Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MRT.exe virus. Cpu overloaded.


  • Please log in to reply
2 replies to this topic

#1 Stupid fat Hobbit

Stupid fat Hobbit

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 22 September 2011 - 10:36 AM

Good day to everyone on the bleeping computer forums, I will be posting under the moniker of "Stupid fat Hobbit", and i need your help to resolve a few outstanding issues i have with my system.

I purchased this computer not too long ago, about a year and a half now, and for the first several months it was running smoothly - i could play fairly high end games like Starcraft2 on high detail settings and still have a consistent frame-rate. However after those first few months, my computer started struggling - now Starcraft2 is completely unplayable; with all settings on the lowest i still only get 1 FPS in game (And that's assuming the computer doesn't just crash completely from the attempt). Starcraft isn't the only thing affected - there are very few programs, games or otherwise, that run well on the system.

I've gone to other tech support sites (which i won't be naming, in order to avoid a flame war) to try and get these issues resolved, with very limited success. The only advice that made a difference so far was to uninstall AVG and install better a better antivirus like Avira. I have high hopes for this site, however, for two reasons; 1. The other sites redirected me here anyway, in order to download rkill. A tech support site relied upon by tech support sites speaks volumes for its efficiency. 2. I've actually identified (one of) the problems with my system, which should, theoretically, make it easier to clean.

The problem i mentioned is the "MRT.exe" virus. From the research I've done, it seems this virus hijacks the legitimate Microsoft program "Malicious (software) Removal Tool" and creates malicious copies of it in abnormal places. In my case, i have 9 separate folders in the root of my C: drive, all with gibberish names. I've checked their properties and none of them are associated with Microsoft, so these files are all clearly harmful.

I noticed there was another thread Here started last year, describing almost the exact same problems I'm having. I've already followed all of the instructions outlined in that topic, but unsurprisingly, the results were underwhelming. The safe mode scan picked up a few cookies, which didn't seem to make any difference once removed. I'll post the log files in 2 separate posts beneath this one, just in case they are of some use.


These issues have been going on for months now, and I'm on the verge of just doing a reformat. Obviously i would prefer to only "Nuke and Rebuild" as a last resort, but my rig is nearly unusable now, making that option seem more and more like the only choice left.

Eagerly awaiting a response.
- "Stupid fat Hobbit"

Edit: I forgot to mention my system specs. I am running Windows 7 on an Acer Aspire 5741G Laptop, unmodified. It has an Intel Core i3-330M Processor, a NVIDIA GeForce GT 320M graphics card (apparently there have been a lot of complaints about this card - the drivers weren't released until months after the card was, and the card isn't listed on NVIDIA's site, although the desktop version is). It also has 4 GB's of ram. Let me know if there's anything else i need to post.

Edited by Stupid fat Hobbit, 22 September 2011 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 Stupid fat Hobbit

Stupid fat Hobbit
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 22 September 2011 - 10:39 AM

mbam-log-2011-09-22 (09-11-39)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7765

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22/09/2011 9:11:39 AM
mbam-log-2011-09-22 (09-11-39).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 642598
Time elapsed: 2 hour(s), 37 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 Stupid fat Hobbit

Stupid fat Hobbit
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 22 September 2011 - 10:42 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2011 at 07:44 PM

Application Version : 5.0.1118

Core Rules Database Version : 7715
Trace Rules Database Version: 5527

Scan type : Complete Scan
Total Scan Time : 03:30:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 71745
Registry threats detected : 0
File items scanned : 596929
File threats detected : 64

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.counterstrike.wikia.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.counterstrike.wikia.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.counterstrikesourcetactics.blogspot.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.counterstrikesourcetactics.blogspot.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.counter-strike-source-tips.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.counter-strike-source-tips.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
forums.counter-strike.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
forums.counter-strike.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.forums.counter-strike.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.forums.counter-strike.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.forums.counter-strike.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
static.freewebs.getclicky.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.sextronix.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
media-mgmt.armorgames.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
www.adult-empire.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.epochstats.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.affiliates.thrixxx.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.affiliates.thrixxx.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.gametracker.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JORDAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HIZHLQOA.DEFAULT\COOKIES.SQLITE ]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users