Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is definitly wrong with my computer


  • Please log in to reply
5 replies to this topic

#1 sweettooth

sweettooth

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 30 December 2009 - 06:55 PM

Hello,

So glad I found this website. :trumpet: I have a number of issues with my computer but the first I believe needs to be addressed is the presence of malware within my system. :thumbsup:

I started having security issues over a year ago that I yet to find help to resolve. I started receiving emails that "appeared" to be from myself, my email address was in the from category or the name I used to send emails (the from name in my actual emails) started showing up in emails to me that I did not send.

Windows IE would crash for unknown reasons on my part. Sorry, I don't have any specifics as to the error message details. I just remember it always said IE encountered a problem and had to close. There is never anything specific that I am doing whenthis happens.

There were times I had a difficult time getting anti-malware programs to run on my computer. They would freeze up. I didn't know I needed more than just a anti spyware program. I had been using Spy-bot search and destroy and lavasoft's ad-aware when I was told my computer was probably infested with viruses since I didn't have an anti-virus program nor a firewall. Unfortunately, while looking on line for anti virus software I had a few mis-haps of downloading rogue programs without knowing it. I'm sure this didn't help.
I now have AVG free edition for antivirus and for search protection and surfing protection. I also have malwarebytes for anti-spyware. From your website I learned about spyware blaster so I added this. I also activated the windows firewall.

Searching your tutorials I went to your startup database. Spending a bit more than an hour yesterday I found some bad items on my system that were labeled as trojans. It all became quite overwhelming because in some cases the names or descriptions didn't match entirely but the "exe" entry did or visa versa. Many items in my startup sections (using the autoruns program) weren't even listed in your database. I know this doesn't mean they are bad but not knowing was again overwhelming. Most of the bad stuff I found was described in your database as opening a 'back door' to one's computer.

I tried to follow the steps given under this 'am I infected topic' regarding doing a chk disk and system file checker. I have CCleaner on my computer and a chk disk was done. I cannot complete the system file checker because I need the XP cd which I do not have and will need to look into getting.

Just about a week ago I started getting "mail candygram" showing up in my search pane when I log onto yahoo mail. I tried to remove following info I found on-line with no success. It was this issue that led me to your website.

I just feel like I am hitting a road block and am afraid to do something the wrong way that'll make things worse. :flowers: Thus, I hope I can get someone to help walk me through the process so I can start addressing the other issues with my computer.

I am using Windows XP 2002 SP3.

Any help will be greatly appreciated!

Sweettooth

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 30 December 2009 - 11:34 PM

Hello ,very pleased to see such great protection improvements. You nrrd these now more than ever.

Let;s start here.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.

Edited by boopme, 04 January 2010 - 11:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sweettooth

sweettooth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 04 January 2010 - 07:10 PM

Hi Boopme :trumpet: ,

Happy New Year!!! :flowers:

Thank you for your quick response!


The day after I made this post I started having a new issue that Fairpoint "thinks" may "possibly" be on their end. I can get to websites but I can't sign in anywhere nor do all links on webpages work for me. Luckily I set Beeping computer site to remember me so I didn't have to sign in. They tell me it should be all resolved tomorrow...1/4/2010...Hopefully I won't find out it's my computer.. :inlove: .. Should I wait till this is resolved to follow through with the steps you gave me or can I go ahead?

Also, The first thing you wanted me to do is to re-run MBAM like this: [/b ] Then you proceed to write out how to do a simple scan. Does [/b] mean simple scan or something else?



Thanks for all your time and help! :thumbsup:

Sweettooth


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 04 January 2010 - 11:49 PM

Happy New Year to you also :thumbsup: . that was a typo... i fixed it.. Well it can't hurt to be malware free and check your machine while your here. I'll check your logs.

Edited by boopme, 04 January 2010 - 11:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sweettooth

sweettooth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:46 PM

Posted 09 January 2010 - 02:44 PM

:thumbsup:

Hi again,

Just completed all the steps you gave me. I regularly clean out my cookies, temp files, history, cache, etc., so ther wasn't much for ATF to do. Until just about a week ago I had ccleaner on my computer which was great at cleaning things out. When I deleted all xtras per advice of fairpoint tech that was included. I still can't sign on to any websites, check email, and not all links works....IE just shows can't open page..... Wonder if it's my computer snce fairpoint "believes they corrected their end."

Nothing found by MBAM nor SAS which seems to be the case except when I first used MBAM and AVG. After 1st time nothing ever shows up which always concerns me they're not catching something. When I use to use spybot S&D and ad-aware from lavasoft they were always finding things beyond just cookies. But, I also didn't have a firewall and anti-virus software then.

Included below are the results of both scans. Nothing has changed on my computer since my original post except the sign-on and page access issue stated above. Where do we go from here?

If it's cold :trumpet: where you are I sure hope you're warm :flowers: !!

Take care
sweettooth



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/08/2010 at 09:06 PM

Application Version : 4.33.1000

Core Rules Database Version : 4461

Trace Rules Database Version: 2282

Scan type : Complete Scan
Total Scan Time : 02:12:25

Memory items scanned : 214
Memory threats detected : 0
Registry items scanned : 5049
Registry threats detected : 0
File items scanned : 52709
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Mary Parker\Cookies\mary_parker@2o7[2].txt

*************************************************************

Malwarebytes' Anti-Malware 1.44
Database version: 3522
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 6:26:02 PM
mbam-log-2010-01-08 (18-26-02).txt

Scan type: Quick Scan
Objects scanned: 109504
Time elapsed: 18 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:46 PM

Posted 09 January 2010 - 05:13 PM

Well I think you are clean but we can run 2 more tools. One online scan and one to check on rootlits.
What issues still exist?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users