Jump to content
Posted 22 April 2013 - 04:13 AM
I've had to reply from my laptop.
I got a phone call from someone who addressed me by my name and obviously he had my telephone number supposedly from Window security. He said I had problems with my computer and it was a new virus which had infected a large number of computers. I laughed at him before hanging up. He rang back next day and he said "they" could see my computer was infected and that he had my windows serial number which he then proceeded to tell me! He said the number over the phone and it was correct. He then took me into the event viewer on my computer and there are a lot (over 2000) errors and warnings all dated from 2nd April to date 17th April and ongoing.
He then said he would help me to clean up my computer by taking me into safe mode. At this point I hung up on him again.(I thought at the time that it was worrying that he had both my name and telephone number as I live in Tenerife and am not in any telephone book!) Also I haven’t downloaded anything of any consequence that I know of but I did buy a 10way USB Hub from Amazon which I installed at about the time of the first errors in the Event Viewer,(is it possible to doctor a USB hub with a microchip to gain access to my computer? As after installing it the boot up hangs for about 10 secs after checking memory but before detecting HDD drives but after removing the Hub it goes to loading windows OK but takes about 10 mins to load instead of the normal 3-4 mins). One other thing when I uninstalled the Hub my computer hung and I had to shut it down manually.I also allowed an update from Microsoft at about that time but I do make sure it looks legit.
Since then Google Chrome then loaded about 60-70 web pages into my favourites tool bar which I had to delete one at a time My computer is now running very very slow I ran the online ESET Scanner but after 9hrs it was only 16% through so I had to close it down. !!! On reading a similar post it appears that it is the Bios that gets attacked rendering the computer useless.I tried to post from my computer but it wouldn't send eventually I managed to to get the DDS files to you. My computer now will not recognise the USB slots.
Hope you can help.
I’m posting from my laptop as the infected computer is getting really bad.
Posted 23 April 2013 - 07:41 PM
Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
Posted 24 April 2013 - 08:04 AM
Many thanks for replying. The computer is in a right mess and don't know if it's possible to repair as it was running so slow.
Posted 24 April 2013 - 08:23 PM
We'll see what we can do for your machine. For anyone who may be reading this, no-one from Microsoft or Windows (?) will ever phone your home unsolicited
Please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted 25 April 2013 - 03:11 AM
Posted 25 April 2013 - 04:23 AM
Rebooted and still no USB ports. Win Patrol asking if OK to change:- Microsoft Corporation C\Windows\system32\rundl32.exe\ieframe.dll,openURL% TO- rundl32.exe ieframe.dll,OpenURL %
I've denied the change, is that OK or should I allow?
Posted 25 April 2013 - 06:25 PM
No, you can deny or allow it. Combofix makes some changes to the system, it sets some defaults which are thought of as "safe"
Let's make sure that we have a clean machine before we see what else needs attention.
Please run ESET's online scan next
I'd like us to scan your machine with ESET OnlineScan
Posted 26 April 2013 - 01:40 PM
Posted 27 April 2013 - 07:25 AM
Edited by Dave Clark, 27 April 2013 - 07:26 AM.
Posted 27 April 2013 - 07:29 AM
Posted 27 April 2013 - 07:31 AM
Posted 28 April 2013 - 03:18 AM
Try booting the machine without any services or startup programs loading. This will eliminate or pinpoint the main problem.
1. Click Start, type msconfig in the Start Search box, and then press Enter. If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.
2. On the General tab, click Selective Startup.
3. Under Selective Startup, click to clear the Load Startup Items check box.
4. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
5. Click Apply and OK.
6. When you are prompted, click Restart.
7. After the computer starts let me know how it loaded and is running
Posted 28 April 2013 - 09:45 AM
0 members, 0 guests, 0 anonymous users