Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Home Spyware/virus/trojan And Safe Mode Freeze Question


  • Please log in to reply
11 replies to this topic

#1 Emma Jo

Emma Jo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 15 November 2005 - 04:42 PM

Okay, this is what's going on. I am trying to clean up my buddy's computer. Running Win XP home with 256MB 40G drive and I believe AMD Athlon 2600+. I have already gotten rid of many things. Nothing extraneous appears to be running when I review the HJT log. But two files, pwiqqk.exe and oxhw.exe keep appearing in MSconfig. Searched the computer with no luck. I'm thinking it may be the peper trojan after reading a little bit. Anyone seen these files??

Also the computer is now freezing on the "Windows starting up" screen when I boot into safe mode, but ONLY when I boot into safe mode. It works just fine in regular mode. Any ideas?

Thanks in advance for any help you can offer.
Em :thumbsup:

P.S. Just yesterday morning it was booting into safe mode just fine. No hardware has been added or removed since.

Mod Edit -Took out irrelevant poll. ~Joshuacat

Edited by Joshuacat, 15 November 2005 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 franktiii

franktiii

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 15 November 2005 - 04:59 PM

Have you done a search in registry to see if these programs have put themselves there?

#3 Emma Jo

Emma Jo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 15 November 2005 - 05:41 PM

I have. I went used regcleaner to remove some entries and as guidance on what to search for within the registry. I removed ALOT from the registry, but I am obviously still missing something. The computer is running much better but when I connect it to the internet, problems begin to reappear.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:53 PM

Posted 15 November 2005 - 06:18 PM

Not being able to find any information on those 2 files, isn't a good sign.
You should not try to fix anything with HJT, unless you have been properly trained in it's use.
HJT is a tool used to locate "problems".
The removal of these "problems" is sometimes much more involved, than just having HJT fix it.
The improper use of HJT could also cause damage to your system.

I suggest you post a HJT log for our Team to examine.
They'll take you through the fix, step by step.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:03:53 PM

Posted 15 November 2005 - 08:32 PM

We don't recommend people play around with HJT because of the potential for causing damage. There are trained experts here who will analyse a log for you and give you detailed instructions if you want. Please read the 'Preparation Guide'

What anti-malware scans have you run? Have you tried any online scans?

Panda Active Scan online - http://www.pandasoftware.com/activescan/
Internet Explorer only. Requires email address. Requires Active-X components to be installed. Approx 12MB download.

BitDefender online scan - http://www.bitdefender.com/scan/licence.php
Internet Explorer only. Must agree to a EULA. Need to allow installation of an Active X component.Some of the options are not clearly explained.

Trend Micro Housecall - http://uk.trendmicro-europe.com/enterprise...call_launch.php
(European version, supports Netscape, Mozilla, Firefox and Opera)

Kaspersky - http://www.kaspersky.com/scanforvirus

hth :thumbsup:

Edit: didn't update my screen so missed tg1911's post.

Edited by Rimmer, 15 November 2005 - 08:33 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#6 Emma Jo

Emma Jo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 15 November 2005 - 08:52 PM

I do know a little about it (HJT). I work on computers for a living, but am just starting to study more about security. I have eradicated these problems many, many times on site. I understand about HJT and the registry. But thanks for the warning, and I still honestly know and believe that you guys know more than me. I have run Ad-Aware, Norton AntiVirus, Microsoft Antispyware Beta, TrendMicro Housecall, Ewido Security Suite, Spybot S&D, CoolWebShredder (multiple times). I will post a HJT log tonight and WILL be PATIENT. I understand that they are very busy. I tried running the Panda Online Scan, but it would not work for some reason or another. I have run the scans in regular mode, safe mode, safe mode with network and have done so multiple times.

Thanks very much!
Em

#7 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:03:53 PM

Posted 15 November 2005 - 10:19 PM

Well it sounds like you know more about HJT than I do. :thumbsup:

Please let us know the outcome of your analysis, good luck!

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#8 IsMe

IsMe

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Location:Tampa, Florida
  • Local time:01:53 AM

Posted 15 November 2005 - 10:29 PM

Okay, this is what's going on. I am trying to clean up my buddy's computer. But two files, pwiqqk.exe and oxhw.exe keep appearing in MSconfig. Searched the computer with no luck. I'm thinking it may be the peper trojan after reading a little bit. Anyone seen these files??
Mod Edit -Took out irrelevant poll. ~Joshuacat


When you say those two files keep appearing, do you mean that you uncheck them and when you reboot they are checked again?

One program you might want to try is CCleaner (www.ccleaner.com).

#9 Emma Jo

Emma Jo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 18 November 2005 - 12:50 AM

Sorry I haven't replied with a HJT log yet. I have a new problem that is preventing me from doing so. I don't know whether it should be posted here or in a new post. It's the same computer, same safe mode problem (freezes on splash), but because safemode got turned on in msconfig --> boot.ini, it now continually tries to boot into safe mode and of course locks up. Any ideas?

...Due to all the other problems, I am considering setting it up as a slave and pulling the important info from it to the primary. Then starting fresh...JSYK

Edited by Emma Jo, 18 November 2005 - 01:06 AM.


#10 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:03:53 PM

Posted 18 November 2005 - 06:01 AM

Boot from your Win XP CD and select Recovery Console:

To start Recovery Console from the Windows XP Professional operating system CD

1. Restart the computer by using the Windows XP Professional operating system CD.
2. Wait for the Windows XP Professional Setup program to display the Welcome to Setup screen (this might take a few moments). Choose To repair a Windows XP Professional installation by pressing R.
3. Type the number corresponding to the Windows XP Professional installation that you want to use, and then press ENTER. You must type a number when prompted, even if only a single Windows XP Professional installation exists. If you press ENTER without typing a number, Windows XP Professional restarts the computer.
4. At the prompt, enter the password for the local Administrator account so that you can access the contents of the local hard disk. Recovery Console accepts only the password for the local Administrator account. If you do not enter the correct password within three attempts, Windows XP Professional denies access and restarts the computer.

http://www.microsoft.com/resources/documen...mb_tol_zldj.asp

See the instructions here -
http://www.microsoft.com/resources/documen...mb_tol_pzsk.asp

and run Chkdsk, fixmbr and fixboot.

See if that helps. :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#11 Emma Jo

Emma Jo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 18 November 2005 - 11:16 AM

That's what I thought too...what do you do when there is no recovery disk? I think the dude is screwed.

Thanks for your response and all your help!!

#12 Emma Jo

Emma Jo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 18 November 2005 - 02:07 PM

This topic can be closed. I am starting w/a fresh install of XP. Thanks for all your suggestions and help.

Em




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users