1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Slow computer / unresponsive script

Discussion in 'Malware and Virus Removal Archive' started by Unsprung, 2010/08/16.

Page 3 of 3
  1. 2010/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Simply delete that file:
    - C:\Documents and Settings\All Users\3d6b3d3\274.mof
    Empty recycle bin afterward.

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #41
  2. 2010/08/24
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Here is the ESET report:

    C:\Documents and Settings\All Users\3d6b3d3\274.mof Win32/RogueAV.A trojan

    I will send you the BIOS reading when I next start up.
     
    Unsprung,
    #42


  3. to hide this advert.

  4. 2010/08/24
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    I went into Windows explorer to delete the file with the tojan but ti was not there. There was only one file listed in the All Users folder: NTUSER.dat. So I was unable to rid of the trogan.

    You advice is VERY helpful and appreciated but isn't it premature to say that "your computer is clean" when ESET says that I have a trojan and I am thus far unable to get rid of it?

    I have an icon in the lower right telling me that I am at risk, have no firewall and I should click to update. I didn't. I thought one of the diagnostic tools that you had me run confirmed that I DID have a firewall. Is this bogus? Will it go away if I can successfully get rid of the trogan?

    Because I was unable to delete the trojan file, I did not do steps 1-13.

    I'm worried. Our my credit card numbers safe?
     
    Unsprung,
    #43
  5. 2010/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\3d6b3d3\274.mof

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
    broni,
    #44
  6. 2010/08/25
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Here is the OTL log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\3d6b3d3\274.mof moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Temp folder emptied: 0 bytes

    User: BRITTANY

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: HOUSE

    User: KRISTEN

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: MORGAN

    User: NetworkService
    ->Temp folder emptied: 6098 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Peter Blood
    ->Temp folder emptied: 106292792 bytes
    ->Temporary Internet Files folder emptied: 374107 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 53208124 bytes
    ->Flash cache emptied: 758 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 28948 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 153.00 mb


    [EMPTYFLASH]

    User: All Users

    User: BRITTANY

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: HOUSE

    User: KRISTEN

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: MORGAN

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Peter Blood
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08242010_205304

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    I will now follow the 13 steps that you outlined to reset system restore
     
    Unsprung,
    #45
  7. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
     
    broni,
    #46
  8. 2010/08/25
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Wait, the adobe updater wants to be updated. Its a little squarish icon. Maybe its a wrench or a golf tee. I need to know if it is legit. I'm afraid to update anything. Will PSI or Filehippo do that?
     
    Unsprung,
    #47
  9. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't use Reader, so I can't tell you.
    Most likely, it's legit, since your computer is clean.
     
    broni,
    #48
  10. 2010/08/25
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Thank you. How do I make sure Windows updates are current?
     
    Unsprung,
    #49
  11. 2010/08/25
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    There is definitely an issue or two having to do with my firewall. Last night I was unable to run PSI because it says my firewall is interfering with its operation and I must make the firewall allow PSI. On the other hand, the icon that I am unsure about claims that my "computer might be at risk. No firewall is turned on. Click this balloon to fix the problem." Do I even have a firewall? I do not know but I thought one of those diagnostic tools of your said I did. Is it part of Avira Antivirus? Something is wrong.
     
    Unsprung,
    #50
  12. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How do I make sure Windows updates are current?
    Go Start>All Programs>Windows Updates and click on it.
    See, if it'll find anything new.

    =======================================================

    As for the firewall....
    That may be due to a fact, that, at some point, you had Comodo installed.
    And no, Avira doesn't include firewall.
    That balloon looks legit.
    Click on it and BEFORE you do anything, let me know what you see.
     
    broni,
    #51
  13. 2010/08/25
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    A menu comes up asking me to install an adobe reader update. "This update addresses customer issues and security vulnerabilities. Adobe recommends that you always install the latest updates. Install or cancel."

    So I do not have a firewall. Do I need one? I don't know much about them accept that they prevent some things from working.
     
    Unsprung,
    #52
  14. 2010/08/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean, so it can't be anything malicious.
    Go for it.

    You do. Windows firewall. Just make sure, it's on.
    Firewall is a very important security tool.

    Go Start>Control Panel. Double click on the Security Center icon. Click on the Windows Firewall icon beneath the status updates. Click On, then OK.
     
    broni,
    #53
  15. 2010/08/26
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Thank you so much for taking the time to help. The computer is working safer and I am free of two trojans. I will change my passwords and read through your other precautionary suggestions. Thanks again
     
    Unsprung,
    #54
  16. 2010/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #55
Page 3 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...