Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Freezing Maybe Spy Ware Infected


  • Please log in to reply
9 replies to this topic

#1 rachy

rachy

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 12 January 2007 - 10:20 AM

hello, my pc is freezing and going really slow, also takes a while for my pc to boot up, my IE crashes alot to, i tryed 2 do some updates today but they said they were unsuccesful and un able to install the windows came with the computer.... i think it maybe spyware infected was wondering if you could plz help me would really appriciate it thanks a lot xx

Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 12 January 2007 - 10:47 AM.


BC AdBot (Login to Remove)

 


m

#2 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 12 January 2007 - 10:31 AM

It will be a good idea to run a couple of virus scans.

Also, you can post in the HijackThis section of the forum, where someone will assist you and help you to remove the problem, if that's what it is.

#3 rachy

rachy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 12 January 2007 - 01:35 PM

iv scanned with my anti virus nothing comes up xx

#4 rachy

rachy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 12 January 2007 - 01:51 PM

im also getting the message virtual memory to low...... and having a problem with things (not responding) im really not ne good with computers i no a few things if u talk in 'baby lang' to me lol thanks xx

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 12 January 2007 - 02:28 PM

What is your OS (XP),you're Antivirus, amount of RAM

Try to scan with these and see if things get a bit better so you can update.

http://www.superantispyware.com/

Free home user version...download ,insattll and update. try to run scan in Safe Mode ..Instructions _ how to open in Safe Mode, if can not then run in normal

Next Run this online scan in normal mode

http://housecall.trendmicro.com/

If XP run this Scan by clicking ONLY the box saying "Full Service Scan" mid-page

http://safety.live.com/site/en-us/default

Let us know results or any firther questions

Virtual memory settings

How to manually change the size of the virtual memory paging file
You must be logged on as an administrator or as a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 1. Click Start, click Run, and then type sysdm.cpl in the Open box.
2. Click the Advanced tab, and then click Settings under Performance.
3. Click the Advanced tab, and then click Change under Virtual memory.
4. Under Drive [Volume Label], click the drive that contains the paging file that you want to change.
5. Under Paging file size for selected drive, click Custom size, type a new paging file size in megabytes (MB) in the Initial size (MB) or Maximum size (MB) box, and then click Set.
If you decrease the size of either the initial or maximum paging file settings, you must restart your computer to see the effects of those changes. When you increase the paging file size, you typically do not have to restart your computer.

Notes• To have Windows select the best paging file size, click System managed size. The recommended minimum size is equivalent to 1.5 times the RAM on your computer, and 3 times that figure for the maximum size. For example, if you have 256 MB of RAM, the minimum size is 384 MB, and the maximum size is 1152 MB.
• For best performance, do not set the initial size to less than the minimum recommended size under Total paging file size for all drives. The recommended size is equivalent to 1.5 times the RAM on your computer. It is good practice to leave the paging file at its recommended size. However, you may increase its size if you frequently use programs that use much memory.
• To delete a paging file, set both the initial size and the maximum size to zero, or click No paging file. We strongly recommend that you do not disable or delete the paging file.


http://support.microsoft.com/kb/308417

Edited by boopme, 12 January 2007 - 02:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rachy

rachy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 13 January 2007 - 07:53 AM

iv just done the superspyware scan this was the report.....

SUPERAntiSpyware Scan Log
Generated 01/12/2007 at 11:28 PM

Application Version : 3.4.1000

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Quick Scan
Total Scan Time : 00:16:35

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 808
Registry threats detected : 2
File items scanned : 13496
File threats detected : 119

Adware.Tracking Cookie
C:\Documents and Settings\rachel evans\Cookies\rachel evans@revsci[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@e-2dj6whloshazsfp.stats.esomniture[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ad1.emediate[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@doubleclick[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ads.as4x.tmcs[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@6038405[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@advertising[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1070240403[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ads.pointroll[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@msnportal.112.2o7[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@clickthrough.wegcash[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@pro-market[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@247realmedia[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@statcounter[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@statse.webtrendslive[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@programs.wegcash[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@as-eu.falkag[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ads.addynamix[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@try.starware[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@questionmarket[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@184905[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@tradedoubler[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adtech[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adserver.easyad[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@server.iad.liveperson[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adopt.euroclick[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@cgi-bin[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@www.burstnet[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@atwola[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@free.wegcash[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1072592119[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@tribalfusion[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@bs.serving-sys[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1072059939[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1063062431[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@serving-sys[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@realmedia[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@maxserving[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@s[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adbrite[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@kanoodle[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adrevolver[3].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@mb[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adopt.hbmediapro[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@casalemedia[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@mb[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@indexstats[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adrevolver[4].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@2o7[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@www.clicktorrent[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ad.zanox[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adrevolver[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1071470050[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@atdmt[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@clicktorrent[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adecn[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@ad.yieldmanager[4].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@indextools[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@rotator.adjuggler[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@a[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1069724997[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@cbs.112.2o7[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@yieldmanager[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1069062709[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1067625307[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@fastclick[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1068772336[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@zedo[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@interclick[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@1071652769[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@stats.channel4[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@adv.webmd[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@burstnet[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@tacoda[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@overture[2].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@mediaplex[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@media.fastclick[1].txt
C:\Documents and Settings\rachel evans\Cookies\rachel evans@stats[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@ad.yieldmanager[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@ads.addynamix[2].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@as-eu.falkag[2].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@atdmt[2].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@doubleclick[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@fastclick[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@hypertracker[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@ilead.itrack[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@indexstats[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@interclick[2].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@mediaplex[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@tradedoubler[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@tribalfusion[1].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@yieldmanager[2].txt
C:\Documents and Settings\chris evans\Cookies\chris evans@zedo[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@ad.yieldmanager[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@ad.zanox[1].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@ads.monster[1].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@ads.realtechnetwork[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@belnk[1].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@dist.belnk[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@jamster.co[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@m1.webstats4u[2].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@tacoda[1].txt
C:\Documents and Settings\rachel evans\Local Settings\Temp\Cookies\rachel evans@www.dgm2[2].txt

Malware.SpywareBot
HKU\S-1-5-21-1791336992-3955469494-3839187279-1007\Software\SpywareBot
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#spywarebot [ C:\Program Files\SpywareBot\SpywareBot.exe -boot ]
C:\Program Files\SpywareBot\DataBaseNew.ref
C:\Program Files\SpywareBot\HOSTS Backups
C:\Program Files\SpywareBot\Log\log_2006_11_09_19_32_48.log
C:\Program Files\SpywareBot\Log\log_2006_11_09_19_32_52.log
C:\Program Files\SpywareBot\Log\spywarelog.txt
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Quarantine
C:\Program Files\SpywareBot\Registry Backups
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot

Adware.SystemProcess
C:\WINDOWS\SYSTEM32\NAVSHEXT1.DLL

tryed to to the links u gave me but the house call one said the was an error and it wouldnt work and the safey line page wouldnt load.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 13 January 2007 - 10:47 AM

Hello rachy,
Try one more online scan
http://www.pandasoftware.com/products/ActiveScan.htm

Then regardless you will have to post a Hijackthis log.These folks will walk you thru the fix. Follow these instructions

Preparation Guide for use before posting a HijackThis Log

Post that info here http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Click new topic and add log.
Once you've posted the log PLEASE do not make any changes to your PC until the team member advises tou to. It will only hinder the solution.
The pinned topics at the top of the log posting link are helpful reading while you wait.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 rachy

rachy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 17 January 2007 - 12:20 PM

iv posted on the hijack page im getting no responce the problem is getting worse iv just done another sacn and it said i had
Backdoor.ICR bot
Backdoor.system21kewlbuttonz
also.... trojan.silme (pixalert) and the pixalert is the end progamme that pops up b4 my computer closes down which take ages...
im really at my wits end with it all lol and i just dont where 2 start

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 AM

Posted 17 January 2007 - 01:23 PM

hello rachy. a couple of things. Please hang on ..I know it is tough..
Do not reply to ypur HJ log... by doing so ,slows your assisstance down,
until a team member contacts you there. The team looks for posts with 0 replies first as that says 'Not Helped Yet" to them.

They are a very busy bunch of Volunteers and will be to you soon. But in the somewhat rare event click the link
Haven't Had A Reply In Five Days?, Post your link

You have run the scans in safe mode. If you have further questions post in this link.
Otherwise respond to the HJTeam there as requested.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 rachy

rachy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk
  • Local time:04:14 PM

Posted 17 January 2007 - 01:27 PM

thanks for ure help i no it hasnt been 5 days but as each day passes my pc is just getting worse and im affaid 2 switch it on 1day to find it wont switch on :thumbsup: i no there every busy but its frustrating seeing other people posting up 2day and getting answers straight away and im just panic alot lol




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users