Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red X On C: And Slow Computer


  • This topic is locked This topic is locked
8 replies to this topic

#1 yukmouf

yukmouf

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 11 March 2008 - 05:13 PM

My computer got ahold of some spyware and viruses. I immediatly knew when I did. My nortons was outdated so I picked up a new copy of Nortons 360 and PC Tools Spyware Doctor and after several tries it seemed to get rid of everything. I reinstalled Internet Explorer. I still have a red x on my c: and my computer gets slower every day. I ran vundofix and it found i belive 6 or 7 items and I removed them. Still have a red x and my computer still feels slower today. Feels like I'm running with no memory. Where do I go from here?

Edit: Moved topic to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 11 March 2008 - 05:29 PM

I ran vundofix

may one ask who suggested you run that tool?

Posted Imagewelcom to another forum user


to begin with I would suggest that Norton itself would cause slow up problems; when did you last fully update IT and run a full scan with it ?

what other tools do you have on there that you have already run?


as you originally posted this in the XP section of this forum may one ask if you have service pack 2 on the computer yet?

( edit by Ruby1 to clarify OS as posting moved by Admin Animal to more appropriate 'am I infected' section from the XP section )

Edited by ruby1, 11 March 2008 - 06:12 PM.


#3 yukmouf

yukmouf
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 11 March 2008 - 10:43 PM

I read it somewhere on here. I do have service pack 2. norton runs and updates daily. i try to keep programs running to a minimal to increase performance. but since the infection it has run ungodly slow. programs, web browsing and all.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:07 AM

Posted 11 March 2008 - 10:44 PM

Hello yukmouf and welcome to BC :flowers:

when did you last fully update it and run a full scan with it?


My nortons was outdated so I picked up a new copy of Nortons 360and PC Tools Spyware Doctor and after several tries it seemed to get rid of everything.


I would say that yukmouf's Norton is current and that it was run shortly before posting.
--------
--------
yukmouf,

Given that you posted initially in the XP forum, I'm going to assume that you are running Windows XP. Please confirm. Also, are you running the Home or Pro edition, and do you have Service Pack 1 or Service Pack 2 installed?

At this point, I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. You may wish to print out these directions or copy them to notepad so you have them available in Safe Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Please tell us what alerted you to the presence of the infection. Please describe any popups, ads etc., what they said, looked lik, etc. Also, please tell us what Norton and Spyware Doctor found. This information will help greatly in providing the correct disinfection procedures.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 yukmouf

yukmouf
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 12 March 2008 - 08:32 PM

I noticed the infection immediatly. I got tons of pop ups and my computer basically froze. The internet popups I closed out quickly but from most of what I saw they were spyware/malware program ads. I got some windows pop ups saying the system was unstable, and some came up in the taskbar. I am running XP home with sp2. Here's the log file..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/12/2008 at 06:13 PM

Application Version : 4.0.1154

Core Rules Database Version : 3417
Trace Rules Database Version: 1409

Scan type : Complete Scan
Total Scan Time : 01:04:03

Memory items scanned : 195
Memory threats detected : 0
Registry items scanned : 5976
Registry threats detected : 3
File items scanned : 85408
File threats detected : 12

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{D85530E8-D39D-49D0-9F36-300D594556D2}

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.m5prod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads4.blastro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads3.blastro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
HKLM\Software\xpre
HKLM\Software\xpre#execount

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ORQSS.INI2

Adware.Rabio Search Enhancer
C:\WINDOWS\SYSTEM32\W11\HIBA3133.EXE

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:07 AM

Posted 12 March 2008 - 09:30 PM

Hello yukmouf,

The SUPERAntiSpyware log shows that you have or had a Vundo infection among other things. Let's deal with the Vundo first. Please follow the steps in this guide. If you have any questions or problems as you go through it, please post them as a reply. When you have finished going through the guide, please post the VundoFix log which can be found here: C:\vundofix.txt

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 yukmouf

yukmouf
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 13 March 2008 - 09:06 PM

VundoFix log

VundoFix V7.0.1

Scan started at 8:29:04 PM 3/10/2008

Listing files found while scanning....

blank
C:\windows\system32\mjbovyjx.dllbox
C:\windows\system32\ozvineuz.dllbox
C:\windows\system32\rtsqzquu.dllbox
C:\windows\system32\wlnkkpny.dllbox
C:\windows\system32\zeuzsnoz.dllbox
C:\windows\system32\znsqeknl.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\mjbovyjx.dllbox
C:\windows\system32\mjbovyjx.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ozvineuz.dllbox
C:\windows\system32\ozvineuz.dllbox Has been deleted!

Attempting to delete C:\windows\system32\rtsqzquu.dllbox
C:\windows\system32\rtsqzquu.dllbox Has been deleted!

Attempting to delete C:\windows\system32\wlnkkpny.dllbox
C:\windows\system32\wlnkkpny.dllbox Has been deleted!

Attempting to delete C:\windows\system32\zeuzsnoz.dllbox
C:\windows\system32\zeuzsnoz.dllbox Has been deleted!

Attempting to delete C:\windows\system32\znsqeknl.dllbox
C:\windows\system32\znsqeknl.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:07 AM

Posted 13 March 2008 - 09:36 PM

Hello yukmouf,

Thank you for posting the Vundofix log. I was going to contact a more experienced malware removal person to take over this thread; however, you have now posted an HJT log. I have split that log away into the Misplaced HJT log forum. The URL is here: http://www.bleepingcomputer.com/forums/t/136219/split-from-red-x-on-c/ Please follow the directions in the reply there.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:07 AM

Posted 13 March 2008 - 11:55 PM

Now that you have a HJT log posted in the HijackThis Logs and Malware Removal forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from
, until they have verified your log as clean.

This topic will now be closed, since you have an open log posted.
If you have any questions, feel free to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users