stubborn trojan attack!

Welcome to Majorgeeks!

Please redownload the latest version of ShowNew which now supports your OS (the one you had before did not support WinMe). Download it from the same link.

Then run ShowNew and attach the log.

After that we can get started on your problems; however, please explain exactly what your symptoms are. Just saying stubborn trojan does not convey enough information. Also what exactly did you mean by your browser is slow.

 

You do not really show any malware problems! We can try to help you speed up your boot time and improve overall perfomance by removing some unnecessary processes from your startup.

First a question! Do you use the below?

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers


WksSb.exe is a Works Portfolio tool that lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file

If you do not use this feature, add the above O4 line to the below procedure to fix with HijackThis.

Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {3D8C5C3D-35A0-43F7-8813-36902A92766D} (SoftLinkUpdate Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {A86A4C7C-6911-42D3-B898-52A199AB41CB} (SoftSecure Class) - https://sol.softitler.com/downloads/SoftLink.exe
O16 - DPF: {A86FEA6F-95C0-4190-A622-C5C02739CBE3} (WebTransfer Control) - https://sol.softitler.com/Downloads/WebTran.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\TEMP\ <--- delete all files in this folder! Only a couple from the current date cannot be deleted. Just work around them.:

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

I have a feeling you just have problems with your Windows ME OS. I have seen it quite often. Over a period of time it becomes flaky. Also when certain Windows patches (updates from Microsoft) are added. Operation on a network with shared drives becomes a nightmare. Opening just one Explorer window to a shared drive, can cause the PC to slow to a halt for 5 to 10 minutes and then all of a sudden it will respond. If you now close the Explorer windows to the shared drive, everthing we still be little slow but it will be basically okay. If you do not close the Explorer windows and attempt some other activity on the sharded drive, you will grind to a halt again.

 

Re: did all you recommended

I see you have both Spy Sweeper and CounterSpy installed. Are these free versions or paid versions? If free, uninstall both of them. Since they are only trials they will expire anyway. And having two programs like this running will slow your PC down alot. After uninstalling these, how are things running?

A would not recommend running Windows XP on your system. It is too slow and does not have sufficient RAM. Even for Win ME I would recommend at least 256 Mb. If you don't want to buy a new PC and are considering changing the OS. Go to Windows 2K but look into added as much RAM as you can.

 

You're welcome! But just remember that your PC does need protection and protection comes at a price or PC performance. You really need to work thru the below because your PC will be very prone to malware problems without proper protection.


How to Protect yourself from malware!