Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow startup and BSOD on Avast Quick Scan


  • Please log in to reply
15 replies to this topic

#1 daiyousei

daiyousei

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 17 April 2012 - 08:31 AM

I noticed that my computer has been taking 15 mintues to fully boot up and ready to use. Suspecting some malware, I decided to run a Quick Scan with Avast Antivirus. However, after scanning only for 2 seconds and 10 files done, the computer immediately BSOD'd. I ran TDSSKIller and GMER to see if they find anything. TDSSKiller came up with nothing malicious, but GMER threw up 2 somewhat registry keys which cannot be opened in regedit.exe but contains gibberish names in them.

I have not attempted anything yet and would glady accept any help here. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 daniels7384

daniels7384

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 17 April 2012 - 08:59 AM

try to disable some of start up programs using the msconfig command. restart the computer and the notice the changes

#3 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 17 April 2012 - 09:01 AM

try to disable some of start up programs using the msconfig command. restart the computer and the notice the changes


I do that a lot in the past, so I don't have anything but essential programs running.

#4 daniels7384

daniels7384

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 17 April 2012 - 09:06 AM

can you tell the Size of the RAM and The Hard Disk Space( Total Space and Free Space) it has.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 AM

Posted 17 April 2012 - 09:08 AM

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

For other troubleshooting suggestions, please refer to: For those having trouble running Malwarebytes Anti-Malware
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 daniels7384

daniels7384

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 17 April 2012 - 09:19 AM

alternatively you can disable all the application programs from the start-up and leave only windows to start up. but if it started after some time of using ur computer after the installation of an operating system, then most likely you may be having viruses and i will recommend that you install a trial version of Karspersky internet security and run a full scan after updating it. they you can buy a commercial license.

#7 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 17 April 2012 - 09:20 AM

Thanks for the quick reply. Here's the log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: DAIYOUSEI-MAIN [administrator]

Protection: Enabled

17/4/2012 10:15:08 PM
mbam-log-2012-04-17 (22-15-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220335
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\snda\woool (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$RECYCLE.BIN\S-1-5-21-687033370-818274876-3038385186-1000\$RDOSMY3.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-687033370-818274876-3038385186-1000\$RHL8PND.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-687033370-818274876-3038385186-1000\$RTVLNDA.exe (Trojan.Agent.ck) -> Quarantined and deleted successfully.

(end)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 AM

Posted 17 April 2012 - 09:40 AM

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.


Please download and scan with the Kaspersky Virus Removal Tool from one of the following links and save it to your desktop.Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 17 April 2012 - 10:53 AM

Thanks. Both malwarebytes and Kaspersky Virus Removal Tool(setup_11.0.0.1245.x01_2012_04_17_15_31) did not report any infections, though I have no way of attaching the Kaspersky report without including all the events.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: DAIYOUSEI-MAIN [administrator]

Protection: Enabled

17/4/2012 11:27:56 PM
mbam-log-2012-04-17 (23-27-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220299
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

kaspersky report

Automatic Scan: completed 1 minute ago (events: 7402, objects: 7403, time: 00:02:59)
17/4/2012 11:35:58 PM Task started
*Events Removed*
17/4/2012 11:38:57 PM Task completed

Edited by daiyousei, 17 April 2012 - 10:55 AM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 AM

Posted 17 April 2012 - 11:00 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator.
    To do this, right-click on the browser icon in the Start Menu or Quick Launch Bar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include files which it considers suspicious, a risk tool, a potential unwanted program or another type of threat.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 18 April 2012 - 08:04 AM

Sorry For taking so long to reply. The tool took a long time to download and around 6 hours to finish scanning so I went to bed.

Anyways, it seems that my brother has been torrenting stuff into the computer before he gave it to me, seems like some of them are the ones that infected the computer.

Anyway, heres the ESET log.


C:\$RECYCLE.BIN\S-1-5-21-687033370-818274876-3038385186-1000\$R19CEH3.exe Win32/OpenCandy application
C:\Program Files (x86)\Cain\Abel.exe a variant of Win32/CainAbel.AA application
C:\Program Files (x86)\Cain\Cain.exe a variant of Win32/CainAbel application
C:\Users\HP\Documents\Vuze Downloads\FFVII Original Mod Pack.rar a variant of Win32/HackTool.Patcher.A application
C:\Users\HP\Documents\Vuze Downloads\AUTODESK.MAYA.V2011.SP1.WIN64-ISO\maya2011sp1x64.rar a variant of Win32/Keygen.BL application
C:\Users\HP\Documents\Vuze Downloads\Sothink SWF Decompiler v5.6\Sothink SWF Decompiler v5.x KeyGen.exe probably a variant of Win32/Agent.JYBXLJA trojan
C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application


Should i delete those illegal files first?

Edited by daiyousei, 18 April 2012 - 08:04 AM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 AM

Posted 18 April 2012 - 12:28 PM

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.


IMPORTANT NOTE: Your scan log results found keygens/crack tools.

The practice of using torrents, cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!



... it seems that my brother has been torrenting stuff into the computer before he gave it to me, seems like some of them are the ones that infected the computer.

Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 19 April 2012 - 10:39 AM

i don't condone pirating software either. It's just that i didn't do a through check of the computer when i got it from him. I have my educational edition of that pirated Maya software anyways.

well anyways, heres the report. Will delete any remaining P2P files i can find.


C:\$RECYCLE.BIN\S-1-5-21-687033370-818274876-3038385186-1000\$R19CEH3.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files (x86)\Cain\Abel.exe a variant of Win32/CainAbel.AA application cleaned by deleting - quarantined
C:\Program Files (x86)\Cain\Cain.exe a variant of Win32/CainAbel application cleaned by deleting - quarantined
C:\Users\HP\Documents\Vuze Downloads\FFVII Original Mod Pack.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Users\HP\Documents\Vuze Downloads\AUTODESK.MAYA.V2011.SP1.WIN64-ISO\maya2011sp1x64.rar a variant of Win32/Keygen.BL application deleted - quarantined
C:\Users\HP\Documents\Vuze Downloads\Sothink SWF Decompiler v5.6\Sothink SWF Decompiler v5.x KeyGen.exe probably a variant of Win32/Agent.JYBXLJA trojan cleaned by deleting - quarantined
C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application cleaned by deleting - quarantined

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:07 AM

Posted 19 April 2012 - 12:57 PM

i don't condone pirating software either

I didn't think you did. I provided that info for you to show your brother.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 daiyousei

daiyousei
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 19 April 2012 - 01:14 PM

Thanks for all the information and help as well, the computer is now starting up a lot quickly, though there are still a lot of useless files to get rid of.

Have yet to see if Avast Quick Scan BSODs the computer.

EDIT: Avast does not BSOD anymore. Thanks again for your help.

Edited by daiyousei, 19 April 2012 - 01:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users