Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

One million tries later, hopefully this posts


  • This topic is locked This topic is locked

#46
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi,
I wasn't able to copy the file paths, it doesn't appear they are complete in the virus chest, but as I stated I did scribble them down, so I will supply what I have
In regards to the ram, I haven't looked into putting any $$ into this machine up to this point not knowing if it would be tossed, I had been on the fence on whether this pc would be replaced soon as it is almost 10 yrs old.

here are the file paths that I did jot

C:\Documents and Settings\Allusers\Application Data\Alwil Software\Avast\Report\AswBoot.txt
infected by
[email protected] Avast\\Arpot|7feff-578-0.dat


C:\Documents asettings\Network Service\Local
Temp\I.E5\K83k63Tu-counter2pdf
infescted by
JS:Pdfka-gen


C:\hiberfil.sys

infected by
win32:Bredolab-Ap [trj]---------I couldn't repair or move ot delete or anything to this- "share access flags incompatible" was the reason

windows\temp\n.exn
infected by
win32rootkit-gen

thats what I have written down, I will go and reconcile with the chest to make sure I didn't miss anything.\
I did another boot scan and came up clean, and did an update on virus def. & quick scan also clean.
the system still is moving a bit slow, but I still fell its more so due to needing to be cleaned up, and possibly defragged.
I did alot of cleaning and defragging prior to all this trouble, and as far as ccleaner., I never ventured into the reg clean area, I mainly cleaned temp files internet history, etc,

let me know what you think.. :)
  • 0

Advertisements


#47
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Sorry I didn't get back to you earlier yesterday. I've been having trouble getting updates about new posts, but hopefully I've fixed that issue.

If you would, please do this bit from post #40, so I can get a better idea about "worth" in putting money into RAM.

Do you know what processor your machine has installed? You can easily find out by right-clicking your My Computer icon (whether it be on the desktop or under your start button), and choosing "Properties". The resulting window has several tabs. Stay on the default General tab, and wait a moment for it to fill out. It gives you manufacturer (usually), processor (CPU) and RAM information that can be useful. The part in the "Computer:" section is of value to us at the moment.

The next few items are standard maintenance, but could help depending on how long it has been since last done:

  • Running the disk cleanup utility built into Windows isn't a bad idea. Click Start, choose All Programs, then Accessories, then System Tools, and find Disk Cleanup therein. It's easy to run; the only thing I wouldn't recommend checking the box for in the list it provides would be Office Installation Files. It makes life a bit more difficult to to Office updates if those files aren't there, granted you even have them.
  • Defragment your computer (I see you have Puran installed). I like doing a disk cleanup before a defrag so there is more free space to work with, plus fewer files to actually defragment, making the process more efficient.


When that's all done, let me know if it's made the machine's performance more tolerable or not, and what your processor information is.
  • 0

#48
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi, Looks like an intel pentium 4 ,1.8ghz
512 mb ram, I will run disk cleanup and defrag, but was curious whats your take on all those infected files????
  • 0

#49
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
I'm sorry about taking a while to get back to you here. I'm not getting notifications (which I've just fixed), plus being busy at work, it's slowing me down a bit.

My take on the files: hiberfil.sys we've dealt with by turning off hibernation, but I'm going to get you to do a scan in a bit to verify. The other files have been dealt with by Avast, which is what we wanted to do in the first place, so I wouldn't worry about them over much.

As far as the machine is concerned, it's not as bad as I feared, but it's still pretty old. I'm on the fence when it comes to recommending spending money on RAM. It's likely DDR, which is higher priced than DDR2 or DDR3 (new machines will have DDR3), which makes it even worse. I suppose what matters is whether you look at replacement cost, or replacement value, as I use the terms.

To me, replacement cost is what it would cost you to buy a new machine to replace that one.

Replacement value then, to me, is the cost it would take to update that one to a usable level versus the price of a replacement machine.

Your machine is probably right on the cusp.

I will say however that with current antivirus, and running current software, your machine is probably a bit weak to be of much use, at least from my (impatient!) perspective.

Did you do another boot time scan with Avast to make sure it came back clean? If not, please do so. I'd like to make sure that hibernation file among other things has been dealt with properly, and then we can go about a little bit of utility clean-up.
  • 0

#50
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I appreciate your efforts no matter how long it takes you, :)
As far as performance at this point, its slower than before, but tolerable ( I mostly use my laptop) I am not so much in a hurry to replace it but really need to be certain its safe to use and that nothing on it is vulnerable to the previous bugs, heres the thing,
my kids use this desktop, and are likely somehow responsible for whatever invaded this pc so... they have been using MY laptop whilst this pc has been being "taken care of", I want them OFF my laptop and back on this. I personally would get another machine before I drop a significant amount of money on this one , so .... "if" it comes down to replacement vs rebuilding, I will replace. I have alot of files i'd like to get off of this pc, but am afraid of taking any bad stuff with them, so I have dragged my feet. as far as the bug in hiberfil.sys, does this mean that still exists in that file, but because its disabled it can't harm my pc??
thanks so much for your help
  • 0

#51
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
We didn't disable hiberfil.sys, we disabled hibernation, which removes hiberfil.sys. That's why I was interested in that second Avast boot-time scan to make sure it was indeed not reporting infection any longer (due to being gone).

I have notifications working swimmingly again - they were being filed as spam by my mail server :)

Once you've thoroughly scanned the machine and no further infection comes up, I think you're ok with backing up data (pictures, Office documents, etc.).

I don't see further infection in your last logs, but I'm still chatting with my expert reviewer.
  • 0

#52
phedup

phedup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hope you enjoyed the weekend, I did the scans all avast found were alot of corrupt files again, no viruses, but.... now I am crashing alot and getting the blues screen
IRQ_NOT_LESS_OR_EQUAL mumbo jumbo, any clue as to what causes that ??
  • 0

#53
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
Yes, I have ideas that would cause issues like that. Let me run something past my reviewer and get back to you.

I need more long weekends. :)
  • 0

#54
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
The blue screens you're getting can be caused by a number of things, including the issues we'll test for in these next steps. There is more we can do after this, if you're still willing, but this is a good start.

  • First a physical examination. Take the side off of the computer (on yours, should be the left side as you're facing the front of the machine) and peer inside, but don't touch anything. Look at the capacitors, which look like little cans on the large board (motherboard) inside. They should be perfectly flat across the top, perhaps with a small X shaped pattern on the top. Any bulging or leaking of a normally tan-colored material is very undesirable.

    This is an example of blown capacitors - the one that's unwrapping is an extreme situation. Normally I see ones swollen like the two to the right of the unwrapping one. They're still quite bad.

    The ones in the green box look good. The ones in the red box look bad.

    vp6_blown_capacitor.jpg

    Also look for heat sinks that might be clogged with dust. Clean that with canned air, and take care not to over-spin the fans. If the fan you're directing air at whines, it's going too fast.

    When you're done with the physical examination, post back with your findings.
  • Next, a RAM test.

    Are you familiar with burning .iso images to CDs? If so, please go to Memtest86.com and download the ISO image for creating bootable CD (Windows - Zip) from the Free Download section, and burn it to a CD.

    If you are not familiar with burning .iso images to CDs, proceed with downloading that zipfile, extract the .iso image from it (double-click to open the .zip file, then copy the .iso to your desktop), then double-click on the .iso file. You have Roxio installed, which should let you click burn after it opens, and allow you to create the CD.

    Next, leaving the CD in the drive, boot with it, and let the tester complete at least 6 passes to see if your RAM is working properly. If the machine boots straight back into Windows, then we'll need to adjust your system's boot options to allow booting from CD before the hard drive. Let me know if this is what you need.
  • Lastly, a hard drive test.

    Download Data Lifeguard Diagnostic for Windows. Extract the files from the .zip file into a folder on your desktop. Double click the WinDlg.exe file (you don't have to run the setup file), and follow the instructions below:

    Accept the license agreement, press Next.

    The software will detect your drives, and present you with the main screen:

    DlDiagMainScreen.jpg

    Highlight your WD400BB drive (should be the only one in the list), and right-click on it. Choose "Run Diagnostics". Run a Quick Test, then run an Extended Test when the Quick Test is done.

    If both tests pass, we're done with hard drive testing. If either one fails, please let me know right away.

Please post back with the results of your physical examination, the RAM test, and the hard drive tests.
  • 0

#55
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,711 posts
If I don't hear from you today, I'll see you in a week - I'll be coming back on Monday the 13th, though I'm not sure I'll be awake until the 14th .. going on vacation, and won't be around a computer enough to be able to give you the attention you deserve.

Essexboy, my expert reviewer, is available should you post with feedback from those scans or with any questions you might have. He's quite personable, and will be able to take good care of you. :)
  • 0

Advertisements


#56
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP