Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Couldn't open browser. Computer acting funny..


  • Please log in to reply
3 replies to this topic

#1 Jonathan2011

Jonathan2011

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 05 August 2011 - 04:49 AM

Hey.. first I want to say I appreciate what you guys do. I've had friends who have been here with some serious computer trouble and got their problems worked out on this forum. So I've heard great things about this place.

So I was having some computer troubles earlier that only went away because I did a system restore. It reversed my settings back a few days. But I'm thinking I might still be infected with whatever caused it because I've noticed my computer has been going slow the last couple of weeks.

Here's what happened earlier (keep in mind I'm not having these problems now after the system restore but I think I might still be infected):

I had just installed a firewall (Comodo). Once installed it gave me a bunch of alert windows from different programs. Mainly googletoolbaruser_32.exe, Windows Media Player and two other programs called "Hotspot Shield" and "Elite Proxy Switcher" which I had just installed earlier as well.

I trust these programs somewhat.. but I blocked the google toolbar. And at some point when I was getting alert messages from Comodo my computer went absolutely nutss. I've experienced computer glitches but I knew this was different. So I completely closed Comodo and the proxy programs and these were my symptoms:

1. Internet explorer would only stay open for several seconds and automatically close out (I made sure my firewall and proxy settings were turned off).
2. I got an endless hour-glass on my cursor that was flashing like a strobe light.
3. I couldn't close out any programs in task manager. It said I didn't have permission. (But it let me manually close out Comodo and the proxy programs)
4. I tried opening a different browser (google chrome). It opened slowly but it wouldn't let me access the internet. It said my network wasn't configured right.
5. Restarting didn't help. It took forever to restart. I got a black screen that lasted several minutes. All of the same problems came right back.
6. In task manager I still had 10 ie windows running. Apparently they never fully closed out even after the restart. It wouldn't let me close them out. I restarted again. It fixed nothing.
7. Some file or program called wermgr was jumping randomly up and down the program list in task manager and wouldn't go away.
8. Computer rendered completely worthless. :crazy:

But luckily I made a system restore point just a couple days earlier and so I restored. It seemed to fix all of those problems and so my computer is worth something again. I'm thinking that if I was infected I still might be? Because my computer has been running slow the last couple of weeks and the restore only turned my settings back a couple days.

As of right now I can connect to the internet and my browsers are opening smoothly. But I'm still booting up slow. It just seems to get slower and slower.

Any word on what I should do would be greatly appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 PM

Posted 05 August 2011 - 09:37 AM

Hello and welcome. What is your Operating System?

The process Windows Problem Reporting or wermgr.exe belongs to the software wermgr.exe or Microsoft Windows Operating System by Microsoft Corporation (www.microsoft.com).

Description: wermgr.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 61,952 bytes (66% of all occurrence), 56,320 bytes

file.net


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jonathan2011

Jonathan2011
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 05 August 2011 - 02:44 PM

Hey boopme.. thanks for your reply.

It's a Toshiba running Windows 7 Home Premium 64-bit. I just bought it a few months ago and so I was pretty upset when it all but crashed on me. lol Good thing for system restore and bleeping computer. :thumbup2:

I did the scan and it turned up 15 infected files. It automatically cleaned them. I saved the log to my desktop as ESETscan. Here is the log:

C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N1SRFU26\16[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NRBJBG4W\16[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P3VHZJI2\15[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P3VHZJI2\16[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P3VHZJI2\940[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQHK49K4\15[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQHK49K4\15[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQHK49K4\16[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Speedbump\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQHK49K4\769dbd[1].pdf JS/Exploit.Pdfka.OSV.Gen trojan cleaned by deleting - quarantined
C:\Users\Speedbump\AppData\Local\Temp\Low\R66v.exe probably a variant of Win32/PSW.Agent.BGEKLUK trojan cleaned by deleting - quarantined
C:\Users\Speedbump\AppData\Local\Temp\Low\pmtjnhedy\trrqojmuerb.exe Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Users\Speedbump\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\77620f4d-7aa041b0 multiple threats deleted - quarantined
C:\Users\Speedbump\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\da7fa12-267d76e8 multiple threats deleted - quarantined
C:\Users\Speedbump\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\346bc494-303b8275 multiple threats deleted - quarantined
C:\Users\Speedbump\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\78e93be3-611eaa19 multiple threats deleted - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 PM

Posted 05 August 2011 - 08:34 PM

You're welcome// Let's do these and tell me how it is running.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:

The other HTM infection may caarry a Ktyptic cousin. soo...
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users