Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Slow And Non Responsive At Times


  • Please log in to reply
4 replies to this topic

#1 Kylie

Kylie

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 10 June 2007 - 01:05 AM

Hi, Im new to these forums and have very basic computer knowledge. My computer is at times unresponsive ie it will work then all of a sudden either stop responding, slow right down or completely shut off on its own. I do regular adware checks and also use AVG free antivirus. I also noticed that my norton firewall was disabled, when I restart my computer it is always disabled again, so im always having to turn it on. I did enstall windows defender firewall but it wont open for me at all due to unidentified problem.

I have run the bitdefender online scan which picked up the following..
C:\Documents and Settings\Owner\Local Settings\Temp\tmp1.{f16ab9b0-11d5-44ca-9960-20061a1527c8}.QQQ=>{f16ab9b0-11d5-44ca-9960-20061a1527c8}
Infected with: Exploit.Win32.WMF-PFV.B

C:\Documents and Settings\Owner\Local Settings\Temp\tmp1.{f16ab9b0-11d5-44ca-9960-20061a1527c8}.QQQ=>{f16ab9b0-11d5-44ca-9960-20061a1527c8}
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temp\tmp1.{f16ab9b0-11d5-44ca-9960-20061a1527c8}.QQQ=>{f16ab9b0-11d5-44ca-9960-20061a1527c8}
Deleted

C:\Documents and Settings\Owner\Local Settings\Temp\tmp1.{f16ab9b0-11d5-44ca-9960-20061a1527c8}.QQQ
Update failed

Also after using your database section for startup programs, it seems some of my startup programmes are questionable, although I did use the autorun that was suggested, I couldnt make heads or tails of the information it provided, although I did keep a copy of it.

I appreciate any help that I may be given and thanks in advance. As I said I have only basic computer knowledge so it is my hope that all of the above hasnt confused you too much.

Kylie

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 PM

Posted 10 June 2007 - 07:04 AM

Welcome Kylie

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file generated in the System Cleaner folder.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

This tool generates a log file (sysclean.log) in the same folder where the scan is completed. When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations. The scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

Next, download and scan with SUPERAntiSpyware Free for Home Users .

When using startup managers like Startup Control Panel or Autoruns or Starter by CodeStuff, if you are unsure what any of the startup entries are or if they are safe to disable, then search one of the following Startup Databases:
Startup Programs Database
StartupList Index
If you untick an entry it will no longer run at startup. This will allow you to experiment and see how your system performs with any of them disabled. Note: some startup programs are necessary so be careful what you disable.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Kylie

Kylie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 11 June 2007 - 11:11 PM

Hi first I would like to say a big thank you for the help I realise the time it must take to do this and its appreciated.
I did everything that you suggested and it did clean a few things up, quite proud of myself actually lol but couldnt have done it without such detailed and clear instructions, and my computer seems to be running better (touch wood).
I have just run another online bitdefender scan and I still have this showing up though....
BitDefender Online Scanner - Real Time Virus Report



Generated at: Tue, Jun 12, 2007 - 13:19:24


--------------------------------------------------------------------------------


Scan Info



Scanned Files
99935

Infected Files
1

Virus Detected



Exploit.Win32.WMF-PFV.B
1



Is there anything more I can do to clear this particular virus ? Thanks again in advance.

Kylie

#4 Kylie

Kylie
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 13 June 2007 - 12:29 AM

Hi again, I have done the autorun and I have a start up entry that is confusing me. The name of it is gdi32.dll
Decscription..GDI Client DLL. When I ran it through the startup datbase it came up as the following.

Name: ms_net_update
Filename: <Original Filename of Worm>.exe
Command: C:\Windows\System32\<Original Filename of Worm>.exe
Description: Added by the W32/Womble-A mass mailing worm. W32/Womble-A uses Exp/WMF-A which exploits a vulnerability in the image rendering functionality of the DLL GDI32.DLL, which allows the execution of arbitrary code (MS06-001).
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
HijackThis Category: O4 Entry
Note: %System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP.

I did a google search of it and Ive read that this file is needed to run windows and not to delete it (confusing) Then I ran it through the jotti prgramme and it couldnt scan it because it said it was either being blocked by a firewall or malware, also after I tried the jotti filescan I now have a small, blue 'Internet Explorer' bar across the bottom of my screen that wont close. Ive also searched my computer for it and there are quite a few entries that come up.

Could someone please help me with this as Im sure its a bug but not sure enough to know what to do.
Thanks for your time
Kylie

#5 buddy215

buddy215

  • Moderator
  • 13,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:18 PM

Posted 13 June 2007 - 07:43 AM

You did not say where the file Bit Defender identified is located, but due to other problems you are reporting, I would suggest you post a Hijack This log in the Hijack This Forum. Do Not Post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users