[RESOLVED] Trojan made computer act crazy

42 posts in this topic

ID: 26   Posted

Good. Go on...


Share this post


Link to post
Share on other sites

ID: 27   Posted

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player 10.0.42.34

Adobe Reader 9.4.0

Mozilla Firefox (3.5.6) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Microsoft Security Essentials msseces.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


Share this post


Link to post
Share on other sites

ID: 28   Posted

Please, update Firefox to current, 3.6.12 version.


Share this post


Link to post
Share on other sites

ID: 29   Posted

Broni, I will just uninstall firefox because I do not use it anymore. Also the time it takes this computer to do things is a problem. I am not sure what is going on but something is really wrong. I do not know how to test the hard drive other than the windows test using the error checking method. It took 15 minutes to boot after we run the last fix using the OTL program. Any suggestions on what I should do next. How would I tell if the hardware is the problem? I know in the last few weeks when I open up word perfect 8 the screen will go black. Anyway do you think the system is now virus free? I did not yet run the virus test you told me to. I clicked on it and 20 minutes later it was still doing something but never started. I know this computer used to run much faster than it is now. Thanks for any tips you may have. Stan


Share this post


Link to post
Share on other sites

ID: 30   Posted

I want you to finish all steps (Eset scan) and I'll see what else we can do.


Share this post


Link to post
Share on other sites

ID: 31   Posted

I will see if I can do that tomorrow. Thanks again for you time on this, People like you are rare. Someone willing to help someone today is a special person. You will be repaid one of these days. Thanks again. Stan


Share this post


Link to post
Share on other sites

ID: 32   Posted

You're very welcome smiley_says_hello.gif


Share this post


Link to post
Share on other sites

ID: 33   Posted

C:\noadwarefullv5.exe multiple threats deleted - quarantined

C:\Documents and Settings\Richardson\My Documents\PerfectOptimizer_V52.exe a variant of Win32/Adware.PerfectOptimizer application deleted - quarantined

C:\System Volume Information\_restore{BFD3FFDF-4FB6-4D00-AF9A-BB5A9227E7BB}\RP1548\A0590200.exe multiple threats deleted - quarantined

I also rounded up another 256 meg of ram and it made a difference in the speed. I may go and order 1 gig. The computer is running a little better than yesterday. Stan


Share this post


Link to post
Share on other sites

ID: 34   Posted

How is boot time?

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:


:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot][/code]

  • Then click the [b][color=red]Run Fix[/color][/b] button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with [b]OTL[/b]:

  • Double-click [b]OTL.exe[/b] to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the [b]CLEANUP[/b] button
  • Say [b]Yes[/b] to the prompt and then allow the program to reboot your computer.

[u]If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.[/u]

3. Make sure, [b]Windows Updates[/b] are current.

4. [color=red]If any [b]Trojan[/b] was listed among your infection(s), make sure, you [u]change all of your on-line important passwords[/u] (bank account(s), secured web sites, etc.) [b]immediately[/b]![/color]

5. Download, and install [b]WOT[/b] (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run [b]Malwarebytes[/b] "Quick scan" once in a while to assure safety of your computer.

7. Run [b]Temporary File Cleaner[/b] (TFC) weekly.

8. Download and install [b]Secunia Personal Software Inspector (PSI)[/b]: http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.

The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read [b]How did I get infected?, With steps so it does not happen again![/b]: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.


Share this post


Link to post
Share on other sites

ID: 35   Posted

All processes killed

Error: Unable to interpret <:OTL :OTL > in the current context!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

->Temp folder emptied: 4008 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Richardson

->Temp folder emptied: 403 bytes

->Temporary Internet Files folder emptied: 378276 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 11950 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1409 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

User: Richardson

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Richardson

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

->Flash cache emptied: 0 bytes

User: My Documents

User: NetworkService

User: Richardson

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to stop service SRService!

OTL by OldTimer - Version 3.2.17.3 log created on 11082010_164604

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Share this post


Link to post
Share on other sites

ID: 36   Posted

Go on....


Share this post


Link to post
Share on other sites

ID: 37   Posted

Its running much better Broni. I will install the new ram when I get it and report back. Thanks again so much for your time on helping me. Stan


Share this post


Link to post
Share on other sites

ID: 38   Posted

Way to go!! p4193510.gif

Good luck and stay safe :)


Share this post


Link to post
Share on other sites

ID: 39   Posted

I got the ram today. I now have 1 gig. The computer runs much faster but I still have problems. I installed microsoft's antivirus software and since I did the install my cpu is being used 100%. Two things are using it, MSMPENG.EXE MRT.EXE are eating of the cpu resources. I just removed the microsoft antivirus and the speed is back but now when I open up my Corel 8 the screen resolution changes. The screen actually goes black for a few seconds and the it shows very little color,like in safe mode. I close the program and it goes back to normal but I have to move things to the right or left using monitor setting so I am able to see what I am viewing, I have Corel 9 installed and it does not do it. I never noticed this happening until I got hit with these trojans, may not have anything to do with it though. Anyway to check this. Also which one of the antivirus programs you suggested would use less memory? Thanks for anymore tips on this computer. Stan


Share this post


Link to post
Share on other sites

ID: 40   Posted

Before we go anywhere, we need to clarify couple of things.

1. You installed MSE on November 7th. Did the CPU issue start right then? You didn't say anything.

2. Why do you need two Corel versions?


Share this post


Link to post
Share on other sites

ID: 41   Posted

The CPU problem did start with the install of Microsoft's version on anti virus. Sorry I did not explain this better. I have used AVG in the past and liked it very much so I removed Microsoft's and installed AVG. It works much better now and no CPU high usage. As for the Corel I was using Corel 8 and never had a problem with it until about three weeks ago. That is when it starting making the monitor go black and the screen resolution changing. I only installed 9 to see if the problem went away. I really wanted 8 because that is what I have been using. No big deal, maybe I can find a fix in Corel forums. I just thought that getting the Trojans could have messed up the registry or something. Thanks again for your expert help here. Stan


Share this post


Link to post
Share on other sites

ID: 42   Posted

You're welcome once more :)


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.