Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected and almost unusable


  • This topic is locked This topic is locked
23 replies to this topic

#1 Africanlion

Africanlion

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 June 2011 - 05:12 PM

Hi
I reinstalled my OS (vista) after deleting lots of stuff accidentally. I have done my updates of Vista as required and installed programmes like Adobe, Quicktime, Open Office etc to use on the laptop. Also saved my documents and pics etc. However for the past week the laptop has slowed down so badly its worse than using dial up and even using applications that ar not connected to internet eg playing dvd, it keeps freezing up and whn it works chnging between programmes is so slow and things keep crashing. Volume mixer wont open for me to adjust volume among other things. When i try to run Secunia it stays stuck at 5% for hours on end

I have installed and uninstalled various anti malware software to try and establish the cause and only a low level threat was detected. I have tried the following

Avast
Antimalwarebytes
Microsoft essentials
Defender


Please help, i am desperate. Watching youtube vids now impossible on the machine :angry:

Edited by Africanlion, 21 June 2011 - 06:25 PM.
No logs, moved from MRL to AII.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 22 June 2011 - 07:38 AM

Do you still have avast and Microsoft Security Essentials installed together? If so, you need to remove one of them as it is not advisable to run more than one anti-virus product due to various conflicts that can occur.

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.
  • Please copy and paste the Scan Log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 22 June 2011 - 08:29 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6907

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

21/06/2011 05:28:23
mbam-log-2011-06-21 (05-28-23).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 258886
Time elapsed: 1 hour(s), 0 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 23 June 2011 - 07:13 AM

Please continue with the rest of the instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 23 June 2011 - 03:25 PM

TDSSKiller found nothing. Said no infections

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 23 June 2011 - 05:17 PM

What about SUPERAntiSpyware Free?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 23 June 2011 - 05:24 PM

What about SUPERAntiSpyware Free?



Its been running for 1hr 40mins and i will post results once done

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 23 June 2011 - 05:45 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 23 June 2011 - 11:47 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2011 at 03:20 AM

Application Version : 4.54.1000

Core Rules Database Version : 7317
Trace Rules Database Version: 5129

Scan type : Complete Scan
Total Scan Time : 05:39:54

Memory items scanned : 876
Memory threats detected : 0
Registry items scanned : 7249
Registry threats detected : 0
File items scanned : 44417
File threats detected : 49

Adware.Tracking Cookie
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@revsci[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@doubleclick[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@questionmarket[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@imrworldwide[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@atdmt[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@vci.stat.hamster-soft[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\tendai@surveymonkey.122.2o7[1].txt
s0.2mdn.net [ C:\Users\Tendai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Tendai\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB5SACED ]
cloud.video.unrulymedia.com [ C:\Users\Tendai\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB5SACED ]
media.kyte.tv [ C:\Users\Tendai\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB5SACED ]
s0.2mdn.net [ C:\Users\Tendai\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB5SACED ]
serving-sys.com [ C:\Users\Tendai\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YB5SACED ]
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@2o7[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ad.adperium[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ad.yieldmanager[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@adbrite[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ads.audience2media[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ads.bleepingcomputer[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ads.undertone[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@adultfriendfinder[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@advertising[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@adviva[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@apmebf[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@atdmt[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@audience2media[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@banners.sexfinder[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@bs.serving-sys[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@collective-media[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@content.yieldmanager[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@content.yieldmanager[3].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@doubleclick[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@ero-advertising[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@fastclick[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@imrworldwide[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@interclick[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@invitemedia[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@kaspersky.122.2o7[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@media6degrees[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@mediaplex[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@msnportal.112.2o7[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@questionmarket[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@revsci[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@rts.pgmediaserve[2].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@serving-sys[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@specificclick[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@trafficmp[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@yieldmanager[1].txt
C:\Users\Tendai\AppData\Roaming\Microsoft\Windows\Cookies\Low\tendai@zedo[1].txt

Trojan.Agent/Gen-Cryptor[Virut]
C:\TOSHIBA\EBAY\ADDTOOLBARBUTTON.EXE

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 24 June 2011 - 07:07 AM

This is not a good sign:

Trojan.Agent/Gen-Cryptor[Virut]
C:\TOSHIBA\EBAY\ADDTOOLBARBUTTON.EXE

You may be dealing with a dangerous polymorphic file infector that typically infects thousands of .exe, .scr files, compressed files (.zip, .cab, .rar), and script files (.php, .asp, .htm, .html, .xml).

I recommend you get another opinion.

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box 'I accept the license agreement' and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 24 June 2011 - 06:39 PM

Hi Quietman7. Kasperkys tool says nothing found. it asked me to uninstall and restart pc which i have done.


What next

Thanks for your patience btw

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:19 AM

Posted 24 June 2011 - 08:04 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 24 June 2011 - 09:06 PM

Cool.I will let you know once scan is done.

After quarantining that trojan with super anti spyware i would have thought the pc would run very smoothly but no

#14 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 25 June 2011 - 03:46 AM

eset found and deleted 2 X win32/Toolbar.Zugo application



Btw i forgot to mention everytimme i start my firefox it starts on somew ebsite called www.buzqo.com, i dont dont where that has come from and is still there

#15 Africanlion

Africanlion
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 25 June 2011 - 05:09 AM

Microsoft Security Essentials just popped up and reported finding virTool:JS/obfuscator.BN. I deleted it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users