I spent three hours today going through the Prep guide for this forum to try and help out my elderly neighbour. I finally did a hackthis log and wrote a long post with it in and I've come home and it seems to have not actually arrived here...
Before I go and get another log from her machine, perhaps if I explained the issues you might tell me whether it's worth going through the pain or just recommending she formats and reinstalls.... She's running xp Home 2001
She had been getting problems when using ie and searching - all sorts of porn and stuff kept popping up. Everytime she logged on a nag box talking about ashdsp.exe not working properly. Her regedit and task manager facilities were disabled (and hadn't been disabled by her). Managed to get into task manager by reseting regedit. There were suspicious processes running: mrofinu1001186.exe and 17phomes1001186.exe. Task manager kept getting disabled again. Deleted the processes were useless - they just popped up again eventually
So, I did the following as per the guide you give.
1) Cleaned out temp internet files and temp files
2) Attempted to scan her PC with Adaware but it wouldn't run (could that be because I downloaded it using my computer, burnt it to CD and then put it on her computer?)
3) Ran Spybot. Took about an hour. Found loads of stuff. I nipped back home for lunch whilst it was running and found it had rebooted the PC whilst I was eating. It seemed to finish OK after that.
4) Ran BitDefender. This found all sorts of wierd and wonderful stuff like trojan.dropper.peed.e, win32.worm.allaple.gen, trojan.delf inject.as etc. It also found mrofinu... and 17pholmes... tried to disinfect , failed, so tried to delete and failed. ashdsp.exe was successfully deleted and there's been no locking out of task manager since then. Also no dodgy porn popups. However, at the end of running BitDefender, it got down to 0 time left but then suddenly jumped to 72 hours left to run so I terminated it!
5) Ran McAfee Stinger which seemed to trundle along fine - found virut.remnants and virut.gen and mrofinu.... but then 'encountered a problem' and closed itself.
6) Tried to get latest windows security updates but couldn't because windows reckoned there were incompatibilities so gave up on that.
7) Ran the hijackthis tool. Wrote a long post, pasted the log to the bottom of it thought I'd posted it here but it seems I haven't!
After all that, ashdsp.exe no longer nags on loading up. Porn is no longer popping up when doing an internet search. But 17pholmes... and mrofinu... are still running.
My real question, I guess, is it is worth getting an new logfile for you all to look at or should I just suggest she buys a new PC? She's had this one for about 3 years.
Edited by Orange Blossom, 17 August 2008 - 01:24 PM.
Move to more appropriate forum. ~ OB