Slow Slow PC - 1 of 2

My PC has gotten very slow suddenly. Norton and SpyBot were not able to find anything. So, I have come to you for help. I have gone through your procedure for identifying and removing malware. BDScan was able to locate a virus, but was not able to remove it. Attached are the recommended attachments for help in identifying and removing it. Thanks. This is post 1 of 2

 

Re: Slow Slow PC - 2 of 2

This is the remainder of the information for the Slwo PC thread

Thanks for your help.

Jerry

 

Understand the overworked situation. Just a couple of other items that have shown up over the past 24 hours. At times when I am logging back into my account, I have for a short period of time, what appears to be a screen saver of the space station with a person in a spacesuit floating around outside it. Additionally, downloading e-mail into Outlook 2003 has gotten even slower.

Thanks for your help and I will wait on your repy.

Jerry

 

JerryD,

With the different title names I am a bit confused. Are we cleaning one or two machines? If only one machine, are the logs from post 1 and 2 the current most up-to-date logs?

 

Yes,

This is all from a single machine. The logs in post 1 and 2 were both completed across Friday night and Saturday morning.

 

Before we can continue I need you to relocate HJT to a safer location such as C:\Program Files\HJT. Once completed attach a fresh HJT log.

 

I moved HJT and here is an updated run of the file with it in the proper directory.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.


Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

Once you complete this post, reboot and let me know how things are running.

 

Thanks. That should take care of my problem with myway. The BDscan showed a virus html.bofra.b. Will the above suggestions get rid of it as well? Here is another copy of the BDscan,txt file.

 

It shows it was removed, however to make you feel comfortable you can run the removal tool from Symantec.

Bofra Removal Tool

An alternative is the Sophos removal instructions, see the site below for more information.

Sophos' W32/Bofra

 

Did as you suggested and it does seem to be working better. Even though BDscan identified the bofra virus, neither of the suggested removal tools found anything to remove. The only other minor annoyance that I still have are the icons on the start bar. The ones for IE, notepad and calculator just show the default blank MS windows icon. When I click on the item and go to properties, change icon, the icon displayed is the correct one. It just does not show up on the Start Menu. any ideas?

 

I think I know what your talking about, if so you need to set the properties back to default.

Notepad, the target should be the below:
%SystemRoot%\system32\notepad.exe

Calculator, the target should be the below:
%SystemRoot%\system32\calc.exe

 

The targets are correct. When I click on the icon, it does bring up the calculator, etc. It is only the icon which is incorrect. The one displayed is the icon that shows up whenever XP does not know what program the file may be associated with. That is what I am calling a "blank window".

 

Ok, can you not click the "Change Icon" button?

 

I can click on change icon and change the icon without a problem to something else and then back again to what it is supposed to be. However, when I created a new folder on my desktop, it had also showed this same "unassociated" windows icon.

The pc also is still having sporadic problems.

I also ran a speed test on Bandwidth.com and got 280 kb on this machine and 3.1 mb on the pc sitting next to it. Both go through the same router. The machine was so slow that I could only type 4 or 5 characters before it would not show anything and I had to wait 15 - 30 seconds for it to catch up with me. I could not even finish this reply so I performed a restart and it seems to be behaving properly again. For how long is the question. Any other suggestions?

 

I'm not sure what's going on with your computer but per your logs I don't think it's malware related.

I would post over in the Software Forum, those guys may be able to help a bit more.

 

Thanks. I will do that. Appreciate the help. You can close out this thread.

 

Your Welcome!

 

Ignore this reply

 

Did you post this in the Software Forum? It appears someone has moved it back here.

Let me know! Thanks

Edit: Nevermind, lol