Jump to content

Help please...


MikeCheka
 Share

Recommended Posts

Hello,

I have recently had an online game account hacked. During the account restoration process they strongly advised me to install key logger scanner off the internet and I came across Anti-Malware. On the initial scan it found some items and I quarantined and deleted the suspected files. During a secondary scan it found a suspected Trojan but froze during the quarantine process. So I restarted my computer and re-scanned and it found the same suspected Trojan but froze again during the quarantine process. When restarting my computer once more and running another scan the suspected Trojan was no longer found but was not on the quarantine list either. All subsequent scans resulted in nothing being found. This whole time Norton did not discover anything. Since this, my computer has been running extremely slow and I have been having serious delays when launching my browser and the internet game. When I open the task manager to end the browser or game process it stops responding and will not end the process, and occasionally freezing the entire computer. I have this feeling my computer may still be infected and without it being detected by either of the programs I have, I am completely clueless on how to fix the problem. Please help.

Link to comment
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 26.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop. Users of Windows Vista/7 64-bit can install both the 32-bit and 64-bit JRE without conflicts.
    Windows x86 Offline (jre-6u26-windows-i586.exe)
    Windows x64 (jre-6u26-windows-x64.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")


The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.


Using Add or Remove Programs in the Control Panel; uninstall the following:

Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 23


Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. -  File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{f028fa40-79df-11e0-ade8-f04da2589f68}\Shell - "" = AutoRun
    O33 - MountPoints2\{f028fa40-79df-11e0-ade8-f04da2589f68}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
    O33 - MountPoints2\{f028fa65-79df-11e0-ade8-f04da2589f68}\Shell - "" = AutoRun
    O33 - MountPoints2\{f028fa65-79df-11e0-ade8-f04da2589f68}\Shell\AutoRun\command - "" = E:\setup.exe -a
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    @Alternate Data Stream - 972 bytes -> C:\Program Files (x86)\Common Files\System:EpqM2KcQs6ble4LGgaVqL6d
    @Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:1AfjaWgUyWH10QlzVVz
    @Alternate Data Stream - 1189 bytes -> C:\Users\Christina\AppData\Local\vtzcr8irkhC7:sBXytesX4nGGSmE8NXcH5J
    @Alternate Data Stream - 1115 bytes -> C:\ProgramData\Microsoft:pqmzB9MZLPy8pAdLGFd
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL).

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Hello again

I was able to successfully update both Java and Adobe Reader. I was also able to run the fix in OTL without any problems. Things with the system seem to have sped up a bit, as far as restarts, opening folders/ control panel, however I am still experiencing pretty significant delays when launching my internet browser or internet game. I am now getting a pop up from Nortons that says High Disk Usage Warning from Windows Service. Attached is the new OTL log. Thanks in advance for your help, I really do appreciate it!

Link to comment
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.


Attach logs for:

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Your ComboFix log seems to indicate that several services appear to missing drivers. Let's take a look at the system using a different tool.

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Come back here to this thread and attach the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...