Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need advice..and have a question...


  • This topic is locked This topic is locked
10 replies to this topic

#1 cajunnurse

cajunnurse

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 12:53 AM

Okay here is my situation. My old pc is dead for the moment. It caught a bad case of Virtumonde and Win32.virut. That is for another time...
After a usb with some files that were backed up in safe mode and scanned clean was inserted in our brand spanking new computer Norton detected Win32.virut and "deleted" it. I scanned with Spybot S&D, malwarebytes, and Norton. All came back clean.

This evening on restarting my computer I noticed that Norton didn't come up with start up, and the internet was really slow to start as well. So I started snooping around. I ran all scanners again and all came up clean, but when searching my "recent history" in Norton I almost fell out over all the "invasion attempts". I mean thousands! Of coarse all my old friends were there. So I scanned some more and started looking at my window settings. My firewall and windows defender were off. I know I had them on. We haven't even had this computer for a week so I can't remeber if I had looked since registering and running Norton. Does Norton disable windows firewall and defender?

My computer is still really fast, but there is hardly anything on it! I really need help with this. I did change some settings to make explorer more secure. I was in process disabling some activex controls shortly before I got the Win32Rundll error and it shut down. I remeber seeing that once apon a time on my old pc.



Please someone help me before my new computer becomes a nightmare!!

UDATE
Here is a link to my Hijack this log.

http://www.bleepingcomputer.com/forums/topic223877.html

Edited by cajunnurse, 02 May 2009 - 02:18 AM.

Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

BC AdBot (Login to Remove)

 


#2 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 12:54 AM

I was trying to post my log and was told I had the "wrong version" or some such. I had never downloaded it, just "ran" it and scanned with it and pasted the log here. So there was nothing to delete from my computer, right? Well I followed the directions and can scan, but it says it can not detect the right path? to my saved log file. I am so frustrated!

Here is a link to my problem...does anyone have any ideas on how to fix this so I can repost my log? My original post just poofed up into thin air I guess...
http://www.bleepingcomputer.com/forums/t/223867/need-adviceand-have-a-question/

I am sorry if I am going about this all wrong, this is my first time to use the site and I am just so tired and frustrated right now! :thumbsup:
Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#3 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 01:53 AM

Still trying to figure out what is going on with hijack this. Would love if someone could help me out here. I can scan but the log will not show.
I am still trying to figure out vista, but I did find this under "problem reports". This recorded when rundll32. crashed...
Product
Windows host process (Rundll32)

Problem
Stopped working

Date
5/1/2009 11:42 PM

Status
Report Sent

Problem signature
Problem Event Name: APPCRASH
Application Name: rundll32.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549bb52
Fault Module Name: inetcpl.cpl
Fault Module Version: 7.0.6001.18000
Fault Module Timestamp: 4791ad54
Exception Code: c0000005
Exception Offset: 0000000000075b9c
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: 4bc7
Additional Information 2: 776d47443c951b2893f0905ce04abfb5
Additional Information 3: 0bb0
Additional Information 4: 8f81a6daeeecf71ee76939d0ea1b0fbb

Extra information about the problem
Bucket ID: 1125753
Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:32 PM

Posted 02 May 2009 - 08:36 AM

Moved from HJT forum.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:32 PM

Posted 02 May 2009 - 10:03 AM

Hi,maybe we can get a quick scan here and get a clue..

Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 01:25 PM

Thanks for getting back to me.
I already have MBAM installed and I am running another update. I also just ran hijack this again and will post both logs.

Krista

**update**
Sorry, I just noticed you said to uninstall and reinstall MBAM..I am in the process now and will post logs.

Edited by cajunnurse, 02 May 2009 - 01:31 PM.

Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#7 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 01:44 PM

Okay here are my logs.
After reinstalling MBAM I ran a quick scan as you suggested. It came back clean so did not reboot my system. Please let me know if I need to do this anyway.

MBAM log.
Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 6.0.6001 Service Pack 1

5/2/2009 1:40:28 PM
mbam-log-2009-05-02 (13-40-28).txt

Scan type: Quick Scan
Objects scanned: 63738
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack this log. (please not this is from before the uninstall/reinstall of MBAM, please let me know if you need me to do another scan with hijack this)
http://www.bleepingcomputer.com/forums/topic223929.html

Thanks again for you quick reply. I am so worried about my new computer.

Edited by cajunnurse, 02 May 2009 - 02:55 PM.

Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#8 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 05:01 PM

I just wanted you to know that I really appreciate your help. I do have a question. As I said I am new to this forum and I am kind of confused by this process. I haven't posted my full hijack this log here because the rules say not too, but my hijack this log is the only thing showing suspicious activity right now as all my scans are coming up clean since Norton "removed" the Virut virus, but my computer is still behaving strangely at times. I am getting no replies on the hijack this forum even though it says it operates on a first come first serve basis. I have seen posts posted way afer mine being dealt with. Is noone looking at my log because you are assisting me, or do you look at it? I am sorry if this is coming out wrong, I am just trying to understand the process.

Thanks

Edited by cajunnurse, 02 May 2009 - 05:02 PM.

Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:32 PM

Posted 02 May 2009 - 07:35 PM

Hello I have been looking at this several time s today. It seems the least likekely cuprit is malware and a good scanner seems to be bearing this out. So I have seen references to a bad driver and bad Memory (RAM) as the most likely cause.
How old is your machine is it still under warranty? ..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 cajunnurse

cajunnurse
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:32 PM

Posted 02 May 2009 - 07:41 PM

My system is less than a week old. My specs are in my profile, but I'm running on 8g of ram. Did you look at my HJT log, or does someone else do that? There are alot of fishy things at the bottom with (missing file) behind them.

Here is just one like it..there are tons...
@%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

Edited by cajunnurse, 02 May 2009 - 07:45 PM.

Posted Image
Thank you to all of the wonderful people here at this forum for all of your time and effort!

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:32 PM

Posted 02 May 2009 - 09:16 PM

Hello cajunnurse,

I see that you have a HiJack This log posted here: http://www.bleepingcomputer.com/forums/topic223929.html We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.

This leaves you with a choice:

1) Have this thread reopened and the HiJack This log topic deleted

OR


2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.

Please send a Private Message to boopme or myself indicating your choice.

Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users