Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Apparent virus, sluggish performance, antivirus programs refuse to run


  • This topic is locked This topic is locked
4 replies to this topic

#1 bonapartist1

bonapartist1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 17 May 2016 - 12:29 AM

Hello all, sincere thanks to all those who take time to help people on this forum. My win7 system is acting up very very badly...

 

I recently ran my avast full scan and came up with the sality 32 virus, and ran the specific AVG removal tool exe which I believe (days ago..) said it was clear, then use the computer for a few days, and updated Avast before doing a system reboot, also did a malwarebytes can and an adaware scan as well which both came back clean before rebooting. Reboot took about 30 minutes, very scary. And sure enough, things are very sluggish, I have no apparent internet access (websites just load forever)I am seemingly locked out of admin access (cannot rename antivirus files so they would hopefully run), folders on desktop reliably require a double set of double-clicks to open and are sluggish, antivirus programs either fail to launch completely (mbam, Avast,  adware) or Superantispyware slowwly loading up (15 minute wait) and then constantly hanging/failing to respond at its update reminder screen.

 

Hijackthis does work yet gives me a message I've never seen about not being able to scan host files. When I run the command line like instructed by hijackthis it seems to just give me a stock, sample HOSTS file.

 

Right now I am not in safemode, should I immediatley reboot and retry antivirus programs? I am going to attach some images of my hijack this log. I have managed to actually get to the second screen of superantispyware and am hoping I can get it to actually do a quick scan.. Seems like a very faint chance at best it keeps hanging for 6-10 minutes at a time. I worry that trying to restart into safemode will allow the virus to progress further, or am I just a complete idiot?

 

Other odd things are how most programs are extremely sluggish yet mozilla and chrome load up almost instantly yet fail to load any webpages. Before I restarted I was trying to access a SD card using the built in SD card reader on my Dell XPS desktop and it would not come up whatsoever, which is what prompted my restart initially.

Attached Files

  • Attached File  1.jpg   191.35KB   0 downloads
  • Attached File  2.jpg   141.08KB   0 downloads
  • Attached File  3.jpg   231.11KB   0 downloads

Edited by bonapartist1, 17 May 2016 - 12:37 AM.


BC AdBot (Login to Remove)

 


#2 bonapartist1

bonapartist1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 17 May 2016 - 12:41 AM

very sorry to reply to my own thread, just wanted to add two additional photos of what the Hijackthis instructions generated and also my task manager. Task manager is also extremely snappy and is not running sluggishly like most things...

 

Exciting, bizarre updates...

 

Starting up a VLC file seemingly changed things.. For one, I have system sound but cannot get VLC to produce any sound, or register on the mixer. Avast suddenly loaded and I am now running a quick scan and also Superantispyware is also running a scan and is now showing me 231 detected threats FFS after only 2 and a half minutes running... And now I have internet access again with websites loading snappily yet youtube videos refusing to load...... All 231 were ad tracking cookies and I have a log.. NOw hijackthis runs normally without that additional request I've never seen.

 

What ze hell is going on?

 

Another update: was typing another response on the infected system when I decided to attempt renaming Mbam.exe to see if I had admin access... This caused the computer has seemingly locked up for five minutes now with a nice audio error (Errrrrrrr sound) and no movement of the mouse, no signs of life. I figure let it sit for at least 15 or 20 before hard reseting into safemode?

Attached Files

  • Attached File  4.jpg   122.17KB   0 downloads
  • Attached File  5.jpg   179.71KB   0 downloads

Edited by bonapartist1, 17 May 2016 - 01:10 AM.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:35 AM

Posted 17 May 2016 - 02:03 AM

Hello bonapartist1 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Uninstall programs

Please uninstall these programs:

Spybot Search&Destroy
Ad-Aware


===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:35 AM

Posted 20 May 2016 - 06:31 AM

Hi bonapartist1

It has been several days since I replied to your request for help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,797 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:35 AM

Posted 22 May 2016 - 06:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users