Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't complete virus scan, web pages don't load, ReDirects at google


  • This topic is locked This topic is locked
3 replies to this topic

#1 KiKiDiKi

KiKiDiKi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the non coastal section of the USA
  • Local time:08:52 PM

Posted 10 December 2011 - 01:49 PM

Hi there, I am running an HP Compaq, with an AMD Sempron Processor, 3200+ 1.79GHz with 1.93 GB of RAM. I have Windows XP Home Edition Version 2002 Service Pack 3, with all windows updates up-to-date.

If this is considered more than one problem and needs to be broken up into several posts to ensure I get assistance, then please let me know and I will gladly break it up for you, but I do feel that all of these problems are interconnected.

To be completely honest I ended up at these forums simply because my computer was just acting a little funny, always protected by Avanquest's System Suite, so it is in good working order as well, at least as good as it can be for such an old machine :) By the time I decided to type this up I had just installed an upgrade to System Suite 12 and suddenly my internet connection decided it didn't want to act right. At first I thought it was my adblock or noscript addons that I use in Firefox that were causing sudden unusual issues with the pages loading, but then in a moment of crazy, I turned them off and I still can't get a simple Google homepage to load. Some pages load, others don't. It's not my firewall because with nothing left to lose, I've turned that off to make sure too.

I am very anal about how often I run virus and malware scans, and have been doing at least a quick scan weekly since about 2 months before I reinstalled my system a week ago. I reinstalled for a fresh start, not because of any real problems, it was just acting sluggish then too, but I figured that was because it had just been handed down to me from my husband who took all his programs and files with him, leaving me to clean up the mess.

Upon installing the upgrade to SS12, I was in my program files making sure everything looked normal, and found a folder called 'YTDSETUP' with a file named 'trafficspace.exe' in it. I had never seen this folder before, nor had I heard of it, so when I noticed it wasn't in add/remove programs I deleted the whole folder and went straight to do a deep scan with my brand new software. It got to 99% having found one problem called: 'Trojan.clicker.html.remotescript' right before it erred out and crashed completely.

At this point just to see what SS couldn't get before it died, I broke out an old copy of MBAM, updated, and ran a quick scan to see what's up, where it found this file:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

I did a full scan next and found these infected files:
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP18\A0007991.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP18\A0007992.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP19\A0008219.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{157219fe-5843-4129-bb48-54e732573546}\RP19\A0008221.exe (PUP.Zugo) -> Quarantined and deleted successfully.

I also ran MiniToolBox, because I was having connection issues, it didn't help because obviously I didn't know what I was doing with it, just simply doing what someone had told someone else to do with it, though I did save the log file. I ran TDSSKILLER with all four peramiters selected, and found:
AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
macnr ( UnsignedFile.Multi.Generic ) - skipped by user
Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user

But I didn't actually do anything about the results, just found out what I could and left it be, because I am not familiar with the program. The scans weren't done in safe mode and I plan on running them all again in whatever order is correct to make the actual changes.

So to recap, the problems I am having with my computer are:

1) Odd spikes in CPU usage when my browser is open

2) I can't open some simple web pages that I go to on a regular basis, but new web pages load right away. (Yes I've cleared history, cache etc. manually as well as running that portion of SS)

3) A strange folder showed up in my Program files

4) My brand new install of System Suite can't complete a deep scan

5) And my internet connection looks like it's in idle mode 90% of the time even though if I decide to open a web page that I don't normally go to, it snaps right back to life to load the page almost faster than it should.

6) Firefox has been blocking redirects when at google and facebook, never allowing them until the mouse slipped the other day, they stopped redirecting for a few hours, and now it's a crap shute wheather or not there will an attempt at redirecting the page.

7) As well as just an all around sluggish, I don't wanna open that program right now, type of feeling when trying to open things like Process Explorer, or System Suite, or even just the settings to System Suite and it's Firewall. While every now and then, maybe once out of 5 startups, MXTask (System Suite's background task) will error out right from the start up of the computer and I get a message that says: "MXTask has encountered a problem and needs to quit. Would you like to send an error report to Microsoft?" to which I click either yes or no and either way the reporting errors out too.

I should mention, I am very careful about what I download, only taking recommendation from someone I know very well, and even then they have to show me exactly why it's worth my while to risk downloading and running an executable file that I have never personally heard of before. The only questionable file I have downloaded since the reinstall was a program called "SIW - System Information for Windows" which I was only looking into because with such an ancient computer, it's difficult to find all the drivers that I need to reinstall, and I completely forgot to back them up before taking the plunge. So a site that had never steered me wrong in the past when it came to good quality freeware programs to keep your computer going, recommended it to scan your computer and find out what exactly everything was right down to make and model :) Well, they finally sent me in the wrong direction, because it wouldn't finish its install until I agreed to "Finish The Free YouTube Downloader.exe" I hit cancel and properly disposed of SIW, having never opened it, and never even starting the download or install of "Finish The Free YouTube Downloader.exe"

So, if there is anyone who could be of some help to me, I would be very grateful, I would really hate to have to reinstall this machine twice in two weeks.

Thanks in advance,
Mary
http://thereconcilecenter.proboards.com/index.cgi

Meow :) Go There it's cool. ^^^^^^^^^^^^^^^^^^^

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:52 PM

Posted 10 December 2011 - 05:50 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 KiKiDiKi

KiKiDiKi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the non coastal section of the USA
  • Local time:08:52 PM

Posted 11 December 2011 - 06:44 AM

I have posted logs as asked in new thread called 'ReDirects at google, web pages don't load - Can't complete virus scan, Help fix these issues please!' thank you for the help so far.
http://thereconcilecenter.proboards.com/index.cgi

Meow :) Go There it's cool. ^^^^^^^^^^^^^^^^^^^

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,912 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:52 PM

Posted 11 December 2011 - 07:58 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic431840.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users