[rachitsaran1987]

Hi there,
I am rather frustrated ...
I have been using my computer without any spyware/AV for the last 1 year now ...
Never been affected yet ...
But now, I have been facing this rather strange problem.

At first, it was the typical "Task manager has been disabled by your administrator: problem, which I solved by using some script that came up on googling my problem. But still, when I try to open the task manager, it opens very very slowly and is there for viewing for about 2-3 seconds after which it gets closed. Same is the problem with regedit too. Also, my system is running very slow. In the brief time that task manager would let me look at it, I saw atleast 7-8 notepad.exe processes running.

PLEASE HELP ME OUT. I do not want to lose my data (as most of it is in C: itself).

P.S. - I am not able to download Hijackthis from any site. Can this be the malware/TH/Virus acting up? Please do not redirect me to some other page for the solution as, believe me, I have gone through at least 10 sites where they had "similar" problems.

[Advertisements]

Hello rachitsaran1987 and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:


• Please follow all instructions in the order posted
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If you don't understand something, please don't hesitate to ask for clarification before proceeding
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

I have been using my computer without any spyware/AV for the last 1 year now ...
Never been affected yet

You have no way of knowing that. Just because you have no obvious symptoms does not mean you are not infected.

Having no AV or firewall these days is computer suicide. There is some really bad stuff out there and the “do-it-for-kicks” brigade of malware writers are gradually being replaced by the “do it-for-money” criminals. Serious stuff.

Meanwhile, let’s try and find out what we’re dealing with here and discuss the protection issues when we know your machine is clean.

===================================================

Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.
• Post the contents of the DDS.txt and Attach.txt reports in your next reply

Download the GMER Rootkit Scanner


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done, click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Logs to include with next post:

DDS.txt
Attach.txt
Gmer.txt

Thanks

Satchfan

[Satchfan]

Hello rachitsaran1987 and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:


• Please follow all instructions in the order posted
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If you don't understand something, please don't hesitate to ask for clarification before proceeding
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

I have been using my computer without any spyware/AV for the last 1 year now ...
Never been affected yet

You have no way of knowing that. Just because you have no obvious symptoms does not mean you are not infected.

Having no AV or firewall these days is computer suicide. There is some really bad stuff out there and the “do-it-for-kicks” brigade of malware writers are gradually being replaced by the “do it-for-money” criminals. Serious stuff.

Meanwhile, let’s try and find out what we’re dealing with here and discuss the protection issues when we know your machine is clean.

===================================================

Run DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.
• Post the contents of the DDS.txt and Attach.txt reports in your next reply

Download the GMER Rootkit Scanner


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done, click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Logs to include with next post:

DDS.txt
Attach.txt
Gmer.txt

Thanks

Satchfan

[rachitsaran1987]

Hi,

I ran those scans and the logs are attached below.
However, I cannot open Task Manager or Regedit.
Also, I have one spyware installed, namely Spyware Blaster.
I have 32 bit WinXP installed. Version 2002, SP2.

I remember I had plugged in a flash drive in which I saw the "New Folder.exe" virus. The problem started about 10 minutes after plugging in the flash drive. Can this be related?

Attached Files

•  DDS.txt   12.23KB   190 downloads
•  Attach.txt   5.07KB   169 downloads
•  gmer.txt   24.22KB   180 downloads

[Satchfan]

rachitsaran1987

Download and run ComboFix

Download Combofix from either of the links below. You must rename it to mytool before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  
• Tools->Options->Main tab
• Set to "Always ask me where to Save the files".

Link 1
Link 2

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.
• Double click on the renamed ComboFix.exe & follow the prompts.

When finished, it will produce a report for you. Please post the C:\ComboFix.txt in your next reply.

Satchfan

[rachitsaran1987]

Hi,

I did the combofix scan and the log is attached below.
I can't still open Task Manager or Regedit.
Also, I must add that this started when I plugged in a flash drive which had the "New Folder.exe" Virus.

Attached Files

•  ComboFix.txt   19.2KB   242 downloads

[Satchfan]

Rachitsaran1987

Looks like your being helped here.

It it not wise to ask for help at more than one forum. If you want to proceed here than you need to contact the other forum and let them know you are being helped here.

Ask MajorGeeks to close the thread unless you want to continue at that forum, in which case please let me know so that I can close this one.

Satchfan

[Satchfan]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.