Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SNAP Do Malware Slowed my computer [Solved]


  • This topic is locked This topic is locked

#76
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
HD Tune: SAMSUNG HM160JI Benchmark

Transfer Rate Minimum : 0.3 MB/sec
Transfer Rate Maximum : 1.6 MB/sec
Transfer Rate Average : 1.1 MB/sec
Access Time : 25.2 ms
Burst Rate : 1.1 MB/sec
CPU Usage : 44.0%


HD Tune: SAMSUNG HM160JI Error Scan

Scanned data : 152566 MB
Damaged Blocks : 0.0 %
Elapsed Time : 2:34
  • 0

Advertisements


#77
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
one common problem is with the site yahoo.
  • 0

#78
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Still the same problem with Yahoo after resetting the router and a new password?
  • 0

#79
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Well the router is VIZIO HD with set in SSID and Password. Do I have to reset the router?
  • 0

#80
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Unfortunately, the results from HD Tune are not encouraging at all. It looks as though that drive is close to failing, and we've reached about the limit of what we can do if it was malware related. I'd recommend getting your important files off that drive and then replacing that drive in the machine.

Also, you may consider replacing the drive and putting a new operating system on the replacement as well. Microsoft is ending support for Windows XP on April 8th.

You can read about that here: http://blogs.technet...windows-xp.aspx

Also, if you'd like a second opinion about the drive, you can head over to the Hardware, Components and Peripherals forum and have the IT guys check the drive.

That forum can be found here: http://www.geekstogo...nd-peripherals/

I'm going to remove my tools, as I don't want to be a messy workman and leave them all over. :)


Please follow the instructions below for tool removal.


Step 1: Tool Removal with DelFix

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    Posted Image
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


Step 2: Manual Tool Removal


You can uninstall the following programs from your machine:

  • ESET Online Scanner
  • Windows All In One Repair - Note: Located under Tweaking.com in the Uninstall Programs List


Please delete the following programs from your desktop:

  • Junkware Removal Tool
  • HD Tune
  • Norman Malware Cleaner
  • System Look
  • MiniToolBox

Please note: DelFix may remove some of these as well, so if you don't see some of them after running it, no worries. :)

Please post the DelFix log so that I can make sure I leave nothing behing. :thumbsup:
  • 0

#81
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I had a feeling it may be the hdd. It's a seven year old computer. I will get everything done. I do have couple of questions, and I will let you know about them. I have an exam coming up, so I will catch u in a bit with the questions.
  • 0

#82
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
oh one more thing, is the problem with the drive due to age or the malware?
  • 0

#83
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I had a feeling it may be the hdd. It's a seven year old computer. I will get everything done. I do have couple of questions, and I will let you know about them. I have an exam coming up, so I will catch u in a bit with the questions.


No worries, I'll be here. :thumbsup:

oh one more thing, is the problem with the drive due to age or the malware?


More than likely, a combination of both. The age of it as well as the malware that was on it. That rootkit had been on there since 2012, so more than likely that it did significant damage.
  • 0

#84
baltimoredude1

baltimoredude1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Here is the Del Fix log.

I got couple of questions, if the root kit was there since 2012, why the computer ran fine, till I got infected with Snap Do?

My second question is I have another computer with Windows 7, 3rd gen i7 processor. What kind of anti virus and malware/root kit prevention kit that you recommend. An open source or a free one. I am now skeptical of Microsoft's ability.

My final question is, I see you are student. I also want to learn how to fix Malware and rootkit related problem. How do I do that in Geek University? What's the procedure? How long usually does the course take? Can I do it at my own pace? I am going to school also, so I cannot put a lot of time, but will try to put some decent amount of time.
# DelFix v10.6 - Logfile created 23/02/2014 at 13:29:34
# Updated 11/11/2013 by Xplode
# Username : A M Rahman - AMRLAPTOP
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\A M Rahman\DoctorWeb
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.7.20.0_14.03.2012_14.43.19_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_17.02.2014_23.11.44_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_17.02.2014_23.12.59_log.txt
Deleted : C:\TDSSKiller.3.0.0.19_19.12.2013_04.54.35_log.txt
Deleted : C:\TDSSKiller.3.0.0.19_22.12.2013_06.02.20_log.txt
Deleted : C:\TDSSKiller.3.0.0.23_17.02.2014_23.15.30_log.txt
Deleted : C:\TDSSKiller.3.0.0.23_17.02.2014_23.30.12_log.txt
Deleted : C:\TDSSKiller.3.0.0.23_17.02.2014_23.54.57_log.txt
Deleted : C:\TDSSKiller.3.0.0.23_18.02.2014_12.34.21_log.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\adwcleaner.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\aswmbr.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\aswMBR021714.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\combofixlog.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\combofixlog22014.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\FRST.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\FSS.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\FSS.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\JRT.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\MBR.dat
Deleted : C:\Documents and Settings\A M Rahman\Desktop\MiniToolBox.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\OTL.Txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\OTL.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\Result.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\SecurityCheck(1).exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\SystemLook.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\SystemLook.txt
Deleted : C:\Documents and Settings\A M Rahman\Desktop\tdsskiller(1).exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\TDSSKiller.exe
Deleted : C:\Documents and Settings\A M Rahman\Desktop\tdsskiller.zip
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKCU\Software\IDAVLab
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\IDAVLab
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #394 [Software Distribution Service 3.0 | 12/20/2013 19:33:15]
Deleted : RP #395 [Removed MotoCast | 12/21/2013 09:53:47]
Deleted : RP #396 [Removed Motorola Device Manager | 12/21/2013 09:58:09]
Deleted : RP #397 [Removed Ask Toolbar. | 12/21/2013 10:01:49]
Deleted : RP #398 [Software Distribution Service 3.0 | 12/21/2013 16:44:18]
Deleted : RP #399 [Software Distribution Service 3.0 | 12/22/2013 04:35:10]
Deleted : RP #400 [Removed QuickTest Add-in for Quality Center. | 12/22/2013 10:33:47]
Deleted : RP #401 [Removed QuickTest Professional. | 12/22/2013 10:43:58]
Deleted : RP #402 [Software Distribution Service 3.0 | 12/23/2013 19:54:17]
Deleted : RP #403 [Software Distribution Service 3.0 | 12/24/2013 17:00:48]
Deleted : RP #404 [Software Distribution Service 3.0 | 12/25/2013 17:06:18]
Deleted : RP #405 [Software Distribution Service 3.0 | 12/26/2013 17:01:21]
Deleted : RP #406 [Software Distribution Service 3.0 | 12/27/2013 22:07:53]
Deleted : RP #407 [Software Distribution Service 3.0 | 12/28/2013 17:06:58]
Deleted : RP #408 [Software Distribution Service 3.0 | 12/29/2013 22:22:24]
Deleted : RP #409 [Software Distribution Service 3.0 | 12/30/2013 17:26:50]
Deleted : RP #410 [Software Distribution Service 3.0 | 12/31/2013 17:09:45]
Deleted : RP #411 [Software Distribution Service 3.0 | 01/01/2014 19:22:59]
Deleted : RP #412 [Software Distribution Service 3.0 | 01/02/2014 22:20:52]
Deleted : RP #413 [System Checkpoint | 01/04/2014 02:07:48]
Deleted : RP #414 [Software Distribution Service 3.0 | 01/04/2014 14:17:39]
Deleted : RP #415 [Software Distribution Service 3.0 | 01/05/2014 14:52:22]
Deleted : RP #416 [Software Distribution Service 3.0 | 01/06/2014 19:59:08]
Deleted : RP #417 [Software Distribution Service 3.0 | 01/07/2014 17:18:35]
Deleted : RP #418 [Software Distribution Service 3.0 | 01/08/2014 16:37:40]
