Very slow startup and Dluca

Discussion in 'Malware Help (A Specialist Will Reply)' started by jcallet99, Jan 6, 2007.

  1. jcallet99

    jcallet99 Private E-2

    I am having some trouble with very very slow startup and a couple other things.

    First I have completed all of the steps that were mentioned in the read first guide and have gotten no where. The first thing that I see is something called Dluca.CWAD when I do a scan. I remove it and the registry entry for it, however on restart it recreates itself somehow.

    Secondly I notice a .bat file in my startup and don't understand what its purpose is.

    I have posted the content of the batch file and my hijack log file below. If anyone could help me I would be grateful as I have been messing around trying to figure everything out for a couple of days now.

    Just as an FYI, I am running Norton Internet Security 2007

    Batch file content
    --------------------
    c:
    cd\
    Q328145_WXP_SP2_X86_ENU /u /z
    Q329048_WXP_SP2_x86_ENU /u /z
    attrib -h -r c:\Q328145_WXP_SP2_X86_ENU.exe
    attrib -h -r c:\Q329048_WXP_SP2_x86_ENU.exe
    del Q328145_WXP_SP2_X86_ENU.exe
    del Q329048_WXP_SP2_x86_ENU.exe
    cd\Documents and Settings\All Users\Start Menu\Programs\Startup
    shutdown -r -t 3 -d p
    del 334214.bat



    HIJackLog
    -------------------------

    ~ INLINE HIJACKTHIS LOG REMOVED ~ SPD
    Read Me first not run, HijackThis improperly installed


    Thanks in advance for your help.
     
    Last edited by a moderator: Jan 7, 2007
    jcallet99, Jan 6, 2007
    #1
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Welcome to MajorGeeks.com!

     Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
    • CounterSpy
    • AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • HijackThis
     
    Shadow_Puter_Dude, Jan 7, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds