Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer runs slow after using ComboFix to remove an infection


  • This topic is locked This topic is locked
20 replies to this topic

#1 Millsy45

Millsy45

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 15 September 2012 - 09:29 AM

Hey there, a couple days ago I noticed that both my Windows Firewall and Mcafee Firewall were disabled and I couldn't enable them. A brief google search led me to believe that I had been infected by some sort of malware. I instantly ran MalwareBytes which found 1 infected file, which was then removed. But even after this my Firewalls still could not be enabled.
So then I decided to use ComboFix as I read it was the best program to use in such matters. After successfully running ComboFix, the Firewall issue had been cleared up.
Now I have noticed that my computer(which is just over 2 month old) is running much slower. I have also noticed that when playing games my FPS has dropped considerably.
Im not entirely sure that that infection has been completely removed or whether ComboFix removed something that was needed.
If someone could help it would be much appreciated.

Thanks
Ben Mills
(following the steps in your guide, I have provided the files requested)

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 AM

Posted 20 September 2012 - 09:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/468634 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 September 2012 - 04:39 PM

The problem is still not fixed.

Recently had a malware issue which resulted in me having to use ComboFix to remove it. After doing so the computer is much slower and am worried that either the malware is not entirely gone or that something has been deleted from my system.
I run Windows 7 Home Premium 64-bit. And yes I have the Windows CD that came with the computer.


Once again, thanks for you time.

Ben

Attached Files



#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 22 September 2012 - 10:56 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Ben

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 22 September 2012 - 10:57 PM

I would require a little more digging.

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 September 2012 - 06:38 AM

Hey Conspire,
I have attached the files you requested, I hope everything is correct.
Thank you for all your help, its very much appreciated.

Ben

Attached Files



#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 25 September 2012 - 08:14 AM

Hi Ben,

As far as the log is concerned, it appears to be clean. Could you describe like under what circumstances you feel the computer is slow? Apart from FPS drop.

I know that you run MBAM quite often, but I want you to run it again just to see if the thing comes back and I can see what is infecting your PC.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 26 September 2012 - 08:19 AM

Here are the logs you requested.
During all the scans no threats were found.

Ben

Attached Files



#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 26 September 2012 - 08:41 AM

Could you describe like under what circumstances you feel the computer is slow? Apart from FPS drop.

I think you missed my question. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 26 September 2012 - 04:26 PM

Ah sorry.
Ok, so the loading time of applications has slowed enough to notice. I am constantly losing internet connection, which at first I thought was a problem with my internet or router, but found that the problem didn't occur with other laptops in my apartment. When using something like Skype or Chrome I get a pop up from MalwareBytes stating that malware from those applications tried accessing the internet but was blocked, which made me think the malware is still on my system.

Sorry if none of that is of any use. Overall the laptop has become a lot slower, which worries me because I've only had the laptop since July and have alwayed used cooling pads to ensure hardware doesnt over heat.

Ben

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 27 September 2012 - 03:10 AM

No, your feedback is greatly appreciated and helpful for me to get a picture. :)

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 27 September 2012 - 09:34 AM

Farbar Service Scanner Version: 19-09-2012
Ran by Ben (administrator) on 27-09-2012 at 15:34:04
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 27 September 2012 - 10:03 AM

Seems fine. Let's see what we can find with FRST before I ask for opinions from my fellow colleague to see what would cause the slowness.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 Millsy45

Millsy45
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 30 September 2012 - 09:07 AM

Hey there,

This is an error message I seem to get every time I start up windows now, I'm not entirely sure what it is for but thought it might be something useful.

Microsoft Visual C++ Runtime Library
Runetime Error!
Program: ...iles (
x86_/AlienRespawn/Components/DSUpdate/DSUpdate.exe
abnormal program termination.

I will be posting the FRST.txt shortly.

Ben

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 30 September 2012 - 09:57 AM

Hi Ben,

You might have to download a new setup for DataSafe Local Backup from Dell.

Do you use it? If not, you can remove it.

Edited by Conspire, 30 September 2012 - 09:57 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users