Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Internet Explorer


  • Please log in to reply
9 replies to this topic

#1 curlyjim

curlyjim

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greater Manchester
  • Local time:01:13 PM

Posted 14 May 2007 - 02:01 PM

Hello all. I have been having so many problems with this dammed computer that i haven't even been able to introduce myself yet, but i will when I get it sorted. Basically my problems started a couple of weeks ago when my son inadvertantly introduced a virus through a spammed e-mail. My anti virus said that it was a w32 internet selfstarter and that it couldn't delete it. I managed to download system doctor5 and that is when my problems really started. The system slowed to a virtual halt because after a little exploration, i saw that the cpu was running at 100% virtually all the time. The process causing it was called swdsvc.exe which is attributable to system doctor which i subsequently binned and now the system runs so smoothly except when i try to use the internet. I use Firefox as my browser but everytime i use it, internet explorer keeps loading page after page of unsolicited nonsense and every time i close a page, another one takes it place. I've had another look just now and found that i can't delete explorer, the system won't let me so what i've done is to try and disable it by giving it a false proxy server address so it cant make a html connection. The fact that at long last i can actually use the internet in peace (for the moment anyway) might mean that it's worked. My question to you good people is this: Is there anything else that i can do short of replacing the hdd (which i was going to do at the end of the month) I am not particlarly savvy with computers, as i say, it has taken me nearly a fortnight of trying, failing, screaming and weeping just to get this far. I feel that it's nearly there but i will be gutted if it all goes pear-shaped on me again.
Thanks for any help you can offer.

BC AdBot (Login to Remove)

 


#2 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:06:13 PM

Posted 14 May 2007 - 07:28 PM

Hi curlyjim,

Don't give up hope yet Boo, go "Here" and start reading at the top of the page and follow ALL of the instructions and someone will help you. Heck you might even be able to fix it yourself just by following the instructions.

Good luck Boo,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#3 rajeshontheweb

rajeshontheweb

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 15 May 2007 - 06:28 AM

try using https://addons.mozilla.org/en-US/firefox/addon/1865 - adblockplus which will block access to most popup sites and check again if firefox is your default internet browser

you better use http://www.mvps.org/winhelp2002/hosts.htm which is the best replacement for proxy on internet explorer which u were doing. it blocks access to a wide range of blacklisted sites and hence if there is some ie window that pops up, i cannot load content from sites deemed harmful..
then u could use internet explorer for all the normal sites, only access to malicious sites wont be available..

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 PM

Posted 15 May 2007 - 09:48 AM

swdsvc.exe is related to SpywareDoctor from PC Tools, not system doctor. Are you sure about the name of the program you used. swdsvc.exe has also been reported to cause high cpu usage according to the folks at the PC Tools forum. If SpywareDoctor is what you have, then you may want to uninstall it and see how your computer performs without that program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 curlyjim

curlyjim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greater Manchester
  • Local time:01:13 PM

Posted 15 May 2007 - 02:55 PM

Hello again folks. I've tried a few of your collective suggestions and my thanks for the responses.
Firstly to Quietman, it was indeed Spyware Doctor that was causing the problem and using up all my cpu. I deleted it and the system ran a hell of a lot quicker, but it looks as though my old problem has come back to haunt me again. Microsoft internet explorer has just popped up again as i was writing this with some blasted lovefilm dvd site. I downloaded the add-ons suggested by rajeshonthe web but it hasn't made any difference. I've checked the LAN settings for it and it's still got the false address i gave it last night so how is it finding it's way around it? As far as virus' go, my system detected 'W32 internet selfstarter trojan! maximus' just the once but i've seen no reference to it since, XSoft SE detected a vundo trojan for which i downloaded a tool from Symantec designed specifically to erase it which it tells me that it did successfully. I run an adware, malware and anti-virus scan virtually every other day now and none of them are picking anything significant up.
As far as the computer itself goes, it is running smoother than it has done for a long time, the only problem that i still have is these dammed pop-ups from explorer every time i try to use the internet. Any further help would be greatly appreciated. Oh before i forget, Wendy, i tried your suggestion at the first instance a fortnight ago but it was unsuccessful, it couldn't scan my system and then the Norton utility couldn't connect to the server but i did manage to download a couple of the programmes which i am still using so thanks for that one.
Well I'll fiddle with some buttons and scratch my balding pate for a while longer and let you know if anything works.
Thanks guys
Alex

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 PM

Posted 15 May 2007 - 06:14 PM

The Symantec tool is not effective against all vundo variants and you may still have remnants on your system. I recommend that you follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Winfixer/Virtumonde/Msevents/Trojan.vundo".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 curlyjim

curlyjim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greater Manchester
  • Local time:01:13 PM

Posted 16 May 2007 - 01:53 PM

Hello once more guys and gals.
Just thought I'd give an update of my progress thus far. Thanks all for the info you've given.
I followed the link Quietman and downloaded Vundofix and set it about it's business. After reboot, I tried a couple of web sites, closed and opened my browser a few times and all seemed fine; that is until a pop-up advertising gym membership appeared. ME in a gym!!? :thumbsup: After that, I downloaded Virtumundobegone and booted it up in safe mode as instructed. Funnily enough, i found that my mouse won't work in safe mode (which is something else for me to look at later) The programme did it's work and informed me that there was nothing found..'exciting' it added rather forlornly at the end of the process. I rebooted normally and got the message C:\WINDOWS\system32\uaasiofo.dll and that the specified module could not be found. Anyone know what this means? It doesn't seem to have effected the computer, it still runs fine except for these frustrating pop-ups when using the internet. I think that I might cut my losses and get me a new hard drive next week. This thing is a bit of a dinosaur (bit like meself really) and only has a 20GB HDD and I fancy one of those shiny new 250GB that I have seen very reasonably priced, but I am a tenacious old sod and if just for the experience, i would love to get to the bottom of this little puzzle so please keep those ideas and suggestions coming.
Thanks once again
Alex

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 PM

Posted 16 May 2007 - 02:22 PM

Windows is trying to load uaasiofo.dll but cannot locate it. The file was probably malware and removed when using some of the specialized fix tools. However, an associated registry entry is telling Windows to load it when you boot up.

When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the entry, Windows will display an error message indicating that the file was not found. You need to remove this registry entry so Windows stops searching for the program when it loads. To resolve this download and run Autoruns, search for the related entry and then delete it.

Do the pop up alerts look like the one in the example shown here? If so, it indicates your system is not secure and you should follow the instructions to "Disable Windows Messenger Service".

If not, please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

When you have done that, post your log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 curlyjim

curlyjim
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greater Manchester
  • Local time:01:13 PM

Posted 22 May 2007 - 01:56 PM

Hi All
Brilliant, what else can I say about this forum except Brilliant. Thanks to your help, this computer has never run so quickly or smoothly. Quietman, your help and advice has been invaluable and I bow to your omnipotence sir! you are a gentleman. (Oops, I am presuming you are a gent?)
Indeed, a huge thank you to everyone who contributed help and advise with my little malady. It's cured, I'm cured and I'm sooo happy I could sing, but with a voice like a cinder trapped under the cellar door perhaps not..Anyway, thanks again folks and keep up the good work, this is an excellent site you have here :thumbsup:
All the best for now
Alex

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:13 PM

Posted 22 May 2007 - 02:17 PM

Your quite welcome and thanks for the kind feedback to our BC Community. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users