Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Login, No Taskbar, Can't Paste, Some Programs Don't Start


  • Please log in to reply
2 replies to this topic

#1 Xadro

Xadro

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 AM

Posted 24 April 2011 - 04:19 PM

Greetings Bleeping Computer Community,

So i obviously have a problem which is most likely an infection because it makes the most sense.

Symptoms:

Windows start is normal but as soon as i try to login (tried all accounts) it takes quite a long time, after that desktop normally starts but i have no taskbar, there is a small ridge though which probably means its simply hidden from view, i also can right click it getting the right click menu you always get only "Lock Taskbar" is grayed out (I can access properties though to disable the 'lock' but i can't increase the size of the taskbar). Second symptom is that i can't paste anything, copy works fine but paste is always grayed out. Now the biggest problem is that Malwarebytes' Anti-Malware gives an error as i try to start it: "Run-time error '372' Failed to load control 'vbalGrid' from vbalgrid6.ocx" I tried installing and re-installing it but it gives the same error during the install so thats rather bothersome. I also get an error when i manually try to start 'Microsoft Security Essentials' the window loads but it only shows a red button saying 'Start Now' and when i click it i get an error (its in Dutch and i cant really translate it) but it gives the error code 0x80070433, when i Google this code i get rather fake looking websites with fixes, so i havent tried those. As far as i found out thats all.

What i have tried:

A SpyBot S&D scan which showed no problems, i also tried an SUPERAntiSpyware scan (portable version) which only showed a bunch of tracking cookies, i did this all in Safe Mode, and safe mode shows the same symptoms as in normal mode so i can't start Malwarebytes there either.


So thats kinda it I hope everything makes sense and that you can help me!

Sincerely,
James Black

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:10:52 PM

Posted 24 April 2011 - 06:42 PM

Two things you can try. If all of the major first responder tools don't seem to be working, You should run Dr. Web CureIt, and then post the log for us to see. That might take double posting seeing that the log is quite long. that program's best run in safe mode. If that doesn't work, then download Kaspersky's removal tool 2011. That's pretty strong too.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 Xadro

Xadro
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 AM

Posted 25 April 2011 - 04:41 PM

Alright i ran both scans:

Dr Web:
TQMercury.exe;C:\Documents and Settings\Xadro.JACITA\Mijn documenten\Downloads\TQMercury22;Trojan.Siggen2.7646;Niet repareerbaar.Verplaatst.;
Desktop_.ini;C:\OLD-WINDOWS-OLD\system32;Win32.HLLW.Gavir.ini;Verwijderd.;
A0022062.exe;C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP258;Waarschijnlijk DLOADER.Trojan;;
A0022063.exe;C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP258;Waarschijnlijk DLOADER.Trojan;;
A0022071.exe;C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP258;Waarschijnlijk DLOADER.Trojan;;
A0024830.exe;C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP289;Waarschijnlijk DLOADER.Trojan;;
A0024831.exe;C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP289;Waarschijnlijk DLOADER.Trojan;;

Kaspersky:
Autoscan: voltooid 2 uren geleden   (gebeurtenissen: 6, objecten: 598504, tijd: 03:58:09)	
25-4-2011 16:49:15	Taak gestart		Standaard actie geselecteerd	
25-4-2011 17:20:45	Gevonden: Trojan.Win32.Swisyn.adhm	C:\Documents and Settings\Xadro.JACITA\DoctorWeb\Quarantine\TQMercury.exe	Standaard actie geselecteerd	
25-4-2011 17:35:37	Verwijderd: Trojan.Win32.Swisyn.adhm	C:\Documents and Settings\Xadro.JACITA\DoctorWeb\Quarantine\TQMercury.exe	Standaard actie geselecteerd	
25-4-2011 18:29:15	Gevonden: Trojan.Win32.Swisyn.adhm	C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP293\A0030405.exe	Standaard actie geselecteerd	
25-4-2011 18:29:53	Verwijderd: Trojan.Win32.Swisyn.adhm	C:\System Volume Information\_restore{170BFE2F-B823-4434-A68D-B88B04BEB954}\RP293\A0030405.exe	Standaard actie geselecteerd	
25-4-2011 20:47:24	Taak voltooid		Standaard actie geselecteerd	


Didn't change anything though.

Also after browsing this forum a bit i found the program 'rkill' and after using it in safe mode the only thing it stopped was explorer.exe, it does make sense i guess because it always loaded when started the system, in safe mode and normal mode.

Anyway hope you can help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users