Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

POSSIBLE TROJAN HIJACKED MY COMPUTER


  • This topic is locked This topic is locked
19 replies to this topic

#1 Mickey Sabbath

Mickey Sabbath

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 17 January 2009 - 06:05 PM

Some kind of virus or malware has overrun my laptop. Every time I browse the internet with either MS Explorer or Firefox, my computer slows to a crawl in loading web pages, so much so it recalls the "prehistoric" days of dial-up.

One of those porn sites I visit infected me, I'm sure. I've contracted Computer VD, no doubt.

Here are my logs.


DDS (Ver_09-01-07.01) - NTFSx86
Run by matt at 16:53:49.42 on Sat 01/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.572 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Sygate\SSA\Smc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {CE11B5BF-66D6-48FA-966D-AE87A4FBF4C5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s
mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [vptray] c:\progra~1\navnt\vptray.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [SmcService] c:\progra~1\sygate\ssa\Smc.exe -startgui
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtuvt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\5z4zxlsh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2003-10-17 26112]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-10-17 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-10-17 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-7-16 28280]
R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2002-3-28 185984]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090114.017\NAVENG.sys [2009-1-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090114.017\NAVEX15.sys [2009-1-15 876112]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 NAVAPEL;NAVAPEL;c:\progra~1\navnt\NAVAPEL.SYS [2002-3-28 18000]
R4 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2002-3-29 471040]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2004-6-11 585728]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [2006-6-4 95232]
S3 WinPhlash;WinPhlash;c:\swsetup\sp27699\PhlashNT.sys [2003-7-23 21984]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2003-9-10 81920]

=============== Created Last 30 ================

2009-01-12 11:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-01-12 00:09 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-12 00:09 414 a------- c:\windows\system32\lame_acm.xml
2009-01-12 00:08 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-12 00:08 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-12 00:08 795,648 a------- c:\windows\system32\xvidcore.dll
2009-01-12 00:08 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-12 00:08 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-01-12 00:08 81,920 a------- c:\windows\system32\dpl100.dll
2009-01-12 00:08 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-12 00:08 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-12 00:08 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-12 00:08 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-12 00:08 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-11 23:43 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-10 23:11 <DIR> --d----- c:\program files\CleanUp!
2009-01-10 15:01 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2009-01-10 15:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 15:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 15:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 20:56 <DIR> --d----- c:\program files\AVG

==================== Find3M ====================

2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-07 16:45 2,174,976 -------- c:\windows\system32\dllcache\WMVCore.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\divx.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-02-01 19:00 354 -c-sh--- c:\windows\system32\urtfbqpc.ini2

============= FINISH: 16:55:29.85 ===============

Attached Files


Edited by Mickey Sabbath, 18 January 2009 - 10:48 AM.


BC AdBot (Login to Remove)

 


#2 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 25 January 2009 - 05:04 PM

Anyone out there who can help me or should I re-format?

I don't know how long to wait for a response before I surrender.

#3 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 30 January 2009 - 12:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#4 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 February 2009 - 12:52 PM

Thanks for the reply. I ran the scans you identified and enclose the results you requested. I uploaded the DDS.txt and the attach.txt files to this post and pasted the Malawarebytes log below.

Here's the Malawarbytes log:

Malwarebytes' Anti-Malware 1.33
Database version: 1708
Windows 5.1.2600 Service Pack 3

1/30/2009 1:15:08 PM
mbam-log-2009-01-30 (13-15-08).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 103425
Time elapsed: 1 hour(s), 44 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 01 February 2009 - 01:05 PM

The computer still runs fine, just the webpages are slow to load, correct?

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 02 February 2009 - 03:06 PM

I followed the last step you recommended, downloaded, and ran the CC Cleaner. Alas, the problem still bedevils my machine.

Each time I open a new webpage or proceed to a new site, whether I'm using MS Internet Explorer or Mozilla, I encounter a 3 minute delay before each page loads.

The Task Manager shows that the page load consumes 100% of my CPU usage, 50-60% of which is registered under the penultimate process, SYSTEM.

I've never had this problem before. I've owned the machine for 2 years and until recently, it loaded even the most graphically intricate webpage in seconds, regardless of the connection's download speed

The computer is a Compaq Nx9010 with has a 3.0 Ghz Processor and 960MB RAM, so I can't fathom the hardware is creating the problem.

If you have any further suggestions, I'd sincerely welcome them.

I'm almost ready to surrender, resort to the nuclear option, and re-format the entire machine (or drop it out of an airplane and return to a typewriter)

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 02 February 2009 - 04:01 PM

I'm almost ready to surrender, resort to the nuclear option, and re-format the entire machine (or drop it out of an airplane and return to a typewriter)


Please don't go this route yet.

Run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 02 February 2009 - 06:03 PM

Okay, thanks, for restoring sanity.

I enclose the combo fix log; perhaps, this will help us both.

Attached Files



#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 02 February 2009 - 07:35 PM

I have 3 files that I am curious about.

Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:Search System folders
Search Hidden Files and folders
Search SubFolders
The 3 files I am curious about are
c:\windows\system32\d3d9caps.dat
c:\windows\system32\jpfyohgs.dll
c:\windows\mrofinu572.exe

Do a search for them using the above instructions (do a search for the file, the location is where combofix said they were or are). And if you find them run them thru VirusTotal and post up the results. The first two I believe are gone, but the third one is still around.


How is the computer running now?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 03 February 2009 - 12:12 PM

I couldn't locate the second and third files, only the first, that is, d3d9caps.date. I enclose the results below.

