Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing/slows and busy internet? at random times


  • Please log in to reply
21 replies to this topic

#1 Lavapill

Lavapill

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 01:45 AM

Hello,

 

It all started when I start hearing ads in the background, but without any windows present.

I started to scan my computer and blue screen started to show. Through persistence, I was able to scan my computer thoroughly, which took longer than usual about ~10hrs and did find traces of infection.

 

As of now, I am not certain if my computer is still infected because I still tend to experience strange behaviors including slow or no internet at random times even though there is a working internet connection.

 

If someone could help me tackle this issue, it would be great!

 

Cheers,

Lava


Edited by Orange Blossom, 20 December 2014 - 12:37 PM.
Moved to AII from Windows 7, ~ OB


BC AdBot (Login to Remove)

 


m

#2 gigahurtz

gigahurtz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 December 2014 - 12:47 PM

I would first check if this virus is your issue: http://www.bleepingcomputer.com/virus-removal/remove-poweliks-trojan



#3 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 12:51 PM

I've checked my task manager, but I do not see any of those.



#4 gigahurtz

gigahurtz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 December 2014 - 12:55 PM

I've checked my task manager, but I do not see any of those.

 

I would still run the tool to make sure before continuing.



#5 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 12:58 PM

The scan is complete and the results are negative.



#6 gigahurtz

gigahurtz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 December 2014 - 12:58 PM

The scan is complete and the results are negative.

 

Download the following:
 
 
After you've downloaded RKILL and run it, run the following.
 

Edited by gigahurtz, 20 December 2014 - 12:59 PM.


#7 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 01:00 PM

Do they have to run in the following order?

Do I have to disconnect from the internet before scanning?

Am I to copy&paste results?


Edited by Lavapill, 20 December 2014 - 01:02 PM.


#8 gigahurtz

gigahurtz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 December 2014 - 01:03 PM

Do they have to run in the following order?

Do I have to disconnect from the internet before scanning?

Am I to copy&paste results?

 

Run RKILL first and paste results.

 

After that is complete, run the rest in the order that is shown and please paste results after each scan. Thank you.



#9 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 01:08 PM

Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/20/2014 11:58:49 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 12/20/2014 11:59:15 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)


#10 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 01:13 PM

# AdwCleaner v4.105 - Report created 20/12/2014 at 12:12:14

# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : lavapill - LAVAPILL-PC
# Running from : C:\Users\lavapill\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [314 octets] - [17/12/2014 12:48:41]
AdwCleaner[R10].txt - [1964 octets] - [20/12/2014 12:03:41]
AdwCleaner[R11].txt - [2026 octets] - [20/12/2014 12:08:39]
AdwCleaner[R1].txt - [2548 octets] - [17/12/2014 12:49:45]
AdwCleaner[R2].txt - [2608 octets] - [17/12/2014 12:53:18]
AdwCleaner[R3].txt - [2668 octets] - [17/12/2014 12:56:28]
AdwCleaner[R4].txt - [1366 octets] - [17/12/2014 13:04:32]
AdwCleaner[R5].txt - [1486 octets] - [17/12/2014 13:18:34]
AdwCleaner[R6].txt - [315 octets] - [17/12/2014 17:00:02]
AdwCleaner[R7].txt - [2238 octets] - [17/12/2014 17:01:57]
AdwCleaner[R8].txt - [1500 octets] - [19/12/2014 10:18:31]
AdwCleaner[R9].txt - [1618 octets] - [19/12/2014 23:00:42]
AdwCleaner[S0].txt - [2767 octets] - [17/12/2014 12:59:04]
AdwCleaner[S1].txt - [1433 octets] - [17/12/2014 13:11:35]
AdwCleaner[S2].txt - [2309 octets] - [17/12/2014 17:05:59]
AdwCleaner[S3].txt - [1563 octets] - [19/12/2014 10:28:28]
AdwCleaner[S4].txt - [1681 octets] - [19/12/2014 23:02:29]
AdwCleaner[S5].txt - [1944 octets] - [20/12/2014 12:12:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2004 octets] ##########

Edited by Lavapill, 20 December 2014 - 01:23 PM.


#11 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 01:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by lavapill on Sat 12/20/2014 at 12:18:58.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/20/2014 at 12:32:49.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 gigahurtz

gigahurtz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 December 2014 - 04:01 PM

How are things running after these scans were completed and you rebooted your computer?



#13 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 05:55 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/20/2014
Scan Time: 12:36:15 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.20.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lavapill
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 531900
Time Elapsed: 3 hr, 59 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 06:00 PM

How are things running after these scans were completed and you rebooted your computer?

I am performing full scans.

 

So far nothing has been detected, but I still do experience web pages to be loading slowly or not loading. No experience in downloading, but they do stop and resume.

 

After using Malwarebytes, I used Spybot Search and Destory rookit scan and found strange things like f_0007c0; invisible to win32.

I searched it up and it seems to be some sort of a backdoor for other infections.

 

I still have two more scans left, and I will post of the results ASAP.



#15 Lavapill

Lavapill
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 December 2014 - 06:55 PM

Mod Edit:  Removed ComboFix log data, not allowed/used in this forum - Hamluis.


Edited by hamluis, 21 December 2014 - 11:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users