Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'malware' pop-ups, slow PC, Error 1317, ComboFix ???


  • This topic is locked This topic is locked
12 replies to this topic

#1 akmbd166

akmbd166

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 11 January 2010 - 09:25 AM

Computer running slower than usual, particularly noticeable with Excel.

Time between edit of cells about 1-2+ seconds, instead of fraction of a second a few weeks ago.

Run defrag (monthly), Ccleaner (weekly), XP Disk Cleanup and MBAM (daily)... all updated versions.

Tried to run 'Detect & Repair' or try to repair using Outlook install disk, get 'Please wait while Windows configures Microsoft Office Edition 2003'. but at the end of that process get get "Error 1317. Setup cannot create the folder C:\Program Files\Microsoft Office \MEDIA\CAGCAT10\1033. Verify that the path exists in you system and that you have sufficient permissions to update it."

When go to folder CAGCAT10 and click on it, get "The disk in drive C is not formatted. Do you want to format it now ?"

Few days ago had a pop-up for 'Security Tool (didnt run) and next day something from...
http:// a n t i-m a l w a r e 9.c o m/scn1/?engine=pnT43jDuMjcxLjM4LjE1OCZwaWQ9NDBzMTAmdGltZT0xMjYxOgcNPAZM (didnt run)

Read some about above problems and ComboFix, downloaded from BleepingComputer, and ran scan... disabled Avast and ZoneAlarm, and shut down all programs.

Where is the best place to post that scan for help ?

Edited by akmbd166, 11 January 2010 - 10:48 AM.

Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 11 January 2010 - 12:10 PM

All combfix logs are to be poeted in the HJT forum.
You will need to run HJT/DDS.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 11 January 2010 - 12:53 PM

All combfix logs are to be poeted in the HJT forum. You will need to run HJT/DDS. Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log. Let me know if it went OK.

Thank you for the reply/info !
Got to the RootRepeal step and when click on the RootRepeal.exe desktop icon, got RootRepeal Error "Error - invalid PE image found!'... did not get the Select Scan screen.
Thoughts ?
Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 11 January 2010 - 01:31 PM

It is usually malware that prevents the runnning of identifiers and removers.. Please continue on and post the HJT log. Mention Rootrepeal would not run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 11 January 2010 - 05:05 PM

It is usually malware that prevents the runnning of identifiers and removers.. Please continue on and post the HJT log. Mention Rootrepeal would not run.

Thank you for the followup.
Ran HJT, shut down computer to take to office.
At office, turned on, looked back, and it was running 'CHKDSK'.
Its been running for about 1-1/2 hrs now, and after finishing 'stage 3 of 3', and after Usn Jounal verification complete', CHKDSK complete and restarting PC (am using 'backup' desktop for this post).
After loading for a while, came up with "Checking file system on C: The type of file system is NTFS. The volume is dirty. CHKDSK is verifying files (stage 1 of 3)... "
Shut down and tried F8 to start in 'safe mode', but seemed to get hung up after end of list display of 'multi(0)rdisk(0)partition(2)\WINDOWS\System32\Drivers\Mup.sys'.
Shut down and tried again with 'last known configuration that worked'.
Took right back to CHKDSK starting.
Shut down and trying to figure out what next.
Thoughts ?
If ever get out of this mess, maybe need to look at a new firewall (instead of ZA), and/or virus scanner (instead of Avast) ?
Ps: Need to leave office and take laptop home.
Cant get started, so will need to wait til wife gets home with her MAC b4 can check back to forum.
Now theres a thought... switch to a MAC :thumbsup:

Edit 644pm: As it turns out, the Dell diagnostic indicates the HD is kaput. Still in 5yr warranty, so they are sending out a new HD. Is it possible for malware to cause that to happen ?

Edited by akmbd166, 11 January 2010 - 09:45 PM.

Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 11 January 2010 - 11:18 PM

Quite possible/ In fact I was about to suggest a reformat after those messages. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 12 January 2010 - 02:04 PM

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.

Thanks for the followup !
So, no way to get data off the disk b4 reformat... really dont know how to get into the hd to reformat either, possible to do with original XP os install disk ?
Dell is sending a new HD, but if any way to get data off the 'injured' HD would really be nice.
Havent ever seen much info on that, except to say 'its impossible'.
Any ideas on where to look ?
Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 12 January 2010 - 02:42 PM

You can try connecting it a a slave drive in another PC. Then tranfer the files you need.
Connecting a Slave Drive


If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.
============================
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 12 January 2010 - 03:15 PM

You can try connecting it a a slave drive in another PC. Then tranfer the files you need.
Connecting a Slave Drive

Problem seems to be, my HD is from a Dell laptop and not sure how to get cable to connect to other PC.
Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 12 January 2010 - 03:35 PM

Good point !! ask in the XP forum ... we have some Dell knowlegeables there...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 12 January 2010 - 04:17 PM

Good point !! ask in the XP forum ... we have some Dell knowlegeables there...

Well, in the meantime I checked and our local Fry's (only dealer that has such things locally) has a USB type adaptor...
" The Hi-Speed USB 2.0 to Serial ATA (SATA) or IDE 2.5" and 3.5" Drive Adapter creates a bridge between one USB 1.1/2.0 port and one Serial ATA or SATA-based mass storage device port. The USB 2.0 to SATA and IDE 2.5"/3.5" Drive Adapter turns any SATA or IDE hard drive into a convenient external drive. Easily transfer files from computer or notebook, back up files, or store large file archives on hard drives. The Hi-Speed USB 2.0 interface provides for easy installation with its Plug and Play design. The adapter supports all existing Serial ATA SATA and IDE drives 2.5" or 3.5" "
If that works, then only other question (I can think of), is there (if can get connected) a way to make sure there is specific way to provide security between the laptop HD and desktop PC while connected? Desktop using 'Online Armor' and 'Avast_home'.
Dont plan on getting into any software, just 'Desktop' data files.

101012 Edit 20:05
Now am totally confused, although somewhat happily.
Have for the last day been turning on the subject laptop occasionally to see if it might click in... this after ran Dell check disk with the Dell tech on the phone, and it showed the HD as kaput.
Tonite turned it on, it went through the hr long Wdos CHKDSK, and when I looked at the laptop after dinner, it had the login screen... logged in, and it worked (am using it 'as-we-speak').
Now what to do ?
The new Dell HD is on its way, have backed up most current desktop data to an online file storage site (4shared.com) that have been using for a year or two, so think pretty reliable, and not sure where to go from here.
Do the HJT scans and post ?

100113 Edit 1145am
Was able to do HJT scans and posted at HJT forum, http://www.bleepingcomputer.com/forums/t/286581/slow-laptop-crashed-dell-says-needs-new-hd-miraculously-restarts-2-days-later/ .
Since then have been able to login regularly (without the Wdos CHKDSK scan), albeit very slow login and running.
Tried Avast full scan (after several hrs, crashed and blue screen came up that Wdos had stopped to protect...).
Tried MBAM full scan ( ditto ).
Now just waiting to hear back from HJT forum.
Not sure what else to do.
Should be receiving new Dell HD today, but will put off install until, hopefully know a little bit more about what might be going on.
Not sure how to handle HD install with Acronis (compressed) backup (plus Karens Replicator (file duplication) backup.
Have posted to Acronis forum for help from there.

Edited by akmbd166, 13 January 2010 - 02:47 PM.

Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#12 akmbd166

akmbd166
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:Seattle, WA
  • Local time:12:08 PM

Posted 13 January 2010 - 08:07 PM

Guess editing time is over for last post.
Laptop is still running, barely, almost seems like HD is sloooowly dying.
Received new HD today, will probably need to install tomorrow.
Hope to hear from HJT folks.
Thanks again for your help.
akm (XPpro,SP-2,IE-7,Office2003,Avast_home,ZoneAlarm_home)

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:08 PM

Posted 13 January 2010 - 10:07 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/286581/slow-laptop-crashed-dell-says-needs-new-hd-miraculously-restarts-2-days-later/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users