID's; I don't know too much about these things, so I wouldn't know if they change numbers or not

I'm not sure if this was the same svchost as the original one (the original made the computer go quite a bit slower than this one), but for peace of mind's sake, I'd really like to know what it is...

Spybot didn't find anything suspicious, but i'll include the log anyway.

Thanks.

 

Fair enough, may just do a complete rebuild... hopefully that should sort it all out :-D

Thanks again.