[SamStencil]

Hello guys and gals, again! How you doing?

We're having some issues with one notebook here and it seems pretty bad.

 

 

Apart of the system being very slow, and weird when starting (you press the start button, it acts as if it was going to freeze or show some error, but slowly starts to run), AVG opens up right when you start the comp and shows already around three different threats.

These follow:

 

C:\Users\username\appdata\Roaming\Geo-Dom.exe

C:\Users\username\appdata\Roaming\autoupdate.exe

C:\Users\username\appdata\Roaming\Qonifa.dll

 

When I open up any of the browsers the pages are not the chosen startpage. When testing Firefox, it showed a link with lots of numbers and letters saying something like 'host not available' and Chrome opens up Gogletab.com as startpage.

This got me a bit nervous about using the browser, that's why I didnt download the required program in the GeeksToGo Malware Guide.

Still, I couln't find any way to change the startpage of any of those.

 

 

When I opened the processes I found dlllhost.exe, vpnui.exe, syshostctl.exe, dwm.exe...

I'm trying to run malwarebites, it has found around 247 threats and still running, but the system is very slow.

 

 

I also just tryed disconnecting it from internet and the warnings of trojan don't show.

 

 

It's a Toshiba Statellite L750/755, runs Windows Vista 7 64-bits

 

Hope anybody can give me some enlightening.

Thanks ahead!

[Advertisements]

Attached is FRST64.zip.

 

[attachment=82092:FRST64.zip]

 

Download, Save it and then right click and Extract it to your desktop.  Right click on FRST64.exe and run as admin.  

 

Check the box for Addition.txt and then hit Scan.  When it finishes you will have two files.  Copy and Paste each to a separate Reply.

[RKinner]

Attached is FRST64.zip.

 

[attachment=82092:FRST64.zip]

 

Download, Save it and then right click and Extract it to your desktop.  Right click on FRST64.exe and run as admin.  

 

Check the box for Addition.txt and then hit Scan.  When it finishes you will have two files.  Copy and Paste each to a separate Reply.

[SamStencil]

Hi!

Well thats the thing, I cant do anything on the notebook, it started freezing completely D:

unless I use some USB stick to transfer the file. I'll try again tomorrow and then I'll give you the feedback !

[RKinner]

You might have better luck in Safe Mode with Networking 

 

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

[SamStencil]

Hey I'm back!

 

I was able to start the computer in safe mode with networking but even as it said it was connected to our wi fi it wouldnt work, as though it wasn't connected :/
any tips?

Thank you!

Edited by SamStencil, 12 August 2016 - 01:58 PM.

[RKinner]

 

 

In IE,  Gear icon (Tools), Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

 

In FireFox,  three horizontal lines icon, Options, Advanced, Network, Settings, check No Proxy then OK.  Close Firefox and restart Firefox.

 

In Chrome, three horizontal lines icon, Settings, Show Advanced Settings, Network, Change Proxy Settings, Lan Settings,  uncheck all boxes, OK.  Uses IE's settings

 

 If still no good:

 

Open an elevated command prompt:

Win 10: http://www.howtogeek...-in-windows-10/

Win 8: http://www.eightforu...indows-8-a.html

Win 7 & Vista:  Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator

 

If you open an elevated command prompt it will by default open in c:\Windows\system32

 

Once you have an elevated command prompt:

Type with an Enter after each line:

 

Ping 8.8.8.8

Should give you:

 

Pinging 8.8.8.8 with 32 bytes of data:

Reply from 8.8.8.8: bytes=32 time=11ms TTL=56

Reply from 8.8.8.8: bytes=32 time=11ms TTL=56

Reply from 8.8.8.8: bytes=32 time=10ms TTL=56

Reply from 8.8.8.8: bytes=32 time=10ms TTL=56

 

Ping statistics for 8.8.8.8:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 10ms, Maximum = 11ms, Average = 10ms

 

 

 

 

nslookup geekstogo.com

Is this what you get for addresses?

 

Server:  cdns01.comcast.net

Address:  75.75.75.75

 

Non-authoritative answer:

Name:    geekstogo.com

Addresses:  104.28.28.94

          104.28.29.94

 

 

 

Tracert -d 8.8.8.8

Do you get trace complete?  What is the last IP address?

Tracing route to 8.8.8.8 over a maximum of 30 hops

 

  1    <1 ms    <1 ms    <1 ms  192.168.0.1

  2     9 ms     8 ms     8 ms  96.120.12.37

  3     8 ms     8 ms     8 ms  68.85.221.41

  4    10 ms    10 ms     9 ms  68.86.103.5

  5    13 ms    21 ms    10 ms  68.86.92.121

  6    12 ms    11 ms    11 ms  68.86.86.77

  7    12 ms    11 ms    11 ms  68.86.83.10

  8    10 ms    11 ms    10 ms  75.149.228.174

  9    11 ms    11 ms    11 ms  209.85.241.131

 10    12 ms    12 ms    12 ms  209.85.241.175

 11    11 ms    10 ms    10 ms  8.8.8.8

 

Trace complete.

 

 

 

Next two reset the network:

netsh  winsock  reset catalog

netsh  int ip reset reset.log

 (I think this is just for XP use the next line for newer Windows)

 

 

netsh int ipv4 reset %userprofile%\Desktop\reset4.log 

Reboot.

 

If all else fails, use a USB to move FRST64 to the sick PC.