Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Couple Of Issues


  • Please log in to reply
9 replies to this topic

#1 Petrolhead

Petrolhead

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 July 2011 - 05:31 PM

Hi, first post here and I'm in need of a bit of help.

A couple of weeks back my computer got infected with the System Restore Virus. I managed to remove this (or at least stop it!), but I still had a problem with Google and other search engines redirecting my results. However this, after unsucessfully attemping to remove it for a while, suddenly stopped occuring.

I though it was all clear until a few days ago when I noticed that in task manager, there are 2 iexplore.exe processes running, even though I'm not using internet explorer. If I end the processes, the CPU usage drops and my computer is noticeably faster, but after a few minutes the processes start up again. I've also got a warning when I turn my computer on that tells me automatic updates are turned off. If I go to control panel > security centre, and then try to turn them on from there, it tells me that they can't be turned on. However, if I go to control panel > system, and look under the automatic updates tab, it says they are on.

My computer is running Windows XP. Any help very much appreciated, as I'm getting very frustrated now!

Thanks,
Dan

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 13 July 2011 - 05:55 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Petrolhead

Petrolhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 July 2011 - 06:00 PM

Thanks for the quick reply.

I should have mentioned that I have already scanned with Malwarebytes several times. While it did remove a couple of infections, it failed to remove whatever is causing the above symptoms.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 13 July 2011 - 06:03 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Petrolhead

Petrolhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 July 2011 - 06:35 PM

I ran TDSSKiller, which has found and removed 1 infection. However, I'm still gettng the warning about automatic updates. The iexplore.exe processes don't seem to be starting now though, which is good.

I'm currently scanning again with Malwarebytes to hopefully remove any other traces, as mentioned in that link.

Edited by Petrolhead, 13 July 2011 - 06:35 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 13 July 2011 - 06:50 PM

Click Start, select Run and type:

regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 atl.dll
regsvr32 wucltui.dll
regsvr32 wups.dll

Press enter after each one and wait for the success message. Then see if automatic updates will work.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Petrolhead

Petrolhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 July 2011 - 07:20 PM

Malwarebytes hasn't found anything else, so hopefully my computer is infection-free now.

Typing those into Run worked a treat, automatic updates are also working now. I think I owe you a pint!

One more thing which I forgot to mention which hopefully you can help me with, my Firewall (BlackICE) isn't working since my computer was infected, either. It says "[Informational] A firewall filter could not be set."

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 13 July 2011 - 07:30 PM

I would try uninstalling, and then reinstalling, the firewall to see if that solves the problem.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Petrolhead

Petrolhead
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 July 2011 - 07:48 PM

Unfortunately I can't really do that, as a relative of mine installed it for me, so I no longer have the disc to reinstall it. I'll try looking through the settings to try and get it started again.

You've helped me enough, anyway, so thanks a lot! I very much appreciate it! :thumbsup:

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 13 July 2011 - 07:49 PM

:thumbup2:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users