BleepingComputer.com: XP problems

My computer has been acting very strangely for about 2 months. The first thing I noticed was inability to drag icons on my desktop and drop them in a folder. I also can't drag page tabs in Firefox and drop them into bookmark folders. On the desktop, the only thing I can do is delete. I can't cut and paste or drag and drop. I tried a different mouse, made sure the icons weren't locked, changed the background and none of that helped. I tried System Restore and it just says computer cannot be restored to any date I pick. Then I noticed the annoying Babylon thing had taken over my searches. Whenever I tried to do anything Google, it wouldn't let me. I have run Malwarebytes AntiMalware, Spybot, Trojan Remover, and used the scanner from Charter Security Suite. Sometimes while I am browsing F-Secure says there is a virus in C:\WINDOWS\system32\drivers\etc. It says it needs to reboot in order to clean it, but then later the same thing happens. I am not sure if that has anything to do with the drag and drop problem. It seems like every day some new symptom happens. So many symptoms I can't remember them all. The computer has flashed a blue screen a couple of times today, but it went away so fast I couldn't read it. I think the Babylon problem is fixed, but now I am afraid something else is seriously wrong. Not sure what I should do (or not do) next. Thank you for any help or advice.





Manufacturer Dell Inc.
Name Intel® Core™2 Duo CPU E8300 @ 2.83GHz
Operating System Microsoft Windows XP Home Edition
Service Pack 3.0 Build 2600
Total Memory (RAM) installed in this PC 2,047 MB
Memory Used 54 %
Total Page File Memory 3,939 MB
Available Page File Memory 2,929 MB
Total Virtual Memory 2,048 MB
Available Virtual Memory 1,820 MB
Vendor F-Secure Corporation
Product Charter Security Suite 9.01
Version 9.01

This post has been edited by hamluis: 07 February 2012 - 07:25 AM
Reason for edit: Moved from XP to Am I Infected.

Can you post the logs and or screenshots of the virus it is detecting?

cryptodan, on 07 February 2012 - 03:10 AM, said:

I only know how to see the results of the latest scan in F-Secure and I aborted the latest scan, so I am scanning again and will post the results when it finishes. Thank you

abricru, on 07 February 2012 - 03:40 AM, said:

It just keeps getting worse and worse. Everything takes ten times longer than it usually does. The F-Secure scan completed and said it found nothing, but when I tried to browse I got the same message that it found something in system 32. I read that I should disable system restore to keep it from happening over and over but that has not stopped it. I also got some message about tfun.exe when I tried to reboot. The yellow security shield icon keeps appearing in my systray even though I have automatic updates turned off.

This is what MBAM said a few days ago:

Objects scanned: 208359
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\WINDOWS\Temp\tue0.5531846137295523.exe (Trojan.FakeMS) -> 652 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|configremote (Trojan.FakeMS) -> Data: C:\Documents and Settings\All Users\configremote.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|configremote (Trojan.FakeMS) -> Data: C:\Documents and Settings\All Users\configremote.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\WINDOWS\Temp\tue0.5531846137295523.exe (Trojan.FakeMS) -> Delete on reboot.
C:\Documents and Settings\All Users\configremote.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anne\Local Settings\Temp\sxramcowen.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\deviceauto.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ikixzkz.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.20171454731763705.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.8112219785613592.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

What should I do?

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic.

cryptodan, on 07 February 2012 - 04:56 PM, said:

Thanks for your help. I am following the steps and will get back if I can't solve the problem.

I have followed the steps and put the logs in this post.

However when I tried to attach the ark.txt file I got a message saying it was too big to upload. Thank you for your help.

Try and zip it up

OK I attached it as a zip file to my new post.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

To avoid confusion, I am closing this topic.