Urgent help required

Discussion in 'Malware Help (A Specialist Will Reply)' started by Brendan312, Sep 19, 2006.

  1. Brendan312

    Brendan312 Private E-2

    Hey guys, I have an urgent problem. My computer is totally infected with
    various viruses/malware causing it to be barely able to function. My father
    uses this computer for work and he has been having great difficulty using
    it for his work tasks. I need to get this computer operational as soon as
    possible, mainly because my father is very annoyed that I've trashed his
    computer as he needs to be able to use it himself. I've read and followed
    the instructions on the "Read and run me first" thread to no avail. Although
    I was unable to run the online scans because I cancelled BitDefender after
    it estimated it would take 9 hours to complete the operation (it was
    still rising when I cancelled it!) and the Panda Activescan page said this
    page could not be displayed. Any help you guys could provide would be
    GREATLY appreciated.

    Some of the problems
    --------
    1. Computer takes three times as long to startup.
    2. Computer is twice as slow.
    3. The entire memory is being taken up causing Outlook and other programs
    to either run much much slower or to not run at all. (Computer has 1gb of
    memory.)
    4. Computer randomly freezes and behaves erraticly.

    Possible causes
    ---------------
    1. I ran a program (153kb in size) which did not appear to do anything. I
    later found a program called micorsoft.exe in the windows directory which
    ZoneAlarm detected as behaving suspiciously or attempting to access the
    internet (I can't remember which). I have deleted this file.
    2. I opened what I thought was an mpeg video which didn't play. I later found out this was a self-extracting exe file. I looked at the properties for this file and saw it was 3gb compressed down to 30mb. I've since deleted this file so I can't analyse its contents (how stupid of me!). This is when
    the major problems started.

    Attached are an Hijackthis log plus two logs from the tools from the "Read
    and run me first" thread. If anyone wants more details or has any questions
    about my computer I will be more than happy to provide you with details as
    I badly want and need my computer fixed.
    If anyone can assist me I will forever be in your debt.

    -Brendan
     

    Attached Files:

    Brendan312, Sep 19, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Did you install System Spyware Interrogator? The below service is from this.
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

    This program is from a company named Trisnap Technologies LLC .

    Does your Symantec Software include a firewall?

    You appear to be running CA Isafe with ZoneAlarm firewall. This could make two antivirus applications an possibly two firewalls.

    What is Desktop Armor? Is it an antiSpyware application?

    What are the below folders for:
    C:\Program Files\
    1COOLB~1.0 28 Aug 2006 "1 Cool Button Tool - Flash 5.0"
    WAREZ 24 Aug 2006 "Warez"

    And the below file goes along with the folder above:
    C:\WINDOWS\
    1coolb~1.exe 28 Aug 2006 147084 "1 Cool Button Tool - Flash Uninstaller.exe"

    A folder named Warez is never good!!!! Is this for Warez 3.0 which is a P2P program that contains bundled malware? It looks like it based on your ShowNew log. You are doing to many P2P downloads.


    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\micorsoft.exe
    O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\micorsoft.exe
    O18 - Filter: text/html - (no CLSID) - (no file)
    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\WINDOWS\system32\micorsoft.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Sep 20, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds