Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Somethings wrong :(


  • Please log in to reply
8 replies to this topic

#1 yass

yass

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 22 March 2009 - 03:02 AM

Hey everyone. Im pretty sure there is something definately wrong on my computer. I dont see any virus or spyware sytoms but i used to be able to run photoshop like instantly and now it takes a good 5 minutes to get through the loading screen. Same with dreamweaver. And especially firefox even the page loads are slow this is my biggest issue cause i need speed on my net. The data transfer happens fast the test at 2wire.com says im 1.6 mbps but the page display by the program is slow :thumbsup:

Help would be sooo awesome thanks everyone

BC AdBot (Login to Remove)

 


#2 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 22 March 2009 - 01:14 PM

So i just ran "malwarebyetes anti malware" and also "SUPERAntiSpyware" and i was infected i have the logs. But I notice my computer is still slow. Here are the logs:

I ran SUPER first then malware. I have logs should i post?




I want to also defrag my computer but I've never done that really

Edited by yass, 22 March 2009 - 01:15 PM.


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:04 PM

Posted 22 March 2009 - 07:33 PM

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Then

Update mbam and run a FULL scan
Please post the results

Then rescan with superabtispyware and post that log also
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 23 March 2009 - 04:18 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/22/2009 at 04:21 AM

Application Version : 4.21.1004

Core Rules Database Version : 3808
Trace Rules Database Version: 1763

Scan type : Complete Scan
Total Scan Time : 01:27:51

Memory items scanned : 276
Memory threats detected : 1
Registry items scanned : 4119
Registry threats detected : 21
File items scanned : 34217
File threats detected : 37

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\ZIFEHODO.DLL
C:\WINDOWS\SYSTEM32\ZIFEHODO.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DATUSESI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@atdmt[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@ad.yieldmanager[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@media6degrees[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@statcounter[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@oasn04.247realmedia[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@gadget[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@overture[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@stat.dealtime[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@advertising[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@apmebf[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@myroitracking[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@hornymatches[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@doubleclick[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@adserver.adtechus[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@lstat.youku[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@server.cpmstar[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@trafficmp[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@ordie.adbureau[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@bs.serving-sys[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@evenmorestats[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@serving[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@serving-sys[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@fastclick[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@traffic-go[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@kanoodle[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@247realmedia[2].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@viacom.adbureau[1].txt
C:\Documents and Settings\Humaira Sultana\Cookies\humaira sultana@www.socialtrack[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\MS Track System
HKLM\SOFTWARE\Microsoft\MS Track System#Uid
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKLM\Software\Microsoft\E0BC30D3
HKLM\Software\Microsoft\E0BC30D3#e0bc30d3
HKLM\Software\Microsoft\E0BC30D3#Version
HKLM\Software\Microsoft\E0BC30D3#e0bc9d53
HKLM\Software\Microsoft\E0BC30D3#e0bcf4b6
HKU\S-1-5-21-746137067-113007714-1957994488-1007\Software\Microsoft\FIAS4051

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-746137067-113007714-1957994488-1007\SOFTWARE\Microsoft\fias4013

Trojan.Unclassified/Loader-Suspicious
C:\DOCUMENTS AND SETTINGS\HUMAIRA SULTANA\DESKTOP\NEOPETS\NEW_SWFS\LOADER.EXE

Adware.Vundo/Variant-MSFake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C301C20-32BA-4744-8475-62212DDC0A70}\RP769\A0217109.DLL

Adware.Vundo/Variant-AdobeFake
C:\WINDOWS\SYSTEM32\BEKAYUYE.DLL
C:\WINDOWS\SYSTEM32\FITELIWO.DLL
C:\WINDOWS\SYSTEM32\JEPEYIJA.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Humaira Sultana\Local Settings\Temporary Internet Files\Content.IE5\IJ2L45KL\l.s.bg1z[1].gif
C:\Documents and Settings\Humaira Sultana\Local Settings\Temporary Internet Files\Content.IE5\8HE3GLUN\l.s.bg2z[1].gif



Then i ran Malware

Malwarebytes' Anti-Malware 1.34
Database version: 1883
Windows 5.1.2600 Service Pack 2

3/22/2009 11:02:05 AM
mbam-log-2009-03-22 (11-02-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 146641
Time elapsed: 1 hour(s), 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jamijogu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jpjwep.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d7303e5-9fe6-4d2e-81f8-7215a058c251} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d7303e5-9fe6-4d2e-81f8-7215a058c251} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060cf367-3a44-49fb-a195-6abef6b28ad4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{060cf367-3a44-49fb-a195-6abef6b28ad4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b61178ff-c912-44cc-a93e-ba1d0cbb3efe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b61178ff-c912-44cc-a93e-ba1d0cbb3efe} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d7303e5-9fe6-4d2e-81f8-7215a058c251} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0bc225d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yamadekusi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme38f11c1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jpjwep.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jamijogu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ugojimaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.




2nd run with 2nd update mbam:

Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 2

3/23/2009 7:04:04 AM
mbam-log-2009-03-23 (07-04-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128990
Time elapsed: 1 hour(s), 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2nd run anti spyware with 2nd update:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2009 at 08:14 AM

Application Version : 4.21.1004

Core Rules Database Version : 3809
Trace Rules Database Version: 1763

Scan type : Complete Scan
Total Scan Time : 00:57:23

Memory items scanned : 249
Memory threats detected : 0
Registry items scanned : 4107
Registry threats detected : 1
File items scanned : 18863
File threats detected : 1

Rogue.Component/Trace
HKU\S-1-5-21-746137067-113007714-1957994488-1007\Software\Microsoft\FIAS4051

Trojan.Unclassified/Loader-Suspicious
C:\DOCUMENTS AND SETTINGS\HUMAIRA SULTANA\DESKTOP\NEOPETS\NEW_SWFS\LOADER.EXE


Even after all this i got a popup while using Firefox :thumbsup: And the computre seems still llike a slug :flowers:

Edited by yass, 23 March 2009 - 09:58 PM.


#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:04 PM

Posted 24 March 2009 - 03:25 PM

Full tutorial:
http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/


Please print out and follow these instructions: "How to use SDFix".
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 March 2009 - 07:21 PM

Ive been reading the full totorial and SDFix is for removing an infection i know of right? I don't know of the infection though :thumbsup:

I'm wondering is it a problem if 5 svchosts running and then one of them takes like 16k mem usage. Here's a screenshot of my task manager.

Thanks a lot garmanma for helping out :trumpet: I really want my computer to be fast again :flowers:

Posted Image

#7 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 03 April 2009 - 10:31 PM

Help Please :thumbsup:

#8 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 10 April 2009 - 01:41 PM

Can someone reply to my post #6 please :thumbsup: im worried about those svchosts :flowers:

#9 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:04 AM

Posted 10 April 2009 - 05:05 PM

i am using vista and i know its different but i have 74 processes running to your 23 and there are 12 svchosts running.i am not worried by this as i did a process scan on a microsoft website and it said no bad processes running




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users