Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exploit.PDF (and other problems?)


  • Please log in to reply
2 replies to this topic

#1 dbmx2

dbmx2

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 24 March 2010 - 02:36 PM

While using IE last night I noticed it got very sluggish. Was only a few minutes from finishing up myself when it closed down spontaneously (I think all my desktop icons may have disappeared briefly as well, though I'm not 100% sure that wasn't something that happened later), and then the computer went into shutdown/turned off spontaneously without any notification.
On re-starting, which it did itself, it was extremely slow, and stayed that way for 2 or 3 hours. During that time I was informed my firewall was off (I hadn't turned it off, and it came back on by itself), and I noticed a few unusual processes running (cpu constantly between 70%-100%). These were:

MOTIVE~1.exe

avgemc

drwatson - which told me a couple of times it was encountering a problem.


I also noticed various avg-related things, as if it was doing an automatic update, and the windows update icon on my system tray a couple of times. About an hour into all this (maybe a litle earlier) avg told me it had detected exploit.PDF, which it couldn't heal, and is currently in the virus vault.
I'm wondering if the windows update icon and slowness may explain why since this started I've lost over 1.5 gigs of hard drive space which I can't explain (clearing temporary files does nothing). I haven't been able to identify any new files to account for the memory.

The only particularly noticable symptom right now is IE misbehaving. About half the time I try to open a new tab it just says blank page, which it then doesn't let me close, and I have to close IE using task manager (also goes slow during this, and any IE activity with any waiting involved, including logging in here).

I ran mbam and it found no problems.


Thanks in advance for reading this.

Edited by dbmx2, 24 March 2010 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 dbmx2

dbmx2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 March 2010 - 09:07 AM

Having more serious problems now:


Start-up usually takes 30min to an hour for any programs to become usable.

IE only successfully launches about a third of the time.

Windows explorer has crashed a few times.

Task manager sometimes shows cpu at 100% even when the computer ISN'T running slowly.

The local area network icon which my modem runs through has shown as not connected. Fixed this by unplugging the modem and re-booting, then plugged it back in. However, when I tried this again about an hour ago the LAN didn't show up at all. This was after I'd had the blue serious system error screen for the second time. Don't know what had caused it as it was up after being briefly unattended. The first time I had the blue screen was after a modem problem and happened the instant I unplugged the modem without shutting down first (I don't know if that's something you're not supposed to do anyway).


Because of the time when I thought I wouldn't be able to re-connect to the internet again at all, I deleted the virus from the avg vault. I thought this should hopefully be OK as its location was in IE temporary files.

Edited by dbmx2, 29 March 2010 - 09:09 AM.


#3 dbmx2

dbmx2
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 25 April 2010 - 09:57 AM

I finally figured out, after avg spotted something called mebload (and this was after I fixed many of the problems with combofix), that the problem is HelpAssistant.

I used these instructions, from this site, for using HelpAsst_mebroot_fix.exe:

Please download HelpAsst_mebroot_fix.exe by noahdfear, save it to your desktop.

  • Close out all other open programs and windows.
  • Double-click on it to run the tool and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, go to Posted Image > Run..., and in the Open dialog box, type: helpasst -mbrt
    Make sure you leave a space between helpasst -mbrt.
  • Click OK or press Enter.
  • HelpAsst fix will create and open a log when done.
  • Copy and paste the contents of that log into your next reply.
*In the event the tool does not detect an mbr infection and completes, do this:
  • Go to Posted Image > Run... and in the Open dialog box, type: mbr -f
  • Click OK or press Enter.
  • Now, please do the Start > Run > mbr -f command a second time.
  • Shut down the computer (do not restart, but shut it down). Wait about five minutes, then start it back up.
  • After restart go to Posted Image > Run... and in the Open dialog box, type: helpasst -mbrt
    Make sure you leave a space between helpasst and -mbrt.
  • Click OK or press Enter.
  • HelpAsst fix will create and open a log when done.
  • Copy and paste the contents of that log into your next reply.
-- Important note to Dell users: Fixing the mbr may prevent access to the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a few known fixes for this, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually. You will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).



When I ran it, it said it had fixed a problem, but it didn't shut down the computer so I haven't done the Run...helpasst -mbrt part. But, it has created a log.
What it's also done is remove the HelpAssistant folder, which I only found yesterday because I noticed mebload was in C:\Documents and Settings\HelpAssistant\Local Settings. But there is now a HelpAsst_backup folder on C:\, so I don't know what to do from here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users