Things just seem to be getting worse :(

Discussion in 'Malware Help (A Specialist Will Reply)' started by TessaFaye, Jul 29, 2010.

  1. TessaFaye

    TessaFaye Private E-2

    Hi everyone. Let me say in advance, thank you for your time and consideration.

    This afternoon I started the Malware Removal Guide (MRG) . Just finished. <sigh>

    Anyway, I now have more processes running than ever before; my computer is even slower (didn't think that was possible, lol). It all started because yesterday anytime I tried to print a file it froze my computer. And in general it was running super slow. I restarted the computer several times to no avail.

    Today I noticed that a program called wuauclt.exe was sucking up memory. I ended the process (if I hadn't I wouldn't have been able to follow the MRG).

    I'm nearly at the end of my rope. I can't do my work without my computer. I could just :cry I backed up my entire C drive on an external hard disk last night. If I have to wipe it all clean and start over, I can, but I'd really rather not.

    I have no ComboFix log because it never finished. I let it try to start up for over an hour and final had to kill the process; I never got to anything but a little box in the center of my computer saying it was starting ComboFix and I'm pretty sure that just starting the application should not take that long. <sigh>

    Anyway, here are the rest of my logs.

    Again, thank you for your time.


    TF
     

    Attached Files:

    TessaFaye, Jul 29, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    That's windows updates.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking Fix exit HJT.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now I want you to try renaming combofix.exe to kestrel.com, reboot into safe mode and again attempt to run it.

    Not sure that malware is the cause of your problems. It may be that I refer you on to a different forum for advice.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Jul 30, 2010
    #2
  3. TessaFaye

    TessaFaye Private E-2

    So, when I ran C:\MGtools\GetLogs.bat I get the following error:

    Application has generated an exception that could not be handled.
    Process id = 0x4b0(1200), Thread id = 0xba8(2984)

    In fact, every time I run it, it says something similar regarding ProcessDll.exe. I didn't think of it until now because the program still produces a MGlogs.zip file.

    I'll attach it.

    Also, when I ran avenger it said that one of the files was really a folder and that I had to run it with "Files to delete:" instead, so I did that. Hope that was the right thing to do - I know you are busy and I don't want to bother you with every little thing, but I also don't want to make it harder for you to help me. This is SO frustrating.

    I went to safe mode and tried to execute kestrel.com and it got hung up the same way it did before...just a little box in the center of the screen saying that it was starting up, but never moving past there. Let it run for about 30 minutes and finally gave up.
     

    Attached Files:

    Last edited: Jul 30, 2010
    TessaFaye, Jul 30, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Rename kestrel.com back to combofix.exe.

    For the error message with MGTools, it was explained here, scroll down to error message type 4

    Using MGTools

    Yes that was fine.

    I am not seeing anything unusual in those logs except for some odd looking temp files.

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

    Run Ccleaner (Not the registry section, simply the cleaner)

    Now give this a go, just to see if it picks anything up.

    Using ESET's Online Scanner

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also Attach the ESETScan.txt to your next reply.

    Let me know how things are running.
     
    Kestrel13!, Jul 31, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds