Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan(s)


  • Please log in to reply
5 replies to this topic

#1 Ellagon

Ellagon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 21 October 2009 - 03:16 PM

Hi, basically my problem started off about 2-3 days ago, but only surfaced towards me yesterday. Yesterday when I tried to run firefox, it was quite slow, and then afterwards my brother was unable to run it all, unless in safe mode and even then it was quite sluggish. After this I didn't go on my pc for a few hours, came back and was unable to load up firefox at all, except for in firefox safe mode, with no add-ons running, and even then it was bad. So I planned to uninstall Firefox, and then reinstall it.

I uninstall firefox, with my computer still being much slower than normal (e.g. Msn refused to open). I try to open up internet explorer to not avail, then Safari which seems to be working (I'm using it currently). Thinking I had a regular virus or malware (I'm not an expert on this), I downloaded avira and tried to install it...it froze halfway through the installation...

Since that incident, whenever I've tried to download a new file in Safari, I click on the download link, and then if I click "save as" and the designated folder "OK" it just freezes, the whole of Safari and I have to close it, and reopen it. Whenever I just try to "Run" a file instead of save, it downloads nearly all of it, and then it abruptly freezes making me having to close the browser once more.

So with me unable to download nor install an Anti-Virus Program onto here (If I boot a Norton CD, and press install...it then freezes and I have to close it again). I then attempted to install AV programs onto my other desktop, and put it onto my shared network, and hopefully to no luck as my old desktop failed to install them correctly (It is EXTREMELY old). I then got my brother to install norton onto his laptop, and then put it into the network... That doesn't work as well, since when I try to run the "Norton.exe" icon from his desktop, it says "Please check that you are connected to the network..." and blah blah, which is ridiculous because I can still access the files ON the network.

Not only this, my computer has been extremely slow in doing things (randomly freezing up when opening iTunes, which is stupid because it normally manages this perfectly fine), and when I went into Control Panel>User accounts, nothing happened, until 20 minutes later where the user accounts suddenly came up. So at the moment I'm running out of options and it seems to me that a reformat is most likely in order (Though I would much prefer to just get rid of this virus without having to reformat to avoid much hassle).

Anyway, I've also gone through Task Manager and googling suspicious processes, and the most suspicious ones I have come up with are: spoolsv.exe and csrss.exe. I've tried terminating the csrss.exe process, but unfortunately I get a "This is a critical system process. Task Manager cannot end this process". I have however used the Windows Search through my PC for this "csrss.exe" and it has located it within the following locations.

csrss.exe > C:\WINDOWS\$NtServicePackUninstall$
CSRSS.EXE-22452D1B.pf > C:\WINDOWS\Prefetch
csrss.exe > C:\WINDOWS\system32
csrss.exe > C:\WINDOWS\ServicePackFiles\i386

Also I'm not sure if this helps, but before whenever I logged onto my account, I got about 3 of the exact same messages saying ""Server.Exe." has crashed and we are sorry for this inconvenience...blahblahblah". However this changed after, I went into msconfig and disabled "SeaPort" from booting up, due to me thinking then it was a possible cause.
Furthermore, before anyone asks, I CANNOT install Norton 09 even in Safe Mode, as it asks me to go to normal mode to do so...

Anyway, thank you for your help (I hope :thumbsup:). And now I'm debating whether or not to go into safe mode and delete those files I've listed above...I guess I might as well wait for a qualified answer so I don't screw things up anymore lol :flowers:.

Edit, just wanted to say that before when I searched for it, I DID delete the csrss.exe file in "C:\i386" however it seems it's returned...=|. Also I do use Windows XP in case that helps.
Edit 2: Some programs just refuse to open up altogether. Wheres for others, I'll start them up but then I'll get a "xxx.exe has crashed. Sorry for the inconveniance" but then it'll start up normally after...

Edited by Ellagon, 21 October 2009 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 Ellagon

Ellagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 22 October 2009 - 10:32 AM

Bump

#3 Ellagon

Ellagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 22 October 2009 - 03:17 PM

bump again..

#4 Michael York

Michael York

    Authorized Symantec Representative


  • Members
  • 118 posts
  • OFFLINE
  •  
  • Location:San Francisco, California
  • Local time:08:45 PM

Posted 23 October 2009 - 03:36 PM

Hi, basically my problem started off about 2-3 days ago, but only surfaced towards me yesterday. Yesterday when I tried to run firefox, it was quite slow, and then afterwards my brother was unable to run it all, unless in safe mode and even then it was quite sluggish. After this I didn't go on my pc for a few hours, came back and was unable to load up firefox at all, except for in firefox safe mode, with no add-ons running, and even then it was bad. So I planned to uninstall Firefox, and then reinstall it.

I uninstall firefox, with my computer still being much slower than normal (e.g. Msn refused to open). I try to open up internet explorer to not avail, then Safari which seems to be working (I'm using it currently). Thinking I had a regular virus or malware (I'm not an expert on this), I downloaded avira and tried to install it...it froze halfway through the installation...

Since that incident, whenever I've tried to download a new file in Safari, I click on the download link, and then if I click "save as" and the designated folder "OK" it just freezes, the whole of Safari and I have to close it, and reopen it. Whenever I just try to "Run" a file instead of save, it downloads nearly all of it, and then it abruptly freezes making me having to close the browser once more.

So with me unable to download nor install an Anti-Virus Program onto here (If I boot a Norton CD, and press install...it then freezes and I have to close it again). I then attempted to install AV programs onto my other desktop, and put it onto my shared network, and hopefully to no luck as my old desktop failed to install them correctly (It is EXTREMELY old). I then got my brother to install norton onto his laptop, and then put it into the network... That doesn't work as well, since when I try to run the "Norton.exe" icon from his desktop, it says "Please check that you are connected to the network..." and blah blah, which is ridiculous because I can still access the files ON the network.

Not only this, my computer has been extremely slow in doing things (randomly freezing up when opening iTunes, which is stupid because it normally manages this perfectly fine), and when I went into Control Panel>User accounts, nothing happened, until 20 minutes later where the user accounts suddenly came up. So at the moment I'm running out of options and it seems to me that a reformat is most likely in order (Though I would much prefer to just get rid of this virus without having to reformat to avoid much hassle).

Anyway, I've also gone through Task Manager and googling suspicious processes, and the most suspicious ones I have come up with are: spoolsv.exe and csrss.exe. I've tried terminating the csrss.exe process, but unfortunately I get a "This is a critical system process. Task Manager cannot end this process". I have however used the Windows Search through my PC for this "csrss.exe" and it has located it within the following locations.

csrss.exe > C:\WINDOWS\$NtServicePackUninstall$
CSRSS.EXE-22452D1B.pf > C:\WINDOWS\Prefetch
csrss.exe > C:\WINDOWS\system32
csrss.exe > C:\WINDOWS\ServicePackFiles\i386

Also I'm not sure if this helps, but before whenever I logged onto my account, I got about 3 of the exact same messages saying ""Server.Exe." has crashed and we are sorry for this inconvenience...blahblahblah". However this changed after, I went into msconfig and disabled "SeaPort" from booting up, due to me thinking then it was a possible cause.
Furthermore, before anyone asks, I CANNOT install Norton 09 even in Safe Mode, as it asks me to go to normal mode to do so...

Anyway, thank you for your help (I hope :thumbsup: ). And now I'm debating whether or not to go into safe mode and delete those files I've listed above...I guess I might as well wait for a qualified answer so I don't screw things up anymore lol :flowers: .

Edit, just wanted to say that before when I searched for it, I DID delete the csrss.exe file in "C:\i386" however it seems it's returned...=|. Also I do use Windows XP in case that helps.
Edit 2: Some programs just refuse to open up altogether. Wheres for others, I'll start them up but then I'll get a "xxx.exe has crashed. Sorry for the inconveniance" but then it'll start up normally after...


Hi Ellagon,

This is Mike from the Norton Authorized Support Team.

Which Norton product and version were you trying to install? Please let me know.

It sounds like you may have infections on your computer or you may have a software conflict that can be causing these problems. The first thing I would advise you to do is to remove Avira and any other real-time security applications. I would advise you to look for a removal tool for Avira and any other security applications to make sure that all traces are removed. Restart your computer after you have removed the application(s). After you complete this step, please follow the instructions in the link below to download and run the free Norton Security Scan to check for infections.

Download and run the Norton Security Scanner

After the scan has completed, let me know if any infections were found, and if so, the names of the infections and also let me know if the scanner was able to remove the infections. After this is completed, and assuming there are no major infections on your system, I will then provide you with the proper instructions to remove and reinstall the latest version of your Norton product.


Thank you,
Mike

Edited by Michael York, 23 October 2009 - 03:41 PM.

Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

#5 Ellagon

Ellagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 24 October 2009 - 07:09 AM

Hi Ellagon,

This is Mike from the Norton Authorized Support Team.

Which Norton product and version were you trying to install? Please let me know.

It sounds like you may have infections on your computer or you may have a software conflict that can be causing these problems. The first thing I would advise you to do is to remove Avira and any other real-time security applications. I would advise you to look for a removal tool for Avira and any other security applications to make sure that all traces are removed. Restart your computer after you have removed the application(s). After you complete this step, please follow the instructions in the link below to download and run the free Norton Security Scan to check for infections.

Download and run the Norton Security Scanner

After the scan has completed, let me know if any infections were found, and if so, the names of the infections and also let me know if the scanner was able to remove the infections. After this is completed, and assuming there are no major infections on your system, I will then provide you with the proper instructions to remove and reinstall the latest version of your Norton product.


Thank you,
Mike



I was trying to install Norton Antivirus 2009. And I don't mean to be rude but, I actually stated before that I don't have Avira installed because halfway during the setup it just froze spontaneously, and I have no other real-time security applications. Also, as I stated before in my post I cannot actually download anything because then my browser crashes when it is like 90% done. Furthermore, in this time period since you're post, iTunes has been unable to open up completely, but still appears in the Task Manager when I try. And I've tried to run HijackThis but unfortunately that also freezes up 90% of the way through...

And I've attempted to go through the regedit on the suggestion a friend, but I've been blocked from going onto the tab called "HKEY_CLASSES_ROOTS" as once I click on that it freezes. Though I'm able to access through any of the other tabs.

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:12:45 AM

Posted 25 October 2009 - 08:10 PM

:inlove:
Please download to your Desktop

Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr

When you double-click on the Desktop icon, a small DOS window will open and the application will run on it's own
It should only take a few minutes and it will close by itself

Do not reboot the machine

===========================

:flowers:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
===================================

:thumbsup:
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:trumpet: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users