Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Malware Problem! System Recovery Infested! [Solved]


  • This topic is locked This topic is locked

#1
ztop

ztop

    Member

  • Member
  • PipPip
  • 11 posts
I'm a novice at this computer repair stuff. I've done a lot of foot work. So, here's my best explanation.

First, I was having problems with turning my computer off. When I hit shut down, it would just hang on the shutting down window. I either had to shut it down manually or just go to bed. In the morning, I would be at the password screen. This has happened off and on for the past two weeks. I tried a disk cleaner and system restore. The system restore seemed to help for a day or two.

I ran spybot and found some things that I removed. Sorry to say, at this point I wasn't very worried so I didn't take note of what they were. My problem remained.

As I was working on this problem, I tried to disconnect from the internet via my internet icon at the bottom right corner of my computer screen. It wouldn't disconnect. It said I was disconnected but I had internet access. Over the past few days trying to fix this.
It got to the point that it wouldn't even offer me the option to disconnect.

Now, I thought something was wrong and started to think maybe someone was trying to compromise my machine. DAA

I read a lot of material on malware and finally found your site.

I've run a virus scan on Avast-- nothing
I've run spybot as I mentioned. Nothing critical
I ran spyware terminator. Found some minor stuff like cookies. Nothing major.
I ran Trend Micro. Nothing
I ran Malwarebytes. Nothing
I've run your root program and your old timer program but that's greek to me.

So, to make this easy for me. I did a system recovery. The first time I didn't disconnect my internet.
I'm assuming now that this wasn't a good thing? The recovery took what I thought was a long time.

After recovery, I still had problems disconnecting from the internet. I'm on a wireless internet
network and thought recovering my system would create downtime for the other users.
My computer now shuts down okay but the internet problem still exists.

Well, I also experienced some problems with installing Avast. After the rebooting processed it turned my computer off and turned my on\off button yellow. I restarted again and it rebooted. It worked fine for a little while but I started adding Zone Alarm firewall, and other protective measures I read about. Then I experienced problems with
Firefox. It wouldn't respond! It froze my whole computer up. So, I shut the system down and did the recovery again. Still with the internet connected.

Boy, that took almost 2 or 3 hours. The computer worked fine.
Then, I tried running a-squared spyware program.
It showed a weatherbub.a2 problem.

Since then, I did one more system recovery (without the internet connected) and it loaded in record time. It was fast!

Now, I loaded everything. Did everything you asked and am now writing you.

Where do I go from here?

Just for your information.
I run Vista with avast virusware, ZoneAlarm firewall, and I loaded A-squared on for spyware scans.
I also have loaded and ran all your programs.

I'm very anixious to know the problem and see if it can be removed.
  • 0

Advertisements


#2
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Just as an additional observation while I'm waiting.
I'm using my computer (of course) while I'm waiting.
Today, I don't even have an internet icon. It disappeared on me.
I still have internet though.
This seems to be the only issue I have now.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay, lets have a fresh look at your system. When this programme runs temporarilly disable Avast by by right clicking the @ and selecting Stop on Access Protection, click yes. Once the programme has completed then turn it back on

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly


To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All Users
  • Check the Radio button for Rootkit check YES
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#4
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for your help. I just want to make sure that I follow your instructions properly.
Your first paragraph was a little unclear to me.

Hi there sorry for the delay, lets have a fresh look at your system. When this programme ( Which program?) runs temporarilly disable Avast by by right clicking the @ and selecting Stop on Access Protection, click yes. Once the programme (which program?) has completed (Has completed running the Avast protection ?)then turn it back on (turn Avast back on?)

My questions are in parentheses after the remark that I had questions about. I think you're talking about OTL2 but I want to make sure.
  • 0

#5
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

this is the mediafire link for my OTL2 scan.
Here's what I did. Please tell me this is correct.

I download OTL2.
Turned off my firewall and Avast.
Ran the scan and then turned my firewall and Avast back on.
I hope this is what you were telling me.



http://www.mediafire...04e75f6e8ebb871

Curious to know what is happening and what I can do to get it off.
Thanks again for you hep.
Rick
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was correct ref OTScanit as Avast throws a hissy fit when GMER (the rootkit portion) runs, it will not be required for the fix to run

I can only find one malware file so it looks as though you cleared most of it. Reference the icon you may need to run a repair for that

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY -> ptoxekrc.dll -> %UserProfile%\AppData\Local\Temp\ptoxekrc.dll
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanit log.

I will review the information when it comes back in.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#7
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'm not sure that this worked.

I loaded both files to Mediafire. It wouldn't upload.

When I did the repair, it asked to reboot. It surprised me.
so I tried to read the instruction before I rebooted it.
The reboot message went away so I restarted it.

After the reboot, nothing happened so I restarted OTscanit2 and the log popped
up.

It re-scan using the same parameters given before.

http://www.mediafire...04e75f6e8ebb871

http://www.mediafire...04e75f6e8ebb871
  • 0

#8
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I also ran the malware program.

here are the results.

Malwarebytes' Anti-Malware 1.35
Database version: 1931
Windows 6.0.6001 Service Pack 1

4/5/2009 9:55:33 AM
mbam-log-2009-04-05 (09-55-33).txt

Scan type: Quick Scan
Objects scanned: 56566
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

this has never shown any problems.

I still don't have my internet icon showing therefore
can't disconnect from the internet.

Can you tell me what malware was on my computer?/
And what that usually does?
Was it anything serious?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your log shows clean now, so I will do a little research on the icon problem. Could you go Start > Connect to and let me know whether or not you can disconnect from that location

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
You asked if I can disconnect from the "connect to" tab under start.
The funny thing is that I am disconnected according to my system and it says that I can not connect
to my wireless network.

fortunately, I am connected but obiviously my system thinks that I'm not.

So, neither the taskbar internet icon nor any other place allows me to connect or disconnect.

Thanks for the help again.
Rick

Edited by ztop, 05 April 2009 - 11:28 AM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is this a built in network on a laptop or is it a ethernet/USB wireless connection on a desktop ?

If a laptop what is the make and model ?
  • 0

#12
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
this is a desktop D-link dir-615
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you now go to control panel > System > Device manager and open (by pressing the + sign) alongside Network adapters and let me know if there are any yellow exclamation marks there
  • 0

#14
ztop

ztop

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No there are no yellow signs or anything out of the ordinary.
Both say that the devices are working properly.

There are two devices listed under network adapters
Realtek nic and Usb wireless (which is what I'm using)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can find no solution for this I am afraid - but if you post in the networking forum one of the experts there should be able to help
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP