"Sleepers" awaken in November - 3rd year in a row

Hello folks

As the title says. When I had problems this time last year, I simply groaned - but when it happened again a week ago I realised I've had major problems each November in 2006, 2007 and now 2008. This seems to be beyond coincidence.

The following problems started a week ago and it's taken me that long to get to a stage where I could perform your preliminary requirements for Windows 2000 - but I've finally succeeded and log files are attached.

1. Got a Program Error with yellow triangle
"explorer.exe has generated errors and will be closed by Windows. You will need to restart the program."
Subsequently lost desktop and taskbar and the above error multiplied. I was only able to get the taskbar back (temporarily) by booting in Safe Mode and repairing IE then rebooting normally. The above message hid most of the active desktop button and I could only hit it about 50% of the time.

2. Windows Taskmanager
This would show csrsc.exe constantly opening and closing. It would also show multiple copies of DRWTSN.EXE (NB not drwatson.exe) being opened.

3. Ran BitDefender Online (?)
Which found csrsc.exe but couldn't clean or remove it.

4. Spybot
Found and eliminated Smitfraud-C-gp last Sunday and two subsequent scans found nothing. However when I tried to update Spybot, it was compromised and I was without it until tonight. It ran, updated and found nothing.

5. Trojan Hunter (free)
Found csrsc.exe and DRWTSN.EXE but TH doesn't tell you the free version doesn't clean and remove until after you've spent 4 hours dnloading and running!! In Oz the Consumer Watchdog would call this false advertising:mad

Crossed my fingers and started with...

SUPERAntiSpyware
Yaaaay! Found and cleaned csrsc.exe - I had control of a desktop and taskbar for the first time in a week!! :clap

Continued to dnload and run Spybot Malwarebytes, ComboFix and MGtools.

Please note I had exited BOClean, SAS and THguard - but ComboFix's reboot engaged BOClean which cleaned and wanted to delete it. I simply left the warning until I thought CF had finished writing it's log and then answered "no" to deleting the file.

So I logged on here to report the damage and Lo! I got another Program Error (See 1. above) only this time it was for Firefox Fortunately only once, but it did close FF so I rebooted and things seem okay - no Program Error - desktop and taskbar stable.

 

The other two log files plus the Trojan Hunter report - I have since deleted Firetune.

Thanks in advance

 

Hello Tim

My apologies for the late reply, I've been away for the weekend and just got home again.

I was running AVG Free but thought I had to unload it for something a few days ago (may have been BOClean?).

I will reinstall it, then get back to you - thank you very much for looking at this.

It's true I don't appear to have any problems at the moment however I assumed that there would still be some lurking. When you say you're not seeing any malware...do you mean the clean up procedure has rid me of all those that I had? That the system is now clean?

Vicki

 

Hi Tim

I had some problems with the system "freezing" last night but finally managed to dnload AVG Free, install and run.

It found BitDefender as potential Spyware and a warning on "InternetExplorer\Extensions\CmdMapping\\(etc)"
but everything seems ok this morning albeit rather slow. I'll get rid of some more stuff and run scans and see if it will smarten up.

I'll go ahead with the final steps and thanks once again for your attention.

 

Resource hog is right!!! My current system is quite ancient so it has slowed almost to a standstill. I did look in the software forum and did a search - so I have turned off the AVG search and link scanner.

HOWEVER - I am still not clean :cry

avg has caught a trojan (downloader.Agent.APK0) twice, once last night while running Spybot and once just 10 mins ago when all I had done was sign on to a reputable forum (CSSCreator.com) and was reading posts in a thread where I was about to reply.

I put the trojan in the vault both times and have attached screen shots.

I went to the avg site to check the bug - no info. Also no info available when I Googled it.

 

Just got another one while revisiting CSSCreator (not logged in) - nothing else happening.

Only things open are email (Outlook 6) and FireFox 3.
This file is also "x" the same as the one I moved to the vault previously?

EDIT - okay I just got a 4th one - getting persistent now. Will run a couple of scans.

 

I had a feeling you'd say that - particularly since I did the cleanup and now have to download them again rolleyes

Howsomever I did do the SAS one (log attached and took a picture of what looks similar to my original problem (Program Error: explorer.exe) this time it changed to ad-aware as you can see. The trick is not to click it and it simply goes away, not something I think the real error would do. If you click it sets the whole thing off just multiplying.

Overnight I did also download a missing W2k security update so that might also make a difference.

 

The BitDefender Online Scanner doesn't seem to be available any more.

The link you gave (and the Online scanner button on the Home page) takes you to a screen to tick "I Agree" - when you have, it immediately changes to the AntiVirus 2009 and there doesn't seem to be a way around it. That is the only thing available to click and this is what I ended up doing a week or so ago.

It says "scan your PC for free" below that - but there's no link!

Do you know any other way to get to the scanner?

 

Okay, got it! Have to take the ie.html off the end of your link.

BitDefender Online Scan

 

Hi Tim
Oops! I did actually know that :-o

However it didn't help when I did use IE - ran BitDefender twice and told me twice that the update definitions failed and if I proceeded with a scan it would be wrong. So I searched for all BD files and deleted them and then ran CCleaner (including reg fix) and rebooted. No go - still failed update. Is it because I have both SAS and AVG running?

I managed to run the others but not without problems.
SAS = okay, log attached to previous post (won't let me upload it again).
Spybot = no log, green check but when I went to get the log, there weren't any rolleyes I'm trying again overnight.
Malwarebytes = okay, log attached
ComboFix = log attached. When I saved the log and closed it ComboFix was no longer running - no desktop or taskbar. I did a warm start. This may have had something to do with the fact that just after it said it was preparing the log report, I noticed 15 repetitions of:
SED: -e expression #1, char6: unmatched parentheses

MGtools = zip attached. It also couldn't locate a .dll - error pic attached to next post - I clicked ok and MGtools continued and appeared to finish normally.

Not having a lot of luck here am I?

 

Pic of error during the MGtools run.

 

Hi Tim

I've not had any problems since the last reported but neither am I having any luck with the online scans completing.

I'll keep updating and trying AVG, Spybot and Malwarebytes (may even run Trojan Hunter overnight even though it won't clean anything) and see how I go.

Give me a day or two and I'll report back as to whether I still have problems or can close the thread.

Thanks for your time and efforts.

Vicki

 

Sad, sad story. No system as of Sunday. Wouldn't boot, wouldn't repair, wouldn't reinstall 'cos it wouldn't recognise the product key. Three hours on the phone with Microsoft getting replacement product keys, no go - now they're sending me free XP media. Downside? None in Australia. Got to wait for it to land from Singapore (2-3 weeks).

Meantime I'm gonna try and boot the new iMac and install VirtualBox ready for the new XP software.

I still need to get the PC clean - there are a few important docs I need which I couldn't back up while it was buggy. I started the reinstall to a c:\WINNT2 folder so it wouldn't overwrite the old but MS tell me they have to talk me through changing a few system filenames because of the XP instead of W2K.

I'm at the library sending this. Depending on my success with the Mac I'll update as I can.

cheers and thanks Tim...
Vicki

 

I'm almost sure it's software...it could read the CD but not install because WINNT\system32 appeared to have been corrupted, could not find "system" and told me a few others were missing. (Probably me mucking around). Time will tell when I get the new media.

Meanwhile, I have just managed to get the new iMac up and running, so I can at least keep you up to date on any changes.