Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Teenage Girls Ruined My Computer!


  • Please log in to reply
7 replies to this topic

#1 shanepack

shanepack

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 June 2008 - 11:22 AM

Hello all.


Thanks to everyone for the help in advance!! I love this site, and you guys have saved my a$$ a few times before. So thank you again. :thumbsup:

So my wifes little sisters came into town this past weekend and decided to play around and feed their rediculous myspace addiction and at the same time ruin my computer. I was/am so pissed off. Everytime I try to do anything to fix it, the computer shuts off and restarts. I was able to see that there is something called explorasi.exe or something like that running, as well as smss.exe and a bunch of other crap. What do I do if it keeps turning off? How do I fix it?? I don't even know the first step. We have disconnected the internet all together for fear of some huge mass mailing worm that google said explorasi was. Please help me!!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 19 June 2008 - 12:11 PM

explorasi.exe = WORM_BRONTOK.AE

What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "Safe Mode"? If not, please do so.

If your computer keeps shutdowning on its own, follow these steps to stop the cycle:
  • Click on Start > Run and type: cmd
  • Press Enter.
  • At the Command Prompt type: shutdown -a
  • Press Enter.
If scanning in safe mode did not help, download the Brontok Disinfection Tool and follow the instructions posted by Sophos.

Note: Make sure you download and use BRONTGUI.com. BRONTSFX.EXE is a self-extracting archive containing a command line disinfector for use by system administrators on Windows networks.

Then download Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number).
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • This tool generates a log file (sysclean.log) in the same folder where the scan is completed - C:\Sysclean.
  • When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 shanepack

shanepack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 June 2008 - 12:25 PM

I have windows xp sp2. I never have any issues with my computer at all, but I do run a few tests every now and then, but honestly have not for a while. I will do that to stop the shutting down, and hopefully be able to get through a test or two. The computer only shuts down when I start to do something about the problem. When I pull up a google page and search explorasi or start to run a spybot search and destroy search. Stuff like that. It doesnt just keep going over and over again, but if I try and do anything to fix the computer, then thats when it will just shut down and restart. Does that sound crazy? Should I download these to my office computer and then transfer them on a jump drive or something? My computer won't let me go to this website to do anything. I am at work right now. When I get home I will try to boot in safe mode too and see if that helps. Thanks for your quick response!! You rock!!

Edited by shanepack, 19 June 2008 - 12:26 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 19 June 2008 - 12:43 PM

Yes you can download those programs from another computer and save them to a flash (usb, pen, thumb, jump) drive or CD. Then transfer them directly to the infected computer where you can use them. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 shanepack

shanepack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 19 June 2008 - 01:13 PM

awesome. I will do that. What should I post on there after? Should I put up the log file? Thanks again for helpin me out.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 19 June 2008 - 01:22 PM

You can post the log files. Also let me know how your computer is running and if there are any more signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 shanepack

shanepack
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 22 June 2008 - 04:51 PM

Well everything seems to be running just fine. What is the best program to use to double check that there isnt anything else on here I should fix? When I used the Brontak tool, it said I was supposed to manually delete a few files, but I couldn't find any of them. I have run AVG and the sysclean program and nothing comes up. I still have over 70 running processes. How can I tell which of these are legitimate and which are not needed? Thanks again for helping me.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:23 AM

Posted 23 June 2008 - 08:13 AM

What is the best program to use to double check that there isnt anything else on here I should fix?

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

However, you can overkill your system with resource heavy security programs that will drain your resources and slow down performance. Sometimes you just have to experiment to get the right combo for your particular system as there is no universal solution that works for everyone.

See BC's List of Virus & Malware Resources and Freeware Replacements For Common Commercial Apps.

I still have over 70 running processes. How can I tell which of these are legitimate and which are not needed?

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following links:
BC's File Database
BC's Startup Programs Database
File Research Center

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). It is not unusual for multiple instances of Svchost.exe running at the same time. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time. To investigate these processes, see "How to determine what services are running under a Svchost.exe process".

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or System Explorer to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

If you have XP Pro, you can use Tasklist to display a list of active processes.
Go to Start > Run and type: cmd
press Ok
At the command prompt type: tasklist /svc >c:\taskList.txt
press Enter
Then go to Start > Run and type: c:\taskList.txt
press Ok to view the list of processes.

The /SVC switch shows the list of active services in each process.
For help and syntax information, type the following command: tasklist /?
press ENTER or see: Syntax options

You can also use the WMI command-line utility to view and list processes.
Go to Start > Run and type: cmd
press Ok
At the command prompt type:
WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid
press Enter.

or you can type:
WMIC /OUTPUT:C:\ProcessList.txt path win32_process get Caption,Processid,Commandline
press Enter.

Then go to Start > Run and type: C:\ProcessList.txt
press Ok to view the details of all the processes.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users