Strange things are happening. Help to clean.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by htown, Aug 19, 2006.

  1. htown

    htown Private E-2

    1. I have run ad-aware Personal on FULL
    2. Norton Antivirus - Full system
    3. I have used a tool called TUT (The Ultimate Troubleshooter) to do some house cleaning and to trim down all my background process
    4. I am running XP Professional

    The weird things that happen are that as I surf, My browser will take along time to get to the site fi at all. The progression bar in the Status Bar will show half loaded or nothing at all and the page never loads. Now I know some sights are just slow but Google? I don’t think so. I have even timed out on Google. This thing that makes me quite sure it is something on my computer doing this is that I can go into safe mode with networking and I have no trouble surfing. It is all very fast. Just like you would expect having High Speed Cable. Most of the time I can just keep pressing the Esc key and clicking on the link and then eventually the site will load almost immediately. Just the way you would expect. I am sick of using the Esc key over and over and over.

    The other thing that happens from time to time is that one of my email accounts in Outlook will all of the sudden start prompting me for the username/password. Other times that particular account will just not connect to the server. (and I have other accounts on the server that connect fine) This is random and will happen to other accounts as well. I have to reboot to get it to work correctly.


    So anymethods to help cleans my computer of these suspected bugs wold be greatly appreciate. I am tempted to start from scratch, but that is at least a full 18 hours worth of work. Please do not make me have to do that.

    Thanks for all of your help.
     
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Welcome to MajorGeeks.com, please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • CounterSpy - ONLY IF you were not able to run Windows Defender
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • HijackThis
     
  3. htown

    htown Private E-2

    I appreciate you response. I am home today on Sunday so I will attack this problem and do as the STICKY says and let you know what I come up with.

    Thanks again.
     
  4. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Attach your logs when you are finished. It will take 2 posts to attach all 5 logs.
     
  5. htown

    htown Private E-2

    I only have four files to upload. I hope you are talking about Hijack This. I have not run this yet because it says not to really run it unless you are still having problems. My problems are not immediately apparent so I will use the computer for a while to see what happens.

    Norton Antivirus reported no viruses in the Quarantine area but Bitdefender found some in the Norton Quarantine directory. Not sure what to do about that. I do not have a Norton Recycle Bin.

    Also, Panda seems to have found a few things but I am not sure what to do about those either. The instructions say that after running all the tools and FIXING what they find to reboot in NORMAL mode. I am not sure how to get PANDA to fix anything. If it does it automatically, it did not fix what it had found.

    Here are the first three files.
     

    Attached Files:

  6. htown

    htown Private E-2

    Here is my last attachment.
     

    Attached Files:

  7. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    If you are to the point of posting logs, then the HijackThis log is a required log.
     
  8. htown

    htown Private E-2

    Find attached my Hijackthis log.
     

    Attached Files:

  9. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Download
    - Pocket Killbox

    Empty the Norton Quaratine Folder.
    Empty the Recycle Bin.
    Run CCleaner.

    << The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

    You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everthing you used MsConfig to disable. If you are recieving error messages, related to these items, at system start; we can fix this without using MsConfig.

    Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:
    Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.
    Now run Pocket Killbox:

    Choose Tools -> Delete Temp Files and click Delete Selected Temp Files

    Then after it deletes the files click the Exit (Save Settings) button.

    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

    Now boot into SAFE MODE

    Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

    Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    REBOOT to Normal Mode.

    How is the computer running?
     
  10. htown

    htown Private E-2

    First, I really appreciate all your help. Thank you. Weather it works or not.

    Everything went as you explained except for the part when I was suppose to copy and paste all three files into Pocket KillBox. Only one file seemed to go into the field so I did each file one at a time. When I was finished, I closed the program and rebooted myself. I never did get the "PendingFilename Operation" prompt.

    I will have to see how the computer runs over the next day or so and I will get back with you. Seems like after all of this she should be pretty sterile.

    If you don’t mind a few questions if you have a moment:

    I was going to ask you what you thought about a program called "The Ultimate Troubleshooter", used to control windows processes. It got rave reviews and seems to work really well, but I was just wondering what the pro's thought.

    Also, I know that just having a firewall doesn't protect you but with Norton Antivirus, Internet Security, and blocking most spams, how in the hell do these things get into our computers? Do macs have these same problems or is the OS contributing to most of it?

    Thanks again for all of your help.

    Houston
     
  11. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    TUT is not a program I use. It may prove useful in knowing what processes are running on the computer and which programs they belong to, but for the most part processes should be left just as they are. Changing of system process settings and/or removal of a system process can lead to disasterous results; and oftem does for the inexperienced computer user.
    Norton is very demanding of system resourses, and often causes system perofmance issues.

    As far as getting infected. Some of it is a drive-by install; taking advantage of vulnerabilites in ActiveX, Java, and AJAX controls on unpatched systems. Some of it is purely "Social Engineering", clicking "OK" without fully reading what was in the popup alert. Clicking on Advertisments like "Your PC maybe infected", and others. A lot of it comes from visting sites one really shouldn't be visiting. Many of the sites that have Wallpapers and Screensavers push much of the generally begnin but annoying browser add-ons and toolbars. Some of it comes via email. There are so many infection vectors it not all that hard for an inexperienced user to get infected. Many of the "Young" users get infected by using files sharing applications. Most of the P2P file sharing programs come bundled with spyware.
     
  12. htown

    htown Private E-2

    What would you recomend over Norton? Why is it so taxing on the computers and other similar programs are not?
     
  13. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Norton loads several processes when the sytem starts. Many of these are CPU intensive.

    What we recommend can be found in How to Protect yourself from malware! If you are looking for a commercial solution then NOD32, Kaspersky, or AVG Pro.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds