Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SlowComp and Virus


  • Please log in to reply
8 replies to this topic

#1 SIowCPU

SIowCPU

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 02 July 2010 - 02:48 PM

My computer has been growing slower and slower, and scans I've run picked up some malicious items. AFter having the scans from Avast delete those items, the coimptuer is still bad. I have windows xp professional, and I need some help to clean my computer.
I don't know what to write for "provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system." sorry for the inconvenience

Edited by Blade Zephon, 02 July 2010 - 07:59 PM.
Moved to AII as no logs provided and Prep Guide not followed. ~BZ


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 02 July 2010 - 09:49 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to read all the information Norman provides on the same page.
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 SIowCPU

SIowCPU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 03 July 2010 - 03:26 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/3/2010 4:25:32 PM
mbam-log-2010-07-03 (16-25-32).txt

Scan type: Quick scan
Objects scanned: 118460
Time elapsed: 9 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ENGLISH.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 03 July 2010 - 03:35 PM

Please post the scan results from Norman Malware Cleaner.

Then rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 SIowCPU

SIowCPU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 03 July 2010 - 06:27 PM

The Norman took a while... I'll begin FullScan Malwarebytes now, and hopefully have it to you soon.




Norman Malware Cleaner
Version 1.6.2
Copyright 1990 - 2009, Norman ASA. Built 2010/07/02 20:14:44

Norman Scanner Engine Version: 6.05.06
Nvcbin.def Version: 6.05.00, Date: 2010/07/02 20:14:44, Variants: 6152713

Scan started: 03/07/2010 17:05:34

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: JASON\ENGLISH


Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s


Scanning running processes and process memory...

Number of processes/threads found: 2713
Number of processes/threads scanned: 2713
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 2m 16s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\migrator.exe (Infected with W32/Suspicious_Gen2.ATVLM)
Deleted file

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\postproc.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe (Infected with Agent.UMCF)
Deleted file

C:\Documents and Settings\ENGLISH\Application Data\Mozilla\Firefox\Profiles\oabte3z7.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll (Infected with W32/Suspicious!api.A)
Deleted file

C:\Documents and Settings\ENGLISH\Desktop\Real Everything\Combat Arms\CAV.exe (Infected with Smalltroj.UPTO)
Deleted file

C:\Documents and Settings\ENGLISH\Desktop\Real Everything\MapleStory v75\Winject.exe (Infected with W32/Suspicious_Gen2.AARD)
Deleted file

C:\Program Files\Subagames\CrossFire\GameGuard\GameMon.des (Infected with Packed_TheMida.:thumbsup:
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425685.exe (Infected with Trash.gen1)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425720.exe (Infected with W32/Suspicious_Gen2.ATVLM)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425721.exe (Infected with Suspicious_Gen2.BHNXS)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425722.exe (Infected with Agent.UMCF)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425723.dll (Infected with W32/Suspicious!api.A)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425724.exe (Infected with Smalltroj.UPTO)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425725.exe (Infected with W32/Suspicious_Gen2.AARD)
Deleted file

C:\System Volume Information\_restore{4CA9E584-B1FE-49C8-92ED-72081AE01CAB}\RP482\A0425726.des (Infected with Packed_TheMida.:flowers:
Deleted file

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 325757
Number of archives unpacked: 1269
Number of files scanned: 325754
Number of files not scanned: 3
Number of files skipped due to exclude list: 0
Number of infected files found: 15
Number of infected files repaired/deleted: 15
Number of infections removed: 15
Total scanning time: 2h 15m 36s

#6 SIowCPU

SIowCPU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 03 July 2010 - 08:03 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4272

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/3/2010 8:36:15 PM
mbam-log-2010-07-03 (20-36-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 155641
Time elapsed: 1 hour(s), 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 03 July 2010 - 10:05 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 SIowCPU

SIowCPU
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 04 July 2010 - 07:19 PM

It's still running pretty slow. There's also this thing about "low on virutal memory." how can i fix that?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 05 July 2010 - 05:50 AM

How much RAM do you have?
  • Right click the My Computer.
  • Select Properties.
  • Under the General tab, it will show you how much RAM you have installed.
Have you checked your Virtual Memory?
  • Go to Start > Control Panel > Performance and Maintenance > System > Advanced tab.
  • Under Performance click the Settings button.
  • Click the Advanced tab.
  • Under Virtual Memory, click the Change button.
  • Under Paging file size for selected drive, put a tick next to Custom size:.
The minimum should be 1.5 times your memory size. The maximum should be three times your memory. If you continue to have problems, raise the maximum. Keep raising it until you no longer get the message. Don't forget to click the Set button.You may have too many applications loading at startup when Windows boots. Almost all applications you install want to startup when Windows loads. If you allow all these startups, they will compete for and use system resources resulting in poor performance and a slow system. Many of these programs are not needed and disabling them can save resources and improve performance as they can be accessed from Start > Programs or an icon on the desktop if needed. Other reasons for slowness include disk fragmentation, disk errors, corrupt system files, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc.

As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential. For more information about trimming down the number of startup applications and other ways to improve performance, please refer to Slow Computer/Browser? Check here first; it may not be malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users