Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Laptop Acting Odd


  • Please log in to reply
14 replies to this topic

#1 steven

steven

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 28 May 2008 - 01:34 PM

Hi Guy's,

You've helped me before and I need your help again.

I went + bought a new Toshiba Satellite P105 laptop with Vista os.

As of late I've noticed some odd behavior occurring.
I have Spybot, Trend Micro, Webroot spysweeper, windefender. And yes, I've scanned often with them all.

This laptop is used for email, work, blogging, an occasional Halo non-online game, and online banking. The latter is why I'm worried.
All my online connectivity is through a Verizon wireless card.

I've never used this laptop to do online gaming, viewed any porn, or anything even close to a porn site. I've never downloaded music, or free games.
My symptoms are:
Whenever I use the search bar, it automatically puts a . in front of whatever I type in. This results in my browser refusing to search. I have to go + delete the . icon before the search feature works correctly.
Spybot has found something and been unable to clean; labeled Trojans/C.sbi
Windows installer will not install 3 important updates titled; Security Update For Win. Junk mail filter, error #8007045b. Sec. Update for MS Office, error code 80070641. Sec. Update for MS Word, error code 800 70641.
My warning icon for Windows start up programs constantly come up warning of failed startup programs. The latest being the "userinit.exe program.

I am completely Vista ignorant. If I have a bug, it must have been because of my viewing blog pages and downloading pics from the net to my blog.

Thanks for your assistance in this matter.
Steven

BC AdBot (Login to Remove)

 


m

#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2008 - 02:29 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  

Posted 28 May 2008 - 03:26 PM

may one ask ; if this is a relatively new machine what antivirus program came installed on it and did you uninstall it prior to loading trend micro?

please also run this scan which is vista compatible;

Superantispyware; guide on how to install and run
If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;
Installing superantispywareSuperantispyware is found here
http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

#4 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 29 May 2008 - 01:58 AM

Thanks folks,
It'll be sometime on Friday before I can deal with this. (I drive a truck + am on my way to Ohio with a hurry up + get there load.
Some quick answers: I bought this laptop last August. It came with TrendMicro installed, (no Norton installed.) I downloaded Spybot about 4 months ago.
I was going to install Superspyware before, but another helper here suggested against it because I already had three layers of protection running.

Please bear with me, I'll be back Friday.

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 29 May 2008 - 02:23 AM

suggest check your warranty? it may still BE in that phase of its life? if ti IS then suggest take it back to the store for them to sort it to keep the warantly valid; if it is OUT of warranty then go for superantispyware on a full deep scan

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:23 AM

Posted 29 May 2008 - 05:54 AM

After reading your desktop thread with teacup, something tells me you are not running any scans in safe mode.

As long as you follow the directions exactly and turn off super loading at bootup, you should be safe, it'a amuch better scanner than those you are using, what is windefender? the 9x win ME encryption program?

Native AV in vista?

regarding safe mode and it's use

http://www.malwareremoval.com/tutorials/safemodeboot.php

Edited by DaChew, 29 May 2008 - 05:55 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 June 2008 - 06:36 PM

Sorry Guys, I've been too busy driving to areas that don't have broadband signal coverage and have not been able to pursue what ya'll suggest without taking an immense amount of time to connect + send info back + forth.
I'll get on it asap as soon as I get a good broadband signal with enough free time.

DaChew, the topic with teacup was on my desktop system, this new thread is about my laptop. Windefender is the Windows Defender security thing that comes with Vista. I may have mislabeled the name.

#8 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 04 June 2008 - 09:32 PM

OK,
Got the Malware scan done + logfile posted. (Only found 1 item.)

Malwarebytes' Anti-Malware 1.14
Database version: 826

9:27:33 PM 6/4/2008
mbam-log-6-4-2008 (21-27-33).txt

Scan type: Quick Scan
Objects scanned: 39264
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:23 AM

Posted 04 June 2008 - 09:37 PM

No superantispyware scan from safe mode?

you are probably clean and that was a remmnant of an old infection, but I always like to get a second opinion
Chewy

No. Try not. Do... or do not. There is no try.

#10 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 04 June 2008 - 09:41 PM

Hmmn,
I tried to install superantispyware and my laptop just shut down + restarted without being prompted, or warned. Is this normal on Vista?

I'll try to download superantispy again.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:23 AM

Posted 04 June 2008 - 10:04 PM

When using Windows Vista be sure to Run as Administrator
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 04 June 2008 - 11:19 PM

Did a Superantispyware scan in normal and safe modes. Nothing was found.

Oh, all scans were as an admin.

I think your tag line is great boopme. Quite the "see I told ya so".

Edited by steven, 04 June 2008 - 11:27 PM.


#13 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 05 June 2008 - 09:28 PM

Seems that Malware scan fixed the . search problem.

One last question; will this same advice apply to an XP OS on a desk top?

Thanks again for everyones help. This site is absolutley great.

I especially like the fact that there isnt any flaming / blaming going on here. Well, if there is, I'm not seeing it at least.

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:23 AM

Posted 05 June 2008 - 09:39 PM

XP doesn't have a super admin mode like Vista, xp is harder to clean tho as Vista locks most malware out of it's kernel

I have had 2 heavy infections myself this last year, the first from stupid surfing and going unprotected and unupdated, the second from a usb drive when I was trying to fix a clients computer

We all start out ignorant, some learn faster than others

Edited by DaChew, 05 June 2008 - 09:42 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#15 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 08 June 2008 - 12:46 AM

Hmmn.
To me, kernel = registry.

And you are so right Chewy.
I've learned so many things here. Things I never envisioned, or even thought possible.

Be well, and thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users