Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Slowly


  • Please log in to reply
1 reply to this topic

#1 LarrysHomework

LarrysHomework

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 08 August 2009 - 09:55 PM

My computer (Windows XP home edition) has been running very slowly lately, and I can't really find a reason for it, most of the scans I've run (with McAfee, IOBit Security, and SDFix) haven't really found much, just the usual tracking cookies, but Malewarebyte's Anti-Malware, has found 31 items:

Files Infected:
C:\WINDOWS\ixedexyj._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\iuengine32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\instsp1.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Irureyesogufut.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Internet.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\internat.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Isass32.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\iPodFixer.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\issms32.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\ipynixu.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\ipekyn.scr (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\ixywuwac.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\izifejel.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\ipwypktx.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\ipwypwpk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\ios.dat (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\j6442922.exe (Worm.Brontok) -> Delete on reboot.
C:\WINDOWS\j6456422.exe (Worm.Brontok) -> Delete on reboot.
C:\WINDOWS\j8j88j.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\java\classes\ccwinlogins.exe (Backdoor.Agent) -> Delete on reboot.
C:\WINDOWS\J-H4ck3R.exe (Backdoor.Bifrose) -> Delete on reboot.
C:\WINDOWS\Installers.exe (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\java\classes\CLIPORV.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\java\classes\CLIPORV.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Intrenet Explorer.lnk (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\Intrenet.html (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\isscs32.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\iTuneshelp.exe (Worm.Netsky) -> Delete on reboot.
C:\WINDOWS\InternetSoftware-1.dll (Fake.Malware) -> Delete on reboot.

None of which are deleted on reboot. None of these files seems to exist on the computer either, and can never be found. McAfee security protection is disabled, along with automatic updates, system restore, and the System32 folder cannot be accessed expect through the Run command. Anyone have any idea what it might be?

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:52 AM

Posted 08 August 2009 - 10:46 PM

You've got a rootkit on your system.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."
  • Go HERE, HERE, or HERE and download RootRepeal.zip to your Desktop.
Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
Rootrepeal Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users