Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mothers old computer infected- slow and useless


  • Please log in to reply
5 replies to this topic

#1 pointyblob

pointyblob

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:10 AM

Posted 06 February 2016 - 06:40 PM

 

 

I recently inherited an old computer from my mother. It's a windows XP (32 bit) I was hoping to give it upgrade, but it turns out Trojan viruses are slowing it down. Whatever it is, it doesn't allow any security/defense programs to run.This includes malwarebytes(chameleon included) and all versions of RKill, no matter the name. 

 

It doesn't appear to do anything other than slow the computer down at first glance, however when shutting the computer off several prompts come up along with what i assume to be popup ads in internet explorer (they never fully load before the computer shuts off). The prompts read something similar to: "____.exe could not initialize as windows is shutting off" LOT'S of these come up with different titles, (dllhost, ctfmon, notepad, they load too fast to read) while these are actual things located in windows, I also think it's a possibility that the viruses named themselves after these to avoid getting caught by any defense programs. 

 

I'm not very experienced in computers, and I've never had to deal with a virus before, so any help would be greatly appreciated. 

 

 

-Ripley


Edited by Chris Cosgrove, 06 February 2016 - 06:58 PM.
Inaccurate comment removed, now in correct section.


BC AdBot (Login to Remove)

 


#2 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 AM

Posted 06 February 2016 - 07:38 PM

You aren't able to install malwarebytes or get it to run a scan at all?

Try the following:

 

 

[-Running NoBot-]
Download NoBot from here and save it to your Desktop.
 
• Double-click NoBot.exe
Go to File -> Settings and make sure the following are checked
• Detect Suspicious File Paths
• Scan Registry
• Detect Dropped Files
Spoiler
• Then Click the Scan button. 
• Once the scan is finished You can view the Scan log by going to File -> Scan Logs. Then copy and paste the scan log here.
It is recommend to post the scan log here before removing any files detected unless you know for sure the file found is infected.
 
 
[-Running SuperAntiSpyware-]
Download RogueKiller from here and save it to your Desktop.
 
• Double-click SUPERAntiSpyware.exe
• Proceed through the Install.
• Click the Scan This Computer button.
• Then Click the Complete Scan button. (This will do a full scan of your computer)
•Once the scan is finished remove what it finds.
 
 
 
You also mentioned the popup ads. However I'd recommend running the 2 scans above to try and remove any virus that's trying to interfere with other Anti-malware products from running. After that try running Adwcleaner (If you haven't already)
 
[-Running AdwCleaner-]
Download AdwCleaner from here and save it to your Desktop.
 
• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile
 

Edited by TazzyOpz, 06 February 2016 - 07:46 PM.

Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
My Website


#3 pointyblob

pointyblob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:10 AM

Posted 12 February 2016 - 11:32 AM

Hey sorry for such a late response:

 

Before you replied with that I restored the computer to a few months ago. that got rid of the errors popping up at shutdown along with the popup ads. However, few minutes after starting up the computer today internet explorer (which is not the default browser) popped up. the page didnt load but a prompt came up asking for confirmation that i wanted to download some DLL file. I obviously declined.  

 

nobot will not run. it encounters an error while scanning 

 

super anti spyware seemed pretty mediocre but i ran it anyways. Came up with some adware.

 

here is the adwcleaner log-

 

 

# AdwCleaner v5.033 - Logfile created 12/02/2016 at 08:02:04
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - YOUR-487A8A48FB
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\imeshbandmltbpi
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\Yahoo!\Companion
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\iMesh
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[-] Folder Deleted : C:\Program Files\FunWebProducts
[-] Folder Deleted : C:\Program Files\iMesh Applications
[-] Folder Deleted : C:\Program Files\Yontoo Layers
 
***** [ Files ] *****
 
***** [ DLLs ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled tasks ] *****
 
 
Malwarebytes still doesn't run. if you have further ideas/intructions please tell me
 
-Ripley


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 12 February 2016 - 02:45 PM

Hello Ripley
  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pointyblob

pointyblob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:10 AM

Posted 13 February 2016 - 02:54 PM

Hello Ripley

  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

 

Attempting this now, 

 

Edit: None of these files work. Clicking on it has no action (not even an error message). it might load for a second but nothing pops up. It is like this for Rkill as well, i feel like i should mention that. Thank you, though. 

 

-Ripley


Edited by pointyblob, 13 February 2016 - 03:08 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,078 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 15 February 2016 - 03:58 PM

Please try these while I fix that...

https://support.malwarebytes.org/customer/portal/articles/1833358-how-do-i-use-malwarebytes-chameleon-to-run-malwarebytes-anti-malware-on-an-infected-system-?b_id=6447
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users