Strange doings...

Discussion in 'Malware Help (A Specialist Will Reply)' started by bofarr, Dec 8, 2008.

  1. bofarr

    bofarr Private E-2

    I'm was having some speed issues, checked around and found something in my registry. Malwarebytes finds it and removes it but when I reboot to finish the cleanup it re-appears. I'm also running PC-cillin which will only run in safe mode because of this issue. If I try to run PC-cillin outside of safe mode I get an error that it is still starting. PC-Cillan then finds nothing in safe-mode. Threatfire finds nothing in safe-mode or normal windows. PC-cillan, Threatfire and Malwarebytes Anti-Malware all have the latest updates and are current.
    Here are the offending lines from Malwarebytes log that keep coming back:

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
     
    bofarr, Dec 8, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Dec 9, 2008
    #2
  3. bofarr

    bofarr Private E-2

    Have run MBAM about three times a week since originally having this problem. It comes and goes intermittently. Always seems to kill PC-Illian (can't run a scan or update) as an active process although it seems to be doing it's background stuff; firewall, web site protection etc.
    My machine really seems to slow down after 506 hours and does not want to initiate new processes at all. I get errors trying to open anything; browser, itunes, photoshop, etc.
    Thanks in advance...
    Bob
     

    Attached Files:

    bofarr, Feb 27, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean....(though I might suggest removing ThreatFire). You have enough RAM that your system should not be bogging down. You might want to post in the software section, as I have no idea what the time frame would have to do with it.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 28, 2009
    #4
  5. bofarr

    bofarr Private E-2

    The registry problem popped up again sometime during the day after the malware cleaning. Please see the included MBAM log file.
    Same issue: PC-Illin does not show up as an active process in the task bar yet I can open PC-Illin's main console and see that it seems to be running it's background functions (firewall, active scanning, etc.). However if I try to perform a Pc-Illin scan or update, it gives me a "The feature is still loading. Please wait a moment, then try again." message.
    Then after several hours of operation windows starts giving various run time errors when trying to open up any new applications.
    Is this a PC-Illin issue? Should I dump it and use one of MajorGeeks more highly recommended scanners?
    Also when recommending uninstalling ThreatFire, does this include the newest version (4.1)?
    Thanks for all the help!
     

    Attached Files:

    bofarr, Feb 28, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, I would dump threatfire as it is not a necessary program and can cause conflicts. If PC-illin is not a purchased program, then I would also suggest replacing it.
     
    TimW, Mar 2, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds