Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Killed <> Compututer: SLOW AS _ HELP!


  • Please log in to reply

#1
'puter gunna die

'puter gunna die

    Member

  • Member
  • PipPip
  • 49 posts
As I am typing this, it takes 5 seconds for the text to appear as I go. Literally 30 to 40 seconds for the Start Menu to pop up after invocation. I got a virus earlier today and managed to remove it with Malware Bytes' Anti Malware; which I will refer to as Mbam in this post. I ran it three times; once as a quick scan, revealing 3 threats. I then booted in safe mode with networking and ran a complete scan including C:\ and a thumb drive which was attached, revealing a few more threats, all of which were were on C:\. Then I included F:\, which is an auxiliary internal EIDE HDD for file storage. Mbam found more threats in F:\, and more new threats in C:\. It was completely eliminated after this; no more google redirects. I'll go ahead and show you the last log after the virus was removed.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8299

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

12/3/2011 6:59:14 PM
mbam-log-2011-12-03 (18-59-00).txt

Scan type: Full scan (C:\|F:\|H:\|)
Objects scanned: 428247
Time elapsed: 1 hour(s), 15 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\O24o3oV.com (Trojan.Email) -> No action taken.
c:\WINDOWS\temp\0.12653079340162598gtye.exe (Trojan.FakeMS) -> No action taken.
c:\WINDOWS\temp\ikafog\setup.exe (Trojan.Email) -> No action taken.
f:\nero\nero 8 ultra edition 8.2.8.0+keymaker\keymaker.exe (RiskWare.Tool.HCK) -> No action taken.
f:\networking apps\actualspy.exe (Application.ActualSpy) -> No action taken.
f:\Programs\Cain\Abel.exe (HackTool.Cain) -> No action taken.
f:\Programs\Cain\Abel64.exe (HackTool.Cain) -> No action taken.
f:\Programs\Cain\Cain.exe (PUP.Passwordtool.Cain) -> No action taken.

This was generated before I took action against these files. I left Cain and Actual Spy because these were part of a security course I took. The virus is gone but whatever it did to this computer is still among us. Anyway, hope we can resolve this.
  • 0

Advertisements


#2
'puter gunna die

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Alright, the virus is active again. Redirects me here: http://www.scanerror...202kw=window xp ; PCcleaner Pro.

It also redirects to "Stopzilla".
  • 0

#3
'puter gunna die

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I followed this : http://www.geekstogo...ogle-redirects/

The program located a rootkit and removed it. I will monitor it for further activity.
  • 0

#4
'puter gunna die

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Did a follow-up and got this:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8299

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/4/2011 4:36:33 AM
mbam-log-2011-12-04 (04-36-33).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 260154
Time elapsed: 1 hour(s), 22 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\temp\0.11677635010501664.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\0.16441685388996707.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP