Posted 06 July 2010 - 03:59 AM
Hi there, and thanks in advance,
This computer is small and old and has always been slower than the amount of RAM would suggest, ever since when it was new it would not create restore CDs and the "fix" under warranty after two unsuccessful re-imagings was to put a slightly different image on the computer. It runs Win XP SP 3 and has 248 MB of RAM but chokes on some programmes that should run on half of that.
About 3 weeks ago the computer got seriously slower than usual. I restored it using the Restore Partition back to the initial restore point. Since then it has been attracting malware at quite a rate (I have not had this happen before) and it is now very slow again.
I have been running Avira Antivir for quite some time because it doesn't slow it down much. Avira started giving quite a few warnings that it had caught this or that, or that E:/Autorun.inf had been blocked by Avira's guard. E is the recovery partition. Because issues kept happening I bought BitDefender, which the computer could not handle. Too large, too crashy. RAM requirements weren't on the box, but I now know they are in excess of what I have.
So I have run AdAware and Spybot S&D and had Avast (which I already knew slowed the system down a lot) in and out of the computer. Everything catches something but the malware keeps coming, as do the Autorun.inf messages. I have been looking for some kind of grandaddy of all malware that is calling the others in, rightly or wrongly.
I did some online Panda Active Scans. Today it showed a couple of tracking cookies (doubleclick and apmebf) and the following two files:
C:\program files\hpq\default settings\cpqset.exe as a Generic Malware Virus/Trojan
C:\program files\oberon media\magic ball 2\magicball2.exe as a suspicious file.
Interestingly, Avira had shown an interest in magicball.exe earlier, and dealt with it in some way. It is part of the image on my computer so if it is inherently problematic (rather than just being a place malware chose to hide after the restore) the problem may recur if I restore the system again.
Then I got stupid. I downloaded the free Panda Cloud Antivirus to deal with the problems and installed it without uninstalling Avira. My system is so slow that you click on something and wait several minutes for a response. Typing works, thank goodness, but nothing else is instant. Panda caught a couple of things, cpqset.exe and another thing that led back to the same generic malware page. It was C:\SystemVolumeInformation\_restore(EBOCF6AE-1AAA-478F-8168-27C82E451995}\RP17\A0002874.exe . Now I can't copy and paste that so it may not be exact, and zero may be letter o and so on, but hopefully you get the idea. It also found 18 tracking cookies, but didn't send any messages about magicball.exe.
Now I have to get Panda Cloud Antivirus out, and Microsoft.NET 2 which it brought with it which also slows my system down. However, I can't figure out how to submit the files anywhere in case they are false positives which I would like to do first. cpqset.exe is supposed to be in my computer. There are two files in the quarantine area, but they are presumably encrypted and the original files are no longer visible in the original locations.
After I do that, I would like to know the most logical thing to do next, as I am somewhat baffled by this ongoing saga. All help appreciated.