Deleted : RP #419 [Software Distribution Service 3.0 | 01/08/2014 17:10:55]
Deleted : RP #420 [Software Distribution Service 3.0 | 01/09/2014 16:39:25]
Deleted : RP #421 [Software Distribution Service 3.0 | 01/10/2014 19:11:09]
Deleted : RP #422 [Software Distribution Service 3.0 | 01/11/2014 21:10:33]
Deleted : RP #423 [Software Distribution Service 3.0 | 01/13/2014 00:08:51]
Deleted : RP #424 [Software Distribution Service 3.0 | 01/13/2014 17:51:39]
Deleted : RP #425 [Software Distribution Service 3.0 | 01/14/2014 02:13:28]
Deleted : RP #426 [Software Distribution Service 3.0 | 01/14/2014 17:58:04]
Deleted : RP #427 [Software Distribution Service 3.0 | 01/15/2014 17:40:19]
Deleted : RP #428 [Software Distribution Service 3.0 | 01/16/2014 16:57:38]
Deleted : RP #429 [Software Distribution Service 3.0 | 01/16/2014 18:10:23]
Deleted : RP #430 [Software Distribution Service 3.0 | 01/16/2014 20:39:49]
Deleted : RP #431 [Software Distribution Service 3.0 | 01/16/2014 20:59:22]
Deleted : RP #432 [Software Distribution Service 3.0 | 01/16/2014 21:47:37]
Deleted : RP #433 [Software Distribution Service 3.0 | 01/17/2014 16:54:49]
Deleted : RP #434 [Software Distribution Service 3.0 | 01/18/2014 20:48:08]
Deleted : RP #435 [Software Distribution Service 3.0 | 01/19/2014 21:12:50]
Deleted : RP #436 [Software Distribution Service 3.0 | 01/20/2014 17:56:19]
Deleted : RP #437 [Software Distribution Service 3.0 | 01/21/2014 02:00:19]
Deleted : RP #438 [Software Distribution Service 3.0 | 01/21/2014 18:07:49]
Deleted : RP #439 [Software Distribution Service 3.0 | 01/22/2014 17:54:10]
Deleted : RP #440 [Software Distribution Service 3.0 | 01/23/2014 17:26:36]
Deleted : RP #441 [Software Distribution Service 3.0 | 01/24/2014 17:02:42]
Deleted : RP #442 [Software Distribution Service 3.0 | 01/25/2014 23:59:44]
Deleted : RP #443 [System Checkpoint | 01/27/2014 00:20:24]
Deleted : RP #444 [Software Distribution Service 3.0 | 01/27/2014 15:15:57]
Deleted : RP #445 [Software Distribution Service 3.0 | 01/27/2014 17:19:55]
Deleted : RP #446 [Software Distribution Service 3.0 | 01/28/2014 16:47:49]
Deleted : RP #447 [Software Distribution Service 3.0 | 01/29/2014 17:04:53]
Deleted : RP #448 [Software Distribution Service 3.0 | 01/30/2014 16:52:56]
Deleted : RP #449 [Software Distribution Service 3.0 | 01/31/2014 16:50:23]
Deleted : RP #450 [Software Distribution Service 3.0 | 02/01/2014 22:01:31]
Deleted : RP #451 [System Checkpoint | 02/02/2014 23:20:04]
Deleted : RP #452 [Software Distribution Service 3.0 | 02/03/2014 17:38:38]
Deleted : RP #453 [Software Distribution Service 3.0 | 02/04/2014 16:53:17]
Deleted : RP #454 [Software Distribution Service 3.0 | 02/05/2014 17:00:39]
Deleted : RP #455 [Software Distribution Service 3.0 | 02/06/2014 17:04:28]
Deleted : RP #456 [Software Distribution Service 3.0 | 02/07/2014 16:57:51]
Deleted : RP #457 [Software Distribution Service 3.0 | 02/08/2014 21:46:33]
Deleted : RP #458 [OTL Restore Point - 2/9/2014 12:24:08 AM | 02/09/2014 05:25:22]
Deleted : RP #459 [Software Distribution Service 3.0 | 02/09/2014 16:55:33]
Deleted : RP #460 [Software Distribution Service 3.0 | 02/10/2014 17:17:15]
Deleted : RP #461 [Software Distribution Service 3.0 | 02/12/2014 04:13:32]
Deleted : RP #462 [OTL Restore Point - 2/12/2014 11:39:45 AM | 02/12/2014 16:40:41]
Deleted : RP #463 [Software Distribution Service 3.0 | 02/13/2014 18:42:27]
Deleted : RP #464 [Software Distribution Service 3.0 | 02/14/2014 16:43:05]
Deleted : RP #465 [Software Distribution Service 3.0 | 02/15/2014 20:45:24]
Deleted : RP #466 [Tweaking.com - Windows Repair | 02/16/2014 06:12:06]
Deleted : RP #467 [Software Distribution Service 3.0 | 02/16/2014 21:56:55]
Deleted : RP #468 [Removed Ad-Aware | 02/17/2014 16:36:54]
Deleted : RP #469 [Removed Ant.com IE add-on | 02/17/2014 16:45:06]
Deleted : RP #470 [Removed Avery Wizard 4.0. | 02/17/2014 16:52:41]
Deleted : RP #471 [Software Distribution Service 3.0 | 02/17/2014 17:11:15]
Deleted : RP #472 [Software Distribution Service 3.0 | 02/19/2014 04:21:02]
Deleted : RP #473 [Software Distribution Service 3.0 | 02/19/2014 17:11:03]
Deleted : RP #474 [Software Distribution Service 3.0 | 02/20/2014 17:58:43]
Deleted : RP #475 [Software Distribution Service 3.0 | 02/21/2014 17:14:55]
Deleted : RP #476 [Software Distribution Service 3.0 | 02/23/2014 00:45:41]
Deleted : RP #477 [Software Distribution Service 3.0 | 02/23/2014 16:57:16]

New restore point created !

########## - EOF - ##########
  • 0

#85
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I got couple of questions, if the root kit was there since 2012, why the computer ran fine, till I got infected with Snap Do?


Rootkits are designed to be hidden. That's part of the nefariousness of them, they hide on your machine, using as little resources as possible to conceal their presence while they do their dirty deeds.

The text in the quote box is from a write up about rootkits:

The goal of a malicious rootkit is to provide an attacker or malicious code with a permanent, undetectable presence on a computer. Typically, this involves hiding the presence of resources such as processes, files, registry keys, and open ports that are being used by the malicious entity.


That rootkit would have remained hidden after the SnapDo infection was gone if not for the problems with Chrome. My instructor saw in one of ESET logs that the machine had been infected in 2012 and had me run TDSSKiller. That's why we were able to find it.

My second question is I have another computer with Windows 7, 3rd gen i7 processor. What kind of anti virus and malware/root kit prevention kit that you recommend. An open source or a free one. I am now skeptical of Microsoft's ability.


I personally use a combination of programs for protecting my machine. I use Avast as my antivirus, and I also use Malwarebytes Anti-Malware for an additional layer of protection. I also have a custom Hosts file that will not let my machine go to known malware related sites. I've provided instructions below for you if you'd like to use that program to install a custom hosts file.

I'm also providing you with a program to prevent a new ransomware program called CryptoLocker from getting control of your machine.

Do not, however, use more than one antivirus on your machine. That's a case of more is not better. Multiple anti-virus programs use up system resources, and can give false positives.

Here's a few tips to help protect your while browsing:

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image


Create a custom Hosts File

Host File Reset/Replace:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location EG: C:\
  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writeable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

My final question is, I see you are student. I also want to learn how to fix Malware and rootkit related problem. How do I do that in Geek University? What's the procedure? How long usually does the course take? Can I do it at my own pace? I am going to school also, so I cannot put a lot of time, but will try to put some decent amount of time.


We need all the malware fighters we can get. :) Here's a link to everything you need to know about applying to Geek U. The course is designed for you work at your own pace, so I can't really tell you how long it takes. It varies from student to student. Check out the link below to read all about it and apply.

http://www.geekstogo.com/geeku/

Any further questions or issues I can help with? :)
  • 0

Advertisements


#86
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#87
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP