Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big problem :( dead internet and slow PC...


  • Please log in to reply
1 reply to this topic

#1 1eimis

1eimis

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 29 June 2009 - 04:38 PM

Hi everyone pls help me with my problem ;( today message i got message from AVG like.. "Potentially unwanted program!

file name: C:\windows\system32\drivers\sysdrv32.sys

threat name: potentially harmful program HackTool.GSQ

i just cant remove it from my pc he killed my internet pc now are very slow my internet connection works about 1-3mins then internet just "dies" and i have to reboot pc... i just dont know what to do... i trying to kill him about 10hours...now.. i looked for help in forums searched in this web site but still nothing... i downloaded "avanger" "combo-fix" "anti-malware" but still they do not helped... D: but when i scaned my computer with "anti malware" he founded 7 infections he deleted all 7 but 1 still recovers.. "trojan black door or smth" and when i scaned my pc 2 time he found just that one but when i scaned pc 4hours later... he founed 3 new back door's :/ i just dont know what to do... :thumbsup: help me pls...





sorry for my bad English.. English isint my nation language and i never studyed EN language

Edited by The weatherman, 29 June 2009 - 04:55 PM.
Moved from hjt to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 July 2009 - 09:43 AM

Hi 1eimis,

Nice to see you.


If you use your computer for any financial transactions, you need to disconnect it from the internet and look at the instructions in the Quotes box below. You will have to change all your passwords.

If your computer is hooked up to any other computers, you need to disconnect it from them.

If you are using any flash drives, you will need to clean them.

We will do some things here for preparation, and then I will send you to another forum for more specific removal.

First the warning about financial problems and how to deal with them in the quotes box. Then the rest of the instructions after that:

BackDoor Trojans

Backdoor Trojans are the most dangerous and most widespread type of Trojan. They provide the author or "master" of the Trojan with remote "administrative" access and control to the infected machines. Unlike legitimate remote administration utilities, backdooors install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more. In other words, take over the control of your computer.

Disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

In addition to the backdoor Trojan that has been identified, your computer has other infections as well. Although we can attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.


You have two options now, and how we proceed here, will depend on which choice you make. If you want to attempt to clean the machine, we can, but you will not know if the trojan left an entry to your machine which we can't identify. The other choice would be to reformat and reinstall your operating system. I'll post a couple of links to help you with the changing of your passwords, and if you want to reinstall, instructions for that. This decision depends to some degree on what the computer is used for.


Finally, you should be aware that even if we successfully remove these infections from your computer, some parts of the computer's system may be altered by the removal process itself, which could prevent it from ever regaining its former stability or full functionality without a reformat.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

If you have any questions, please ask.
Please post back to let me know what you've decided.


Please do the following. If you can't do something, just go on. You may have to rename MalwareBytes for both the installation and for running it. Try it normally first. If it won't run, you can change the name of mbam.exe to IByte.scr or IByte.cmd and see if that will help.


Before you start,
if you can find the driver that is causing problems, rename it from sysdrv32.sys to sysdrv32.sys.zzz
(add .zzz to the end) and don't reboot.



Step 1: ATF Cleaner



If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, right-click on the icon and select "run as Administrator".


Please download ATF Cleaner by Atribune & save it to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



Step 2: MalwareBytes


Please download Malwarebytes Anti-Malware and save it to your desktop.
MalwareBytes

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable security programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Step 3: Please post the logs or reports for the following:MalwareBytes
Let me know how this went?
Zllio

Edited by Zllio, 02 July 2009 - 09:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users