Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

noob need help on detecting and killing what virus/malware infect me [


  • This topic is locked This topic is locked

#1
Tazeris

Tazeris

    Member

  • Member
  • PipPip
  • 16 posts
Hi, I m noob in this forum and this is my first time asking something here :yes:

ok now for the main problem:
-my computer has been somewhat running quite slow (on browsing, flash game, games, opening movie files, etc) :)
-my browsers give me different result (especially when on searching engine) than the one I want, they simply redirect me to some ads or webs ;)
-I suspect something on my system has downloaded something without my permission since my net running slow but I don't know if it is malware/virus/anything :)

:) ;) :)

I admit that I don't use any anti virus, why?
Because I think most of them just reducing my computer speed, bugging me by giving notification (which I unable to turn off) or even self auto updating once every few days, they deleted important files wrongly accused them for virus, and plus last time some strange virus infected my anti virus and every time my anti virus running the virus also spread I can only remove them by reinstalling my windows because I can't install any anti virus since it will be deleted (they even deleted the task manager) :) , what a pain... at last thats it I m fed up! and I don't wanna use it anymore ;)

So please o great computer experts.. :unsure:
Help this humble computer noob to get rid of those viruses/malware/anything since I believe in you more than I believe in antiviruses xDDD
:( :) :)

Edited by Tazeris, 03 July 2011 - 07:27 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reference antivirus, you do need one - I can recommend a few lightweight and free programmes for you

1. Avast
2. Avira
3. Microsoft Security Essentials

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi! Thanks for your answer.

I already done what you said, I put the result below. But before that please let me add 2 things:

1. Those problems I posted earlier wasn't new problem, I already had those for more than 8 months (if I m not wrong), I said this because I saw "check 30 day" on OTL (but I don't change it).

2. My OS scan said that it is windows XP SP 3, but it is not true. I altered my OS via registry because some programs only run on XP SP 3 (min req). The real edition is XP SP 2.

this is the result:

http://hotfile.com/d...result.rar.html

the code will be given via mail if you don't mind :)

Edited by Tazeris, 03 July 2011 - 07:27 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the long time frame does present some difficulties, but lets see what I can do

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe (Smadsoft)
    O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
    NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (videosoft)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
umm sorry.. but, what is "long time frame" :)
  • 0

#6
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
okay I already done what you said this is the result

http://hotfile.com/d...c9/new.rar.html

the code also given on your mail

About describing how my computer is running currently, I can't be sure right now but I don't feel any change by now.
Let me test it for a day or two and post the result next day.

:)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The rar file is empty I am afraid

I already had those for more than 8 months

Long time frame :)
  • 0

#8
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
huh empty? :)
how come? I just tried download it few minutes ago and un zip it successfully, nothing lost :unsure:

anyway here is new link just in case.. http://hotfile.com/d...59/new.rar.html

the code is the same
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Something wrong with the password, could you just attach them ?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

19:27:55.0125 2620 Detected object count: 3
2011/07/05 19:27:55.0125 2620 Actual detected object count: 3
2011/07/05 19:29:13.0906 2620 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/05 19:29:13.0953 2620 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/07/05 19:29:13.0953 2620 \Device\Harddisk0\DR0 - ok
2011/07/05 19:29:13.0953 2620 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/05 19:29:13.0984 2620 \Device\Harddisk1\DR1 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/07/05 19:29:13.0984 2620 \Device\Harddisk1\DR1 - ok
2011/07/05 19:29:13.0984 2620 Backdoor.Win32.Sinowal.knf(\Device\Harddisk1\DR1) - User select action: Cure
2011/07/05 19:29:40.0375 1108 Deinitialize success

The advantages of not having an antivirus, 3 MBR infections. Again I really must stress how important an antivirus is nowadays

On completion of this can you let me know what problems remain

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

Advertisements


#11
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I finished testing here is the result:

- after running for few hours computer still slowing down
- the redirecting web search is no more
- sometimes movie players and music players such as winamp and WMP crashed or freezes, symptom: when double clicking next file on my music folder or dragging to replay or fasten the program it freeze/crash
- abnormal CPU usage sometimes very high for no reason but low most of the times
- the web still slow, recognizable easily when scrolling down or up the page
- flash player still slow (newest update already) especially on the web
- program crash sometimes especially heavy programs like games with high graphics
- blue screen occurrence not encountered yet after second step (before that occasionally experiencing blue screens)
- still can't connect the internet after enter windows must wait for 3-5 minutes before connecting (I use modem and manual connect which requires network ID and PASS instead of auto connect to the internet), usually I must wait for the WSC (windows security center) to come online first after that I can connect to my internet, but few months ago my system won't immediately launch the WSC (before that it need only few seconds to get it online) and I must wait for long time
- after I finished second step there is an IE (internet explorer) icon on my desktop and already set as default browser (before that I already delete that blasted IE and set fi****x as my default browser)
- after the second step I recognize that my system can read the hidden files, RECYCLE, and SVI again.


Okay sir :unsure: I ll try to get the malware and antivirus ASAP
Actually I already told you the reasons why I don't use them haven't I?
If I may ask please? :)
What will you do if you are in my position. I mean you encounter those problems I posted on the first post, the reasons why I don't use those programs anymore.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Antivirus programmes do not use much in the way of memory or CPU cycles

Below are two screenshots of my taskmanager showing all services and programmes running

The first is an overview and the second my antivirus programmes running. This is a suite including firewall

[attachment=51193:man.GIF]

[attachment=51194:man1.GIF]

We will now try a little TLC and see what that results in

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image
  • 0

#13
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have few questions:
- Download and run Puran Disc Defragmenter < is this a necessary item, since I already have "tune up utilities 1 click maintenence" installed? :)
- Antivirus programmes do not use much in the way of memory or CPU cycles < I really understand and share the opinion that computer nowdays can't survive without anti viruses but I really said the truth at least in my case, that even after I installed the "malwarebytes anti malware" you told me, the computer slow down a bit especially when processing/loading windows after booting (I can't show the task manager since it can't be opened when first loading windows) :yes:
- I finished malwarebyte anti malware process, found 1 trojan, and already produced the log yesterday. Then today I finished TFC by OldTimer process and right after finished rebooting, the malwarebyte anti malware suddenly pop and detected 1 more trojan. I don't delete both trojan after moved to quarantine and click RESTORE. Is this action correct? Should I produce new log again? (I haven't send the log yet, waiting you to answer this first) :unsure:

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL log please and also post the malwarebytes log
  • 0

#15
Tazeris

Tazeris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Done! I sent the results already. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP