So I downloaded and installed BitRoll...

Discussion in 'Malware Help (A Specialist Will Reply)' started by Valle, Dec 9, 2006.

  1. Valle

    Valle Private E-2

    I know, I'm a moron....

    Anyway, the program seemed to be working ok, until I noticed my internet connection being somewhat odd. Lagging a bit. So I opened up Windows Task Manager, and looked in processes. Hmmm...two instances of IEXPLORE.EXE even though I'm not running IE at all....one taking about 22,000kb of memory and one taking about 4,000kb. Try to end one process, and it instantly restarts. Uhoh.

    So I google BitRoll and Malware, and find that yup, I'm a moron. So I read threads, remove stuff, run anti-spyware things, and do whatever I can. Yet it seems it's not quite enough. I actually deleted IEXPLORE.EXE while in safemode (I know, should've just renamed), and when I restarted those two instances were obviously gone from processes, but I had gained a new one called amok bike.exe, running at about 22,000kb memory. Tried to end....instantly reopened itself. So I hit safemode and deleted that one as well. Don't get popups any more, but....things still aren't quite as they should be.

    So I went through http://forums.majorgeeks.com/showthread.php?t=35407 and did the things mentioned there. I ran CCleaner, I ran SpyBot S&D, then tried CounterSpy. The program seemed to work fine, but I am NOT able to download updates for it. Whenever I try to update, it just hangs. So I ran AVG Antispyware instead.

    Then we get to BitDefender and Panda ActiveScan. Did I mention that I deleted IEXPLORER.EXE? Well, those two wouldn't work without it, so...yeah. I guess I'll download IE again if it's needed.

    Then I ran GetRunKey and ShowNew. Put HJT in the right folder, renamed it, and ran it. And here is where I post a thread, and add logs...
     

    Attached Files:

    Valle, Dec 9, 2006
    #1
  2. Valle

    Valle Private E-2

    Here's the HJT log.
     

    Attached Files:

    Valle, Dec 9, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is what is referred to as a LOP infection and many people get it because they install Messenger Plus. But it does come from other places too. You should not have deleted IE. That is a very bad thing to do. It is an integral part of the OS and without it there are thousands of websites you cannot access or will at a minimum have problems with. And this includes Microsoft. You will not be able to access Microsoft update to get updates for your Windows OS or other products.

    Search your PC for iexplore (without the .exe extension) and see if you can find a replacement. You may even find iexplore.ex_ This is a compressed copy of the file which will need to be expanded before it can be used.

    Why is the below in your Hosts file?
    O1 - Hosts: 80.175.29.66 localhost

    You are not showing any signs of malware based on the logs posted. You do need to get IE back and you need to do the below to get Sun Java updated.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    Now install the current version of Sun Java from: Sun Java Runtime Environment
     
    chaslang, Dec 10, 2006
    #3
  4. Valle

    Valle Private E-2

    I found iexplore.exe in windows\system32\dllcache so no worries there.

    The hosts thing....temporary thing that I should've removed. It's not malware related though.

    I uninstalled the old J2SE's and installed the new one from the link you gave me.

    Then I restarted the computer, and everything seems to be as normal. Nothing popping up in processes. Internet's still odd, giving random bursts of insane lag. I suppose that might be a hardware problem though, that just coincidentally happened to pop up just as I installed malware. Oy vey!

    Thanks for the help! :)
     
    Valle, Dec 11, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! I know it is for metaserver.introversion.co.uk We just don't like to see things in the Hosts files since malware does like to play with it. And most of the time there is no reason for anything to added to the hosts file.


    You're welcome. For you lag problems I assume you are referring to gaming! Yes, I would look elsewhere. Even the path from your PC to the end point (the hops taken) can be the problem. You can try running a trace route to check out the ping times along the route but sometimes this does not reveal the problem either.
     
    chaslang, Dec 11, 2006
    #5
  6. Valle

    Valle Private E-2

    Any way to do that if I don't have a clue what the IP of the server is? (Game I've got the most problems with is Final Fantasy XI)
     
    Valle, Dec 12, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try asking in the Game Forum. This is not a malware related problem. If you don't know the IP address do you have URL for the server you can use to do the trace route. Again you are still better off in the Game Forum.

    Alternative: Google search on this with the quotes and the plus sign: "Final Fantasy XI" +"ping time"
     
    chaslang, Dec 12, 2006
    #7
  8. Valle

    Valle Private E-2

    I think Square-Enix (people behind FFXI) is a bit anal when it comes to their IP's and stuff. They suffered massive DoS attacks a few years ago, and...well. Thanks again though, and I'll see what I can work out.
     
    Valle, Dec 12, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    chaslang, Dec 13, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds