Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I have some symptoms of malware or virus?


  • Please log in to reply
4 replies to this topic

#1 Maria V

Maria V

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 10 May 2012 - 10:40 AM

I'm new here, I was told this site might help me with my problem.
Here are some details;
I have a Windows 7 64-bit laptop.
Lenovo Y570 to be exact of the model.

About two days ago, my laptop started acting a bit weird. Sometimes it would run slow, then fast again. All internet, programs, and software would randomly close down. And I even had two instances where two windows in the internet opened up though I did not click on them. It's now happening a lot that I wold go on the web or open up a program and it would freeze up. I would wait and after a few moments it would start working again, but it's never happened this often.

I'm pretty much a total newbie so bear with me on all this but I really would like to have it fixed. I looked into the running tasks and processes in task manager and just searched a couple which I wasn't sure about but they turned out to be important for the system. I searched up the likes of taskeng.exe and crssr.exe
My one question is; when I searched for taskeng.exe in my computer folders and files, I found 4 of them and also 4 corresponding MUI files. Now the 4 exe's were located as follows:two in wincxs, one in system32 and the other in SysWOW64. Am I supposed to have them in all these different files?
I didn't have much protection before, but once my computer started acting up I downloaded AVG and Malware. They found nothing. So I'm still stuck and would like some help.

*Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 10 May 2012 - 11:24 AM.


BC AdBot (Login to Remove)

 


#2 Pizza and Pepsi

Pizza and Pepsi

  • Members
  • 277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CA
  • Local time:08:42 AM

Posted 10 May 2012 - 05:14 PM

Hello, my name is Pizza and Pepsi. I will try to help you fix your problem.


Lets run Security Check.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Please download MiniToolBox and run it.

Checkmark following boxes:


List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size


Click Go and post the result.




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.




I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Hold down Control and click on this link to open ESET OnlineScan in a new window.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the Posted Image
icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
On ESET: Click the Back button, then the Finish button.


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Post the logs and tell me how the computer is running now.
Malware shall not pass!

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 PM

Posted 10 May 2012 - 09:48 PM

Hello,I see you mentioned crssr.exe is that correct ? You did NOT mean csrss.exe . The latter is a system file and the former is Added by the W32/Rbot-AGO worm.

If it is crssr.exe then this is a Backdoor infection.

And you should know this......
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Maria V

Maria V
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 11 May 2012 - 01:15 AM

I think I'd go with the reformatting.

I did some searches before because I was getting worried as a few other things stopped working. Google Chrome for example, would open up (not the actual window but the icon on the taskbar) but then it would fade and I couldn't uninstall it either. Anyways, I tried a System Restore to a few days ago when everything was working completely normal and while it did get slightly better (less crashes for one) I know that things are still amiss because for example, when I open up google chrome some of my applications won't be working.

I'd like to do the reformatting, it's basically what they call the factory reset,right? Or something like that.

So first I'd have to backup all my files to something,correct? The only problem I can think of is that I don't have enough USB sticks. I have a lot of information stored in my computer. About 300 GB is currently taken up.

So how would I go through this process? And would it really just remove absolutely everything like it was brand new?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 PM

Posted 11 May 2012 - 01:58 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action


Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users