Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have A Strong Feeling Im Infected....


  • Please log in to reply
4 replies to this topic

#1 loco63

loco63

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 22 November 2007 - 11:17 PM

about a month ago, i turned on my laptop to find something called dealio added to my internet explorer add ons. it took me for ever to remove it. i was finally sucessfull in getting rid of it, but then found that i had the smitfraud virus. the button to turn off windows disappeared, as well as several buttons on the ctrl alt delete menu. again, i was able to get that worked out and was able to run avg anti-virus. it proclaimed to fix a trojan and several spyware entries.

well, since then, my laptop has been running extremly slow while surfing the web. ive followed the directions in the tools section to try and get to the bottom of my problem. i also downloaded a uniblue registry cleaner2 and scanned my system registry. avg reports nothing else.

im not sure where to turn. im hoping i came to the right place as any help is appreciated.

BC AdBot (Login to Remove)

 


#2 loco63

loco63
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 23 November 2007 - 09:12 AM

i would also like to add that when i first fire up the laptop, it is smoking fast.....like it used to be. after a few short minutes, it slows to a crawl and takes a long time for pages to load.

thanks.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:20 PM

Posted 23 November 2007 - 11:03 PM

i also downloaded a uniblue registry cleaner2 and scanned my system registry.

Registry cleaners are extremely powerful applications. There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove an entries required for a program to work. Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on a system.

Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

If your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 loco63

loco63
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 PM

Posted 24 November 2007 - 10:38 AM

thanks for the reply. i wanted to take a second and explain this situation so that anyone else that finds themselves having the same trouble, would know what to do.

firstly, i knew something was drastically wrong since my laptop was sooooo painfully slow. my avg virus scanner and antispyware would occasionally detect a trojan. avg would clean it, and things would be back to normal. i would reboot my laptop and it would be great for a few minutes, then it would slow down to a crawl. i knew there was somthing going on that wasnt being detected.

i started doing google searches on the w32 trojan (thats what avg reported it as). my google searches pointed me to a program called trojan remover. i downloaded it and took advantage of the free 30 day trail. trojan remover detected a rootkit called XPDX rootkit driver, but was unable to clean it.

again, i referred to some googling and came across a rootkit cleaner designed specifically for this infections. the file is called rustbfix.exe. it seems to have cleaned the rootkit, and so far (knock on wood) i have not experienced the problems i have had.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,098 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:20 PM

Posted 24 November 2007 - 11:06 AM

Rustock is a family of back door trojans designed to send spam from hijacked computers and specializes in sending image-based spam. This infection incorporates advanced user and kernel mode rootkit capabilities, alternative datastream, and proprietary obfuscation/packing methods to hide the native driver code. Rustock hooks into the Windows 32-bit kernel, and patches several APIs to hide new registry keys and files it installs. Combining multiple evasion/stealth techniques helps this malware to remain undetected by commonly used rootkit detectors and almost totally invisible on a compromised computer when installed. Rootkits are very dangerous because they use advanced techniques as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect your computer from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Although the rootkit has been identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS - "When should I re-format?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users