Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer while browsing Internet- Malware suspected.


  • This topic is locked This topic is locked
36 replies to this topic

#1 kate888

kate888

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 11 December 2009 - 03:32 AM

Hi there,

I am new here and hope someone would be able to help me with my PC which is very slow when loading web page. It suddenly like this. Sometimes the page would freeze and I have to close it and open a new Firefox and then it would load ok. It always happen if I try to load another page from and existing page.

So I scanned with my AVG which detected some nasty but cleaned already. Next I scanned with Panda Activescan and reported back some additional virus which AVG didn't pick up, but I could clean it.

I tried to clean temp fiels using ATF-cleaner, after which it still the same.

Please find attached my HJT log and Panda Activescan file for your info.

Many thanks in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 11 December 2009 - 03:33 AM

Hi,

Sorry, my last post should read that I could not clean some of the virus that Panda Activescan picked up

Kate

#3 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 18 December 2009 - 03:48 AM

Hi ,

could someone please help with this>> I Am really frustrated with my computer.

Kate

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 20 December 2009 - 05:36 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 22 December 2009 - 05:01 AM

Hi Blade81,

Thanks so much for reply to my post and your help. I am not very good at computer but I did try to follow your instruction but the followings are what happened:

I downloaded DDS and run it from my desktop, but instead of coming back with 2 logs as advised by yourself, all I got was a single Notepad came with a long strange characters, and too long to post but I going to show you the first few lines:

MZ   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n h   @     0            .code     PEC2FO .rsrc    $R Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m


Have I done something incorrectly? I noticed you mentioned about turning off script blocker - I don't what this is and if I even got one. How to turn it off if i got one?? Is the problem?

My problem does not end here, anyway, I ran the GMER as you instructed, but when I ran it it started to scan ok but when it reached any file ending with DLL it took ages, so I waited. The first few .dll files I waited for a while, but the last one took 2 hours and it still there. So I stopped the scan. Then I noticed that I had an earlier version of GMER (Verison 1.0.13) on my PC so I tried this. This time it scanned very quick, including all .dll files. So, I don;t know if this is a problem. But I attached a log file form the scan for your info.

Please help me as I am more confused and my PC is runnig so slow, somtimes it just keep loading a web page forever.

Kate

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 22 December 2009 - 09:11 AM

Hi,

Old GMER version won't detect new threats so it can't be used here.

See if you're able to run the latest version by deselecting devices & sections in GMER options before the scan.

Also, let's replace DDS with another tool:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 December 2009 - 02:11 AM

Hi Blade,

i TRIED TO RUN THE gmer AGAIN WITH The Devices & Section de-selected, but it again just hanged at the first .dll file. So I canceled the scan.

Next I tried to run RSIT and attached the logs.

I noticed that when I cancelled the GMER scan, my machine just frozed and I had to reset the PC before I could use it.

Please help

Attached Files

  • Attached File  info.txt   35.04KB   56 downloads
  • Attached File  log.txt   24.65KB   58 downloads


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 23 December 2009 - 04:19 AM

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New rsit log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 December 2009 - 04:26 AM

Hi,

Do I have to download a newest verion of Combofix?? I have an earlier version, can I use it?

Thanks

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 23 December 2009 - 04:33 AM

Download the latest one.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 December 2009 - 06:26 AM

Hi Blade,

Attached are Combofix log and RSIT logs

Could you take a look? Many thanks

Attached Files



#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 23 December 2009 - 10:05 AM

Hi Kate,

I see that recovery console is not installed. Did ComboFix ask for a permission to install it?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 December 2009 - 02:39 PM

Blade,

It did ask for permission but when it was downloading, it frozed half way so I had to abort the download, and it continue to scan. Anywhere I can download and install separately tis console ??

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:48 AM

Posted 23 December 2009 - 03:55 PM

Yes, you may install recovery console in other way too. Download the file here to your desktop. Then drag 'n' drop the downloaded file to ComboFix icon and wait until ComboFix run is ready. Post back the resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 kate888

kate888
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 24 December 2009 - 12:21 AM

Hi Blade,

As instructed from last post, please find attahced logs for the Combofix and RSIT

Thanks

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users