Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows xp problem persists


  • This topic is locked This topic is locked
48 replies to this topic

#1 BakedDaily

BakedDaily

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 01 December 2009 - 08:40 PM

Computer locks up randomly especially when i get on the internet .I ran Avira antivirus webroot antivirus malwarebytes bit defender spybot s&d what else .... i have abnormally slow boot , everything i try to open takes a minute to load .

I already defragged computer , check for memory problems, Updated all

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 01 December 2009 - 08:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

RootRepeal is flagging MBR rootkit activity so we need to run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 02 December 2009 - 09:56 AM

Ok here is the combo fix log that you requested. There was a message that poped up while using combo fix about a drive not being ready its stated (exception processing message c00000a3 paremeters 75b6f7c 4 75b6f7c 75b6f7c ).

I closed every anti virus program that i could , bit defeneder wouldnt close so i disabled the guard options. The instructions you provide on my version of bitdefender on how to disable are not compatible. Should i try to go to msconfig and prevent any antivirus program from opening at all for one time to run combo fix again or should this be good enough?

Attached Files


Edited by BakedDaily, 02 December 2009 - 03:14 PM.


#4 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 02 December 2009 - 10:05 AM

ill be standing by for instructions from you

Edited by BakedDaily, 02 December 2009 - 03:15 PM.


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 02 December 2009 - 06:37 PM

Okay, firstly have those runs of Combofix made a difference to any of your symptoms?

Next we will run MBAM to clean up anything else that may be there

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#6 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 02 December 2009 - 07:09 PM

nah combo fix didnt do anything noticable and i already have malwarebytes installed on my computer
and i have already scanned with it not sure if it produces a log file or not if so i will post it shortly

#7 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 02 December 2009 - 10:02 PM

ok here is the mbam log nothing was found by it or webroot antispyware ,spybot, bit defender
mbam scan log Attached File  mbam_log_2009_12_02__20_58_54_.txt   851bytes   4 downloads

Attached Files


Edited by BakedDaily, 02 December 2009 - 10:22 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 03 December 2009 - 07:44 AM

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r
Posted Image
m0le is a proud member of UNITE

#9 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 03 December 2009 - 09:46 AM

i left computer running over night and the auto scan on bit defender found :\Documents and Settings\Chris\Local Settings\Application Data\Identities\{8B043C02-176B-4CCD-B965-ED0BD09CC9AA}\Microsoft\Outlook Express\Deleted Items.dbx=](message 1): hack=][Subject: hack][Date: Wed, 18 Feb 2009 13:07:12 -0600]=](MIME part)=]FKINJ.EXE Trojan.Generic.1773674 and automatically deleted the file im not sure if it did any thing but im running the program you just posted and will post log as soon as it is completed

#10 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 03 December 2009 - 10:12 AM

ok here is the log from windiag dont thing it worked properly im not sure
Attached File  Win32kDiag.txt   310bytes   6 downloads

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 03 December 2009 - 05:32 PM

Yes, it worked properly. That is a log from a clean PC.

I'm now beginning to think that this is not malware and that the symptoms are from damage that the rootkit has caused.

We are going to run chkdsk which will verify and repair the file system

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.

Let me know how the PC runs after that. :(
Posted Image
m0le is a proud member of UNITE

#12 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 03 December 2009 - 08:19 PM

had a slow boot up and logon but seems to be working good im test it for a few hours and will let ya know whats up

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:54 PM

Posted 03 December 2009 - 08:25 PM

Okay :(
Posted Image
m0le is a proud member of UNITE

#14 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 03 December 2009 - 11:08 PM

ahhhh i had another lock up moment after being on 2 hours then let it idle for around a hour
when i came back first time i clicked it worked after that nothing but the cursor worked couldnt open any programs
what was done seems to have helped it a bit it
it took alot longer for it to lock up instead of the 15-20 min lock up ....
anything else i can do ??
any ideas ???

Edited by BakedDaily, 03 December 2009 - 11:17 PM.


#15 BakedDaily

BakedDaily
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 04 December 2009 - 09:56 AM

hey i ran root reapeal again and it found mbr root kit again seems that combo fix didnt work correctly in removing it got any other ideas on how to remove this nasty little thing?

Ill post the new log from it in just a min

Attached File  RootRepeal_report_12_04_09__09_18_20_.txt   14.67KB   4 downloads

Edited by BakedDaily, 04 December 2009 - 10:21 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users