More darned malware - now is it dying?

ChrisR

ChrisR

Joined
24 Jul 2003
Messages
24,294
Reaction score
1,419
Location
London
Country
United Kingdom
This seemed to be just a spyware problem. That may have been cleared now. Things have changed, starting here:
http://www.diynot.com/forums/viewtopic.php?p=2008536#2008536


5 year old PC, XP kept updated.
Microsoft Sec Essentials was always enabled.
I had an old version of Norton working, ocassionally reporting that an intrusion had been stopped, but it stopped responding properly.
I updated IE to version 8.

Problems began around then of advertising sites popping up or redirections from eg Google result clicks, slow running and IE not working properly (white screen).

Problems continue, mostly with IE, but also sometimes with Firefox.
Not running Google Chrome or their toolbar.

I've run Malwarebytes and Superantispyware and Avast, and MCE

They all seem to find something to object to.
Last was
Rootkit: hidden boot sector MBR:\\.\PHYSICALDRIVE0

That was care of Avast, which is now every couple of minutes chirrupping that
-"a suspicious URL" was active, and quoting
srvchost.exe

Task manager did show that an instance of that process was taking 85% or so of the processor. I kept killing it and it would come back a minute or so later.

Sheesh I don't think I've had any intrusion problems in 5 years

I'll reboot and run a deep scan (again) overnight.
WHat would the recommended product(s) be?


By the way, when I ran ( I think it was ) Malwarebytes, it cleared a file which was hiding my ripoff copy of a program from its producer. Now it's disabled!
 
Avast boot scan run - took THIRTY SIX HOURS!

Tip - most of what it found was in Deleted emails reciseved folder, or attachments that had never been opened.
SO delete those before doing a scan
Als stuff inthe Recycle bin caused alerts.
Problem with a number of the alerts was that the scan stopped to prompt for a decision, quite a pain.
Then it scanned every single .jpg, .tiff and camera raw file, taking a couple of seconds for each. Bit of a pain when there are thousands of them. SUrely that's pretty pointless?

On reboot the pc was occupied with svchost.exe at 90% or so for 10 minutes :evil:

Now it's running I keep getting a pop-up warning saying this or something like it:
unledhzy.jpg

No idea what it means!

Now I've read through the sticky post at the top of the forum (perhaps it needs a different title??) I'm more confused than ever about what I should disable or leave running.


Edit
I'm STILL getting unwanted redirections to advertising sites when I click on Google search results.
JEEZ what do I have to do to get rid of it??

Next I got a screen whcih looked just like the Microsoft Security Essentials one saying it had found the problem and prompting for the removal. But the address header said "newwowtoolxp.com" and it wanted to download an exe file so i stopped...
 
Ok, It's about 20,000 characters on 478 lines. .
Do you need all of it?

Router - it's a Draytek Vigor summatorother, umm...
(Not set up properly. 2 wired computers share internet (cable) OK, but they can't see each other and wireless doesn't work)
 
yeah, an attachment would probably be easiest, and i do need all of it pls.
also its important that i have the full model number of the router.
 
Bloomin eck, this is hard work.
I've had a lot of crashes and freezes. Superantispyware runs for about 10 minutes at boot up. But it has cleared the redirection problem, it seems.

Bootup in fact has become a long business. About 5 minutes of normal booted screen, the XP field on a hill, with the program icons on it. If I actually RUN anything MUCH in the first several minutes, it freezes after starting up the application. Task Manager show System Idle at 97% or so, but nothing runs. Task manager then won't reun either.. Sometimes not even the mouse moving. Then it needs a reboot.

If I leave it (unfrozen, but not running any apps) for five minutes, SuperAntiSpyware takes 98% of the processor for TEN minutes. Then I have a working PC. All seems fine, except it occasionally stops dead. If I then leave it for many minutes, it MIGHT recover.

All getting a bit silly now. Does this sound like a hardware problem? Connector maybe?
I have "Avast" runing so have deleted Super-AS. What will happen next time, heaven knows.
 
Oh ok, I'll have another go. I'll store it online somehere so I can delete it later. What are you looking for?

Yer tiz:

Thanks
 
You've got a proper job going on there. Sounds like you've got several live ones, and when a computer is in that state you may want to consider reformatting and reinstalling windows.

Obviously you'll need to reinstall all your software and set it all up again, so budget for plenty of time and double check you've backed up your settings, bookmarks, documents and personal stuff first.

It's not an essential step - it's nearly always possible to clean a computer without doing this - but it /is/ an option and I know several professionals whose standard response is to wipe the drive and reinstall the OS from an image. Those machines tend to have documents stored centrally though :)
 
What are you looking for?
Click to expand...

Your Virus, your PC is definitely infected, i am just trying to work out how bad.

Question, why have you got so many programmes running, what is the PC used for?

Also is this a 64Bit machine, and how much RAM do you have?
 
I just posted a fairly detailed reply - and "communication problems" dumped it. SO I've HAD IT with computers for a while................

SHort version - nothing reported having run Combofix, thanks Adrian, but it does seem to be quieter now.

Question, why have you got so many programmes running, what is the PC used for?

Also is this a 64Bit machine, and how much RAM do you have?
Click to expand...
What programs?? :?
I run half a dozen apps open together sometimes - normal isn't it?
32 bit I'm sure, as it's 2005 or so, Pentium 4 2.66 GHz. 3 gig ram
 
What's in your hosts file?

It's often targetted but overlooked in the fight to clean the machine.
Had one this week where the file itself had 'disappeared'.

You might want to shut down one of the anti virus progs and repeat a scan with the enabled one. Two packages running together can cause allsorts of silly problems - just like you've been experiencing.
 
You must log in or register to reply here.
Back
Top