Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everything has slowed to a crawl


  • Please log in to reply
25 replies to this topic

#1 Dasphinx

Dasphinx

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 27 June 2012 - 07:52 PM

Over the weekend I installed uTorrent Premium Edition and also tried to install Ubuntu into a VMware Virtual Player I had installed several weeks ago. I was unable to install Ubuntu into the VMware Player, kept getting an error message that it couldn't find certain files on the ISO disk (which I downloaded directly from the Ubuntu site). While deleting the inoperable Virtual Machine from within the VMware folder, a popup appeared asking me to upgrade to a newer version of the VMware Player Desktop, which I accepted. At that point, everything stalled. I then tried to uninstall the VMware Player altogether (390 mb) which took hours but I finally did it. I also uninstalled uTorrent. Now, everything is running like molasses, including the restart process. I ran ESET Nod 32 but it hung up at 54%, with an error message indicating "decompression could not complete: possible reasons insufficient free memory or disk space, or a problem with temp folders." I earlier ran PC Pitstop Optimize to clean up any errors. Task Manager shows CPU usage at 12% and Memory at 26%. I ran What's Running which shows "System Process" at 99%. My tech friend ran Combofix which found some suspicious files and removed them, but the problem persists. So I don't know where to go from here, other than a complete Windows reinstall :((
I have a Lenovo desktop with Windows 7 running on an Intel i7 CPU with 8 gigs of memory and 752 gigs of free space on my hard drive. Grateful for any suggestions.

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 28 June 2012 - 01:44 AM

Run a scan with MBAM:

Download the free version of Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Edited by ElFasso, 28 June 2012 - 01:45 AM.


#3 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 28 June 2012 - 09:07 AM

Thank you for helping me. The log is below, nothing was found. Overnight I ran ESET Nod32 in Safe Mode and it seemed to work as there was no message after the scan. However, I was prompted to run Windows Update for an update to Windows Defender and it did not install, error code 800705B4. The browser continues to be slow (Firefox), and Chrome Gmail is not fully functional (cannot open an email). The CPU seems to be running constantly.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dimitri Villard :: DIMITRIVILLARD [administrator]

6/28/2012 6:25:18 AM
mbam-log-2012-06-28 (06-25-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296763
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 28 June 2012 - 09:37 AM

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic


#5 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 30 June 2012 - 08:50 AM

Due to whatever is occupying the CPU, the scan took about 30 hours to complete. By the way, I forgot to mention I tried to do a System Restore to before I installed uTorrent and Ubuntu, and that failed.

C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Users\Dimitri Villard\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application
C:\Users\Dimitri Villard\Downloads\winzip155.exe Win32/OpenCandy application
C:\Users\Dimitri Villard\Downloads\Downloads\ftpsetup.exe a variant of Win32/Tool.ServiceRunner application

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 30 June 2012 - 08:57 AM

To delete the infected files:

delfile.bat
Open Notepad and past the content of this code into it;

@echo off
del /f /s /q "C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
del /f /s /q "C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
del /f /s /q "C:\Users\Dimitri Villard\Downloads\InternationalPrimoPDF.exe"
del /f /s /q "C:\Users\Dimitri Villard\Downloads\winzip155.exe"	
del /f /s /q "C:\Users\Dimitri Villard\Downloads\Downloads\ftpsetup.exe"
del %0

  • Save the Notepad file on your desktop as delfile.bat. Save type as "All Files".
  • Double click on delfile.bat to execute it.
  • A black CMD window will flash, then disappear, this is normal.
  • The files, if found will have been deleted and the "delfile.bat" file will also be deleted.

I'll also provide instructions for some cleaning up...

#7 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 30 June 2012 - 09:00 AM

1. File checker;
================================== File checker ==================================

Run File checker:
1. Go to Start and then search for cmd. Then run it as Admin, like in the screenshot:
Posted Image
2. Then press enter. A black DOS box will open.
3. In the black DOS box type: sfc /scannow
================================== File checker ==================================

2. Defragmention of your hard-drive. Have already done this or not? If not, please do.
3. Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792

#8 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 30 June 2012 - 10:08 AM

Before running file checker, I want to report that for the first two files defile.bat displayed "Access denied."
del /f /s /q "C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
del /f /s /q "C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
The rest were deleted.
Should I still run File checker or do we need to do something else to get these two files deleted?

#9 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 30 June 2012 - 10:14 AM

I have performed some research about the files. It has to do with in some cases with Family Tree Maker? Do you recognize this. If so, we may let it stay.

You may proceed with the next instructions.

#10 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 30 June 2012 - 07:10 PM

It has been 9 hours and the scan is only 37% complete. It's obvious the CPU is distracted running something else. I think we need to consider whether this is not a malware problem but a Windows problem, since I was not able to do a System Restore nor a Windows Update.

#11 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 01 July 2012 - 01:34 AM

We'll examine why the Windows update won't run;


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#12 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 01 July 2012 - 08:18 AM

Scannow is 77% complete of the verification phase. At this rate it will be tomorrow before this is finished. Should I abort that and run the Farbar Service Scanner now? If Scannow normally shouldn't take 30 hours to complete it would seem to me that this would be desirable.
If so, please tell me how to abort Scannow?
Thanks for your help!

#13 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 01 July 2012 - 08:30 AM

It depends on hard-drive but 30 hours is to long... Aborting this process can lead to stall it and then a crash could occur. I would advise to bit threw this and wait until it finish. If it hasn't finish or it's stuck at some level, you may cancel it.

#14 Dasphinx

Dasphinx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 01 July 2012 - 09:18 AM

I understand Scannow should repair the Win7 Home Premium (64bit) OS, but I also understand this process normally takes 5 - 10 minutes so 30 hours indicates there is a serious problem somewhere. It is the same thing that happened with the ESET Online Scan - 30 hours to complete. At this moment we are up to 84% complete so this implies about 4% per hour so in 4 more hours it will be complete (at least the verification phase, I don't know what other phases there are that may require the same 30 hours to complete). Googling about Scannow I saw a post in another forum suggesting to run an error check by right clicking on the C drive/properties/tools/ check for errors and then re-run the sfc. In a Windows7 forum I see someone suggesting to do a Repair Install to fix Windows 7, which is better than a Clean Reinstall of Windows 7.But, with the CPU being hogged by something I'm not sure this will work either. This is so frustrating!

#15 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:43 PM

Posted 01 July 2012 - 09:34 AM

with the CPU being hogged by something I'm not sure this will work either. This is so frustrating!


Publish a snapshot with Speccy: http://www.bleepingcomputer.com/forums/topic323892.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users