Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan


  • Please log in to reply
8 replies to this topic

#1 eraserhead

eraserhead

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 12 April 2008 - 07:49 PM

Hi all,

I'm running XP Professional SP1. My computer and more particularly, my internet are going painfully slow. I tried doing system restore with a few different restore points. I've carried out the recommended steps, including scans and taking just about everything off startup, defragmenting and cleanup. I still have the same problem.

Thanks in advance for any help.


Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 12 April 2008 - 07:56 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 12 April 2008 - 08:32 PM

I need to ask you some things please. Why are not using SP2,you are extremely vulnerable to malware?
What Antivirus/spyware and firewall are running? When did you last scan and have you dob=ne so from Safe Mode.
Answer those for me please and also run these and post back the log.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 eraserhead

eraserhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 13 April 2008 - 02:10 AM

Dear Boopme

Thanks for taking the time to help. I'm not using SP2 because I couldn't pass the Microsoft verification test. The computer and internet are still slow. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/12/2008 at 04:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type : Complete Scan
Total Scan Time : 03:59:54

Memory items scanned : 319
Memory threats detected : 1
Registry items scanned : 4903
Registry threats detected : 0
File items scanned : 88452
File threats detected : 4

Adware.HBHelper
C:\PROGRAM FILES\AOL SECURITY TOOLBAR\TBU1\TBHELPER.DLL
C:\PROGRAM FILES\AOL SECURITY TOOLBAR\TBU1\TBHELPER.DLL
C:\PROGRAM FILES\AOL SECURITY TOOLBAR\TBHELPER.DLL

Trojan.Fake-Drop/Gen
C:\COMBOFIX\NTPBACK.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{33AFF45F-AA48-478D-838B-BC94AE1F0A28}\RP179\A0111710.EXE

Edited by eraserhead, 13 April 2008 - 02:11 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:37 PM

Posted 13 April 2008 - 03:58 AM

Why do you not install sp2? It's free from the microsoft website (if you're interested, post, I will search for the link), you than can receive the latest security updates, and make your pc a lot less vulnerable.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 13 April 2008 - 07:20 PM

So how is the PC running now? You have cleared some nasty stuff. Popups gone?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 eraserhead

eraserhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 13 April 2008 - 09:41 PM

Hi,

It's still running a bit slow, but it has improved.

Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 14 April 2008 - 05:15 PM

OK good,I will see what I can get you on verification. But 2 things I need to know. Is this a legit copy of XP and do you have the Original disk? I ask this as I don't want to look for things you won't be able to use. I will still help you clean the PC regardless. You are very exposed to Malawi with only Sp installed.
Have you considered another browser ,such as FireFox?
When was the last Disk Defragmentation?
Go into Control Panel,Add/Remove Programs and remove any programs you don't need or no longer use.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
See any improvement now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 eraserhead

eraserhead
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 24 April 2008 - 01:19 AM

Hi Boopme,

Sorry, I've been away. I don't have the original disk and the computer was given to me, so I don't know if it's legit. In the meantime, I'll do what you've suggested.

Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 25 April 2008 - 08:16 PM

Ok Not a problem. Hope it's stays clean. If you have any troubles give us a shout.

boopme
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users