Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something? Not Sure What,,,,,


  • Please log in to reply
1 reply to this topic

#1 ColoradoHermit

ColoradoHermit

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canon City, Colorado
  • Local time:05:04 AM

Posted 08 November 2007 - 05:50 PM

I have an old Dell Optiplex GX 240 running Windows XP Pro Service Pack 2. This thing has been running slow and way weird since I test drove the new Windows Live OneCare virus and firewall. I was going to try the three months free with it but it did some strange things to my puter.
First thing I ran a scan with it and it said that it found this long list of worms and Trojans. I did have AVG and McAfee along with Spybot Search and Destroy and Spy Sweeper for MSN and XoftSpySE. I had ran scans with all of them recently before trying the new Windows Live OneCare and they said things were clean.
Any who, after the Windows Live did its thing and ran its system cleanup my screen went to the lowest resolution settings and I couldn't get them to change. I finally had to uninstall the Windows Live OneCare and all the updates it did for my Windows XP. Then I ran a system restore to a restore point I had set a few days before. But since then my system has been real slow and when I check the Windows Task Manager it has strange things listed that often take up most of the CPU doing something. Pod.exe and the HelpSvc.exe both have stalled things for several minutes using 100% of the CPU several times today.
I went to the Startup Database Forum and downloaded the Autoruns program. I cant make heads or tails out of what that shows. My Spybot program in what it shows for my startup page has this in the list, "RunOnceEx" with a whole list of Trojans and worms. But when I run a full scan with Spybot it comes up clean.
In the list of Processes in my Task Manager there's a lot of stuff that the "Startup Database" says is bad, and it shows 76 things running now with 657 MB PF usage. That's a lot of Megs being used for something when all I have open is Internet Explorer and the Windows Task Manager, and McAfee in the background.
Here's what the Windows Live OneCare said that it found;
Win32/Netsky.C@mm
Win32/Bagle.O@mm
Win32/Netsky.P@mm
Win32/Netsky.K@mm
Win32/Netsky.D@mm
Win32/Netsky.Z@mm
Win32/Bagle.J@mm
Win32/Sober.G@mm
Exploit:HTML/MhtRedir.gen
Win32/Bagle.W.dr
Now it said that it removed all of those and then I ran a second scan with it and it came up with one more;
Win32/Netsky.C@mm
And it said that it fixed that one.
Any who, I don't know what's going on with this thing. Any idea what to do with it?
Thanks
ColoradoHermit

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:04 AM

Posted 08 November 2007 - 07:02 PM

Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

Anytime you come across a suspicious file, search the name using Google, BC's File Database, File Research Center or the Process ID Database. Also see How to determine what services are running under a SVCHOST.EXE process.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users