#1
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Need some help with an infected (?) machine
I'm trying to help my nephew clean up his laptop. When he brought it to me, he complained that it has become very slow, especially on bootup (which I can definitely verify, it is very slow to boot), there are pop-ups occurring when on the web, and IE tends to crash once in a while. I suspect he has some type of infection, probably multiple ones. I have been able to install Spybot, Adaware, AVG anti-spyware, Spyware Blaster, and AVG anti-virus and update and scan with each. Each one has found some things and cleaned them up, but it doesn't seem to be much better.ups and IE does tend to crash after several minutes of browsing.HJT , but; it will start, allow me to do the scan, and when I try to save the log, the program closes, no errors or messages. I've tried running it in safe mode, same results, so I cannot as yet post a log.HJT will not work? I know there are programs out there to cleanup specific types of malware, but with not knowing what's on this thing I don't know what to use.
Didn't find the information you thought to find?Similar Threads
#2
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Hey Bill.HJT . To circumvent this block, rename the hijackthis.exe to any name of your liking, run the tool and it should function and produce a log for us.
#3
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Hi Tom,HJT log;SP2 (WinNT 5.01.2600)SP2 (6.00.2900.2180)HjT .exehttp://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop http://www.espn.com/ http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop http ://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptophttp://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab http://security.symantec.com/sscv6/S.../bin/cabsa.cab
#4
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Ok, lets run the Vundo tool see what it finds. once that is done, run HJT and fix only the 018 entries , reboot, run HJT and post a fresh HJT along with the Vundo log.VundoFix.exe Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.
#5
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Tom,SP2 (WinNT 5.01.2600)SP2 (6.00.2900.2180)HjT .exehttp://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop http://www.espn.com/ http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop http ://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptophttp://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab http://security.symantec.com/sscv6/S.../bin/cabsa.cab
#6
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Very well, looks like we have just a few remnants remaining.Add/Remove , and if found, uninstall the following:Viewpoint <<<--Stealth DL, bundled with AIM. Used for online game playing, will re-install with AIM upgrade. Will not cause any malfunctions with AIM if removed.HJT place a check next to the following lines , then, with all browsers and windows closed , hit 'Fix checked' :http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop http://ie.redirect.hp.com/svs/rdr?TY ... on&pf=laptopsafe mode , this way:F8 > key. Safe Mode and press the <Enter > key. 'Show Hidden Folders' option, like this:Start . My Computer . Tools menu and click Folder Options . View Tab . Under the Hidden files and folders heading select Show hidden files and folders. Hide protected operating system files (recommended) option. Yes to confirm. OK .search for, then delete , if found, (some may not be present after previous steps) the following files/folders:tbcweuqv.dll<<<--this file yssrsv.dll<<<--this file Viewpoint<<<<---this folder exit Safe Mode, click the Start button, click Turn Off Computer , click Restart .HJT log back into this thread please.
#7
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Here's the new HJT log. It looks like things are improving, the boot up speed has definitely improved, and I haven't seen the winantivirus pop-ups for a while now.SP2 (WinNT 5.01.2600)SP2 (6.00.2900.2180)HjT .exehttp://www.espn.com/ http ://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptophttp://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab http://security.symantec.com/sscv6/S.../bin/cabsa.cab
#8
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Ok, everything looks good. Lets keep thread open for a bit and see if we stay clear.
#9
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Sounds good Tom. I'll check the machine out this afternoon and see if there are any more pop-ups or problems. I'll probably put on the passive protection items you mentioned as well. I'll post back later today and let you know how it looks.
#10
Geek Member
Profile: Join Date: Mar 2003
Location: Glen Allen, VA
Posts: 560
Computer Experience:
Tom,
#11
SuperGeek
Profile: Join Date: May 2006
Location: PHX. AZ
Posts: 3,311
Computer Experience:
Excellent news!!PM
All times are GMT +1. The time now is 22:13 .
