Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow. MBAM showed Rootkit


  • Please log in to reply
1 reply to this topic

#1 Nawtheasta

Nawtheasta

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Location:New England, USA
  • Local time:04:51 PM

Posted 07 June 2011 - 10:19 AM

Hello My BC Friends 06/07/2011
This post is about my teenage sons Gateway laptop.
OS= Win. XP, SP2, Celeron M 1.40Ghz 1.39 Ghz, 504 MB Ram.
Hard Drive properties show 31.5 GB Free Space
( As I post this Task manager shows an svchost process using between zero and 99% CPU usage)
It has been slowing down for a while know and having some operational issues. Most seem to have come about since he discovered Facebook.
My goal is to disinfect , remove unwanted programs and install some good defensive software. I did impress on him early on the importance of killing any unknown pop-ups with Task manager. He did this a few times several months ago and that may have save us from worse symptoms
Problems possibly Malware related:
Slow and inconsistent start up. Goes from initial screen to black Win loading screen, to start option screen ( safe mode, last good config. etc.)
Safemode or safe mode with networking will not load.Just get a longer screen with lines of code. Didn't write it down, (partition ( 0 ) maybe?
I did try a Windows repair using a XP SP2 disk and the Infoweek, Langa Letter instructions. I get to the repair point where I am told to remove the CD and the system reboots. Everything stops there as we only get back to the start option screen ( safe mode, last good config. etc.) Repair set-up screens never come up so I do not know if anything has actually been repaired
I checked the BIOS setting and they always seem to be set to boot from disc, not hard drive.I change it to boot from HD but I do not know if this effects anything.
After several attempts to start using regular and last good config. I can get the regular desk top to load. Still not sure of what I did different for this to happen.
If it decides it's going to start up we get a blue screen with an XP logo that says something about checking for consistency.
Not sure if this is a legit process because I have read of others in the Am I Infected forum with the same thing.
We have been canceling this before completing. After canceling the regular windows desktop will load.
I have not seen any redirects from searches although when I searched BP through Yahoo and clicked the results to come here it sure looked like it was going to send me elsewhere.I stoped this and typed BP directly into address bar and came here OK
Somewhere along the way my son has downloaded something that brought along other programs. Uniblue, speditup, Fliptoast, EZchat. These are unwanted programs and have not been used.
I have scanned with MBAM & SAS. ( Not sure where to find the SAS Log) Both were updated before running.
Last two MBAM Scans shown below.
Last SAS scan, ( Last night) showed 43 tracking cookies.It wanted me to do a restart to complete the removal process. I was not going to do this as I feared I could not get back to the desktop but the computer locked up and I had no choice.

Scan of 6/4/2011
Mawarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6772

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/4/2011 12:51:45 PM
mbam-log-2011-06-04 (12-51-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 197005
Time elapsed: 46 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\oem preinstall\local settings\Temp\setup1111757376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\oem preinstall\local settings\Temp\0.8070987265060244.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

_____________________________________________________
______________________________________________________
______________________________________________________
Scan of 6/6/11

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6792

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/6/2011 7:18:42 PM
mbam-log-2011-06-06 (19-18-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 197524
Time elapsed: 45 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I thank you in advance for help and advice
Best Regards
Nawtheasta

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:51 PM

Posted 07 June 2011 - 10:20 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users