Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

badly infected computer/slowness


  • Please log in to reply
29 replies to this topic

#1 toxicwar

toxicwar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 03 May 2011 - 12:07 AM

ill need to see the tutorial and other things in the forums on another computer since my safemode is about to fail and go slow. im sorry for being so newbish but plz help me T.T. computer is slow and theirs a bunch of fake anti virus popup things appering everwehre x-x. not to mention that it slows down my labtop to the point where it freezes. also combo fix dosent seem to work for some odd reason... [is running safemode right now to type this]DX

BC AdBot (Login to Remove)

 


#2 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:07:47 AM

Posted 03 May 2011 - 01:03 AM

Do you know whats the name of the fake anti virus you are getting? Also, please provide the Operating System and Manufacturer of your laptop. (Do not run combofix unless our experts told you so)
Running rkill and mbam usually is enough for most of them.

Rkill

http://www.bleepingcomputer.com/download/anti-virus/rkill


Malware Bytes

http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware


Edited by elise025, 03 May 2011 - 06:14 AM.
Moved from XP forum to Am I Infected ~Elise

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 03 May 2011 - 07:15 AM

This are typical instructions:

Please reboot in "safe mode with networking", then download Malwarebytes' Anti-Malware (v1.50.1) and RKill by Grinler, saving them to your desktop.RKill.exe Download Link
RKill.com Download Link
RKill.scr Download Link
alternate link with all versionsRenamed versions if the above do not work:
iExplore.exe Download Link
eXplorer.exe Download Link <- this renamed copy is usually effective but may trigger an alert from MBAM...just ignore it.
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download Link
alternate link with all versionsRKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.

After installing Malwarebytes', reboot normally, then proceed as follows:
  • Double-click on the Rkill desktop icon to run the tool.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, and try another version.
  • If it still does not work, repeat the process and attempt to use one of the remaining version until the tool runs.
  • Note: You may have to make repeated attempts to use RKill several times before it will run as some malware variants try to block it.
  • A log file will be created and saved to the root directory, C:\RKill.log
  • Copy and paste the contents of RKill.log in your next reply.
-- If you get an alert that RKill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run RKill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that RKill can perform its routine.

-- Some security tools may flag RKill as malware, especially when renamed to iexplore.exe, explorer.exe, winlogon.exe, etc because they have definitions in place that flag certain file names used outside their normal path. If you encounter such an alert when running Rkill, you can safely ignore it and continue to allow the program to run.

Important: Do not reboot your computer until after performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.

Perform a Quick Scan in normal mode with Malwarebytes' Anti-Malware and follow these instructions. Check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 03 May 2011 - 11:38 PM

well the fake virus thing is appenrlty called xp security 2011. and my labtop is a windows xp computer.

acer labtop. [and thank u for the information btw i hope itl fix it.]

#5 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:07:47 AM

Posted 04 May 2011 - 12:04 AM

You can also follow the steps here:
http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 04 May 2011 - 06:31 AM

Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 04 May 2011 - 03:53 PM

Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.

\

i dont think u mentioned about the fixncr.reg thing.

i did run rkill and a scan by malwarebytes. but then out of nowhere i got the blue screen with the error name:irql not less or equil
[or something like that]

#8 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:07:47 AM

Posted 04 May 2011 - 04:15 PM

Follow this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

It shows step by step how to get rid of the rogue software you have.

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#9 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 04 May 2011 - 06:32 PM

darn it... i did as what it told me and everything was running well till i get to the malware thing and then out of nowhere. another blue screen but with a differnt error messge.
it said:PAGE_fault_IN_NONPAGED_AREA.

but it appers as of right now im not having those popups right now so i think it worked but im not really sure itl stay like this...

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 04 May 2011 - 09:51 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 06 May 2011 - 02:48 PM

k ill do that now

[btw the fake virus thing popup is finnely gone :3 but now its the slowness/freeze that needs work.]
(THANK U SO MUCH FOR HELPING ME WITH THAT! x-x)

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 06 May 2011 - 03:39 PM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 06 May 2011 - 08:57 PM

uhh... for some odd reason my labtop just got slower when i did that.
x-x. i left it alone as it told me and i reread the instrutions about it but when i reboot and got on. things went soo slow then before.
did i do something wrong?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 07 May 2011 - 08:00 AM

Please post the complete results of your TDSSkiller scan for review.

After running TDSSkiller, a log file named TDSSKiller_version_date_time_log.txt will have been created and saved to the root directory (usually Local Disk C:). Open that file in notepad, then copy and paste the contents in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 toxicwar

toxicwar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:bell gardens
  • Local time:03:47 PM

Posted 07 May 2011 - 03:25 PM

idk if even going on the internet to post the log would be possble from this horrble slowness. hell this labtop is almost unuseable anymore but ill try to :<




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users