The computer performance has improved however, since I ran combofix last night.

***************************************



d3d9caps.dat received on 02.03.2009 18:01:21 (CET)Antivirus Version Last Update Result

a-squared 4.0.0.93 2009.02.03 -
AhnLab-V3 5.0.0.2 2009.02.03 -
AntiVir 7.9.0.71 2009.02.03 -
Authentium 5.1.0.4 2009.02.03 -
Avast 4.8.1281.0 2009.02.03 -
AVG 8.0.0.229 2009.02.03 -
BitDefender 7.2 2009.02.03 -
CAT-QuickHeal 10.00 2009.02.03 -
ClamAV 0.94.1 2009.02.03 -
Comodo 961 2009.02.03 -
DrWeb 4.44.0.09170 2009.02.03 -
eSafe 7.0.17.0 2009.02.01 -
eTrust-Vet 31.6.6339 2009.02.03 -
F-Prot 4.4.4.56 2009.02.02 -
F-Secure 8.0.14470.0 2009.02.03 -
Fortinet 3.117.0.0 2009.02.03 -
GData 19 2009.02.03 -
Ikarus T3.1.1.45.0 2009.02.03 -
K7AntiVirus 7.10.617 2009.02.03 -
Kaspersky 7.0.0.125 2009.02.03 -
McAfee 5514 2009.02.02 -
McAfee+Artemis 5514 2009.02.02 -
Microsoft 1.4306 2009.02.03 -
NOD32 3822 2009.02.03 -
Norman 6.00.02 2009.02.03 -
nProtect 2009.1.8.0 2009.02.03 -
Panda 9.5.1.2 2009.02.03 -
PCTools 4.4.2.0 2009.02.03 -
Prevx1 V2 2009.02.03 -
Rising 21.15.10.00 2009.02.03 -
SecureWeb-Gateway 6.7.6 2009.02.03 -
Sophos 4.38.0 2009.02.03 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.03 -
TheHacker 6.3.1.5.245 2009.02.03 -
TrendMicro 8.700.0.1004 2009.02.03 -
VBA32 3.12.8.12 2009.02.03 -
ViRobot 2009.2.3.1587 2009.02.03 -
VirusBuster 4.5.11.0 2009.02.03 -

Additional information
File size: 664 bytes
MD5...: cb710437d5acdc6cbc142ab4fb802ba3
SHA1..: 7331c98ffa0c5b7882305d275e1a6a7068c0bfa2
SHA256: 5c4758b6ed779f9dada538e33b378f90afcca51c211151116d353a731a624e6d
SHA512: 36999e700109946b613c82881b50177d19428b1120805c31afac7c27aa64927a<BR>0d1b1d97c2782a3964deac1bca265e1f11944b8eac30bed129886872d359a110<BR>
ssdeep: 3:dnIlq+Tyl/l1lllatlmolllCltBlljlll/Dll:mq+C/Aw4llCl<BR>
PEiD..: -
TrID..: File type identification<BR>Targa bitmap (Original TGA Format) (63.6%)<BR>MS Flight Simulator Aircraft Performance Info (36.3%)
PEInfo: -


*************************************************************************

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 03 February 2009 - 12:29 PM

How is your computer running now? You say it is better, but is it back to normal? Are you seeing any popups out of the ordinary or a particular kind of ad? Any out of the ordinary activity with your connection?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 04 February 2009 - 11:10 AM

The laptop still suffers from the same problem, albeit the measure we've administered thus far have mitigated its severity.

At present, the delay in loading webpages designed with graphics of any kind-- that is, pretty much every site but Google-- lasts 45 sec to 90 sec. instead of the 2-3 minutes it took previously.

During the delay, the CPU usage via the task manager rises to 100%. The Process called "System" registers between 45 to 50% of the CPU's usage; iexplorer registers the rest.

Any suggestions?

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 04 February 2009 - 12:13 PM

Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7:

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

Let me know if this has any affect.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 Mickey Sabbath

Mickey Sabbath
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 04 February 2009 - 04:06 PM

I didn't have IE Version 7.0, so I downloaded it, updated 6.0, and followed your instructions.

To no avail, however. In fact, whatever problem I had before has returned in full. The time it takes to load a page has increased to 2-3 minutes again. Even pages devoid of graphics like Google cause a long delay.

The Process identified as "System," once again, seems to explain it because it spikes to between 40 and 60% of CPU Usage each time I load a new page. (The "iexplorer" process exhausts the remaining 40 to 60% of my CPU's Usage)

Only after the page has loaded, and 2-3 minutes has elapsed, does the System process returned to 0%.

BTW, the reason I initially attributed the problem to a Trojan is because when the problem first began, whatever I malware I, inadvertently, downloaded would thwart the loading of my firewall upon startup. I had to un-install and re-install Sygate as a consequence. Does that, perhaps, offer any greater insight into my problem?

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:18 PM

Posted 04 February 2009 - 04:35 PM

Not really, there are too many thing that can cause that problem.

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.

* You may receive an alert on the address bar at this point to install the ActiveX control.
* Click on that alert and then click "Install ActiveX component".
* Read the license agreement and click "Accept".
* Click "Full System Scan" to download the scanning components and begin scan and cleaning.
* When the scan completes, click the "I want to decide item by item" button.
* For each item found, Select "Disinfect" and click "Next".
* When done, click the "Show Report" button, then copy and paste the entire report into your next reply.
This scan can take several hours, so please be patient.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users