Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is extremely slow, can't open control panel or enable avast


  • Please log in to reply
5 replies to this topic

#1 Hermesx

Hermesx

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 11 February 2016 - 03:04 PM

I had some family at my house over the weekend who used our desktop computer. At one point they were on an unfamiliar website and clicked on an ad that opened a window with a fake error pop up that wouldn't close unless you selected the "prevent window from creating additional pop ups" box.

So I selected that, exited the site and didn't think much of it. 

Fast forward to yesterday, I attempted to boot up the PC and it booted normally. But, as soon as it got to the desktop it struggled to load any programs I have that are to be booted on startup. I also noticed that my Avast antivirus protection was turned off and Windows also notified me that windows defender had been shut off aswell. Opening avast or anything for that matter is nearly impossible (as I'm typing this in safe mode) and even upon entering safe mode I am still unable to start avast's active protection. I ran a full scan with malwarebytes! which found nothing and after that I ran a scan with ESET online scanner overnight which removed 3 PUPs and something named "HTML/Iframe.B trojan".

 

I came home from school today and noticed ESET had gotten rid of a number of things and proceeded to try a regular boot. Yet again, ridiculously slow (if at all) load times and my antivirus is still ineffective.

 

I'm not going to try to narrow it down as the slow load times could be from something other than malware, but if neither ESET or malwarebytes! was able to find it I'm not sure what to try next.

 

Any help at all would be appreciated. This is an older PC, but less than a week ago it was running reasonably well as compared to how slow it's crawling now.

 

Thanks,

 

Sam


Edited by Hermesx, 11 February 2016 - 03:06 PM.

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 AM

Posted 11 February 2016 - 07:07 PM

Microsoft says this about HTML/Iframe.B trojan...."This threat can perform a number of actions of a malicious hacker's choice on your PC".

 

Run a scan using RKill and then the other scans. You can reboot when one or more of the programs requires a reboot to complete  RKill Download

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the malware scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 12 February 2016 - 03:29 PM

 

Microsoft says this about HTML/Iframe.B trojan...."This threat can perform a number of actions of a malicious hacker's choice on your PC".

 

 

Is it okay to run all of these programs in safe mode? I pretty much can't run anything in a regular boot.


I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#4 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 AM

Posted 12 February 2016 - 03:41 PM

That's the reason I suggest running RKill first...it might be slow but it has a good chance of shutting down processes

that are causing the sloooooow.

 

Give that a try first....if it doesn't work...then try safe mode with networking.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Hermesx

Hermesx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 AM

Posted 12 February 2016 - 04:16 PM

Computer pretty much froze trying to open Rkill in a regular boot so all of this has been done in safe mode.

 

Logs:

Rkill:

Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/12/2016 03:33:51 PM
Execution time: 0 hours(s), 3 minute(s), and 18 seconds(s)

 

Emsisoft Emergency Kit - Version 11.0
Last update: 12/02/2016 3:40:52 PM
User account: Herron-HP\Herron
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/02/2016 3:41:12 PM
 
Scanned 83745
Found 0
 
Scan end: 12/02/2016 3:50:40 PM
Scan time: 0:09:28
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2542  bytes] ##########
# AdwCleaner v5.033 - Logfile created 12/02/2016 at 15:53:02
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Herron - HERRON-HP
# Running from : C:\Users\Herron\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3321 bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Herron (Limited) on 12/02/2016 at 16:09:13.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 20 
 
Successfully deleted: C:\Users\Herron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\ProgramData\SPL4F09.tmp (File) 
Successfully deleted: C:\ProgramData\SPL5F5E.tmp (File) 
Successfully deleted: C:\ProgramData\SPL66EC.tmp (File) 
Successfully deleted: C:\ProgramData\SPL8ACE.tmp (File) 
Successfully deleted: C:\ProgramData\SPL9CDA.tmp (File) 
Successfully deleted: C:\ProgramData\SPL9D67.tmp (File) 
Successfully deleted: C:\ProgramData\SPL9F5A.tmp (File) 
Successfully deleted: C:\ProgramData\SPLC438.tmp (File) 
Successfully deleted: C:\ProgramData\SPLC62B.tmp (File) 
Successfully deleted: C:\ProgramData\SPLCD3D.tmp (File) 
Successfully deleted: C:\ProgramData\SPLEB40.tmp (File) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3B1L22VS (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NFXFYC3 (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ6JV9GQ (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA9ANRV5 (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM2SIXET (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R413RWA0 (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2N6YGTN (Folder) 
Successfully deleted: C:\Users\Herron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYKWKGVF (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/02/2016 at 16:12:06.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I appreciate all the help that anyone ever provides me with. Thank you to everyone that has assisted me in the past. :)


#6 buddy215

buddy215

  • BC Advisor
  • 12,885 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:39 AM

Posted 12 February 2016 - 06:02 PM

I doubt what was removed was much help....is that right? If so..time to start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users