1. Visiting from the US? Why not try DIYnot.US instead? Click here to continue to DIYnot.US.
    Dismiss Notice

More darned malware - now is it dying?

Discussion in 'Software' started by ChrisR, 29 May 2011.

  1. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    This seemed to be just a spyware problem. That may have been cleared now. Things have changed, starting here:
    http://www.diynot.com/forums/viewtopic.php?p=2008536#2008536


    5 year old PC, XP kept updated.
    Microsoft Sec Essentials was always enabled.
    I had an old version of Norton working, ocassionally reporting that an intrusion had been stopped, but it stopped responding properly.
    I updated IE to version 8.

    Problems began around then of advertising sites popping up or redirections from eg Google result clicks, slow running and IE not working properly (white screen).

    Problems continue, mostly with IE, but also sometimes with Firefox.
    Not running Google Chrome or their toolbar.

    I've run Malwarebytes and Superantispyware and Avast, and MCE

    They all seem to find something to object to.
    Last was
    Rootkit: hidden boot sector MBR:\\.\PHYSICALDRIVE0

    That was care of Avast, which is now every couple of minutes chirrupping that
    -"a suspicious URL" was active, and quoting
    srvchost.exe

    Task manager did show that an instance of that process was taking 85% or so of the processor. I kept killing it and it would come back a minute or so later.

    Sheesh I don't think I've had any intrusion problems in 5 years

    I'll reboot and run a deep scan (again) overnight.
    WHat would the recommended product(s) be?


    By the way, when I ran ( I think it was ) Malwarebytes, it cleared a file which was hiding my ripoff copy of a program from its producer. Now it's disabled!
     
  2. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    Avast boot scan run - took THIRTY SIX HOURS!

    Tip - most of what it found was in Deleted emails reciseved folder, or attachments that had never been opened.
    SO delete those before doing a scan
    Als stuff inthe Recycle bin caused alerts.
    Problem with a number of the alerts was that the scan stopped to prompt for a decision, quite a pain.
    Then it scanned every single .jpg, .tiff and camera raw file, taking a couple of seconds for each. Bit of a pain when there are thousands of them. SUrely that's pretty pointless?

    On reboot the pc was occupied with svchost.exe at 90% or so for 10 minutes :evil:

    Now it's running I keep getting a pop-up warning saying this or something like it:
    [​IMG]
    No idea what it means!

    Now I've read through the sticky post at the top of the forum (perhaps it needs a different title??) I'm more confused than ever about what I should disable or leave running.


    Edit
    I'm STILL getting unwanted redirections to advertising sites when I click on Google search results.
    JEEZ what do I have to do to get rid of it??

    Next I got a screen whcih looked just like the Microsoft Security Essentials one saying it had found the problem and prompting for the removal. But the address header said "newwowtoolxp.com" and it wanted to download an exe file so i stopped...
     
  3. Monsterminty

    Monsterminty

    Joined:
    26 May 2011
    Messages:
    238
    Thanks Received:
    29
    Location:
    Pembrokeshire
    Country:
    United Kingdom
  4. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    Ok, It's about 20,000 characters on 478 lines. .
    Do you need all of it?

    Router - it's a Draytek Vigor summatorother, umm...
    (Not set up properly. 2 wired computers share internet (cable) OK, but they can't see each other and wireless doesn't work)
     
  5. Monkeh

    Monkeh

    Joined:
    25 Jan 2010
    Messages:
    4,149
    Thanks Received:
    329
    Location:
    Cornwall
    Country:
    United Kingdom
    Who says that's not intended (and thus set up properly)?
     
  6. AdrianMealing

    AdrianMealing

    Joined:
    7 Jan 2011
    Messages:
    182
    Thanks Received:
    25
    Country:
    United Kingdom
    Post the log as an attachment if it will let you, may be easier on the eye.
     
  7. Monsterminty

    Monsterminty

    Joined:
    26 May 2011
    Messages:
    238
    Thanks Received:
    29
    Location:
    Pembrokeshire
    Country:
    United Kingdom
    yeah, an attachment would probably be easiest, and i do need all of it pls.
    also its important that i have the full model number of the router.
     
  8. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    Bloomin eck, this is hard work.
    I've had a lot of crashes and freezes. Superantispyware runs for about 10 minutes at boot up. But it has cleared the redirection problem, it seems.

    Bootup in fact has become a long business. About 5 minutes of normal booted screen, the XP field on a hill, with the program icons on it. If I actually RUN anything MUCH in the first several minutes, it freezes after starting up the application. Task Manager show System Idle at 97% or so, but nothing runs. Task manager then won't reun either.. Sometimes not even the mouse moving. Then it needs a reboot.

    If I leave it (unfrozen, but not running any apps) for five minutes, SuperAntiSpyware takes 98% of the processor for TEN minutes. Then I have a working PC. All seems fine, except it occasionally stops dead. If I then leave it for many minutes, it MIGHT recover.

    All getting a bit silly now. Does this sound like a hardware problem? Connector maybe?
    I have "Avast" runing so have deleted Super-AS. What will happen next time, heaven knows.
     
  9. Sponsored Links
  10. AdrianMealing

    AdrianMealing

    Joined:
    7 Jan 2011
    Messages:
    182
    Thanks Received:
    25
    Country:
    United Kingdom
    Still need that Hijackthis Log
     
  11. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    Oh ok, I'll have another go. I'll store it online somehere so I can delete it later. What are you looking for?

    Yer tiz:

    Thanks
     
  12. digdilem

    digdilem

    Joined:
    27 Dec 2010
    Messages:
    413
    Thanks Received:
    58
    Location:
    Devon
    Country:
    United Kingdom
    You've got a proper job going on there. Sounds like you've got several live ones, and when a computer is in that state you may want to consider reformatting and reinstalling windows.

    Obviously you'll need to reinstall all your software and set it all up again, so budget for plenty of time and double check you've backed up your settings, bookmarks, documents and personal stuff first.

    It's not an essential step - it's nearly always possible to clean a computer without doing this - but it /is/ an option and I know several professionals whose standard response is to wipe the drive and reinstall the OS from an image. Those machines tend to have documents stored centrally though :)
     
  13. AdrianMealing

    AdrianMealing

    Joined:
    7 Jan 2011
    Messages:
    182
    Thanks Received:
    25
    Country:
    United Kingdom
    Your Virus, your PC is definitely infected, i am just trying to work out how bad.

    Question, why have you got so many programmes running, what is the PC used for?

    Also is this a 64Bit machine, and how much RAM do you have?
     
  14. freddiemercurystwin

    freddiemercurystwin

    Joined:
    21 Jan 2007
    Messages:
    18,519
    Thanks Received:
    2,028
    Location:
    Devon
    Country:
    United Kingdom
  15. ChrisR

    ChrisR

    Joined:
    24 Jul 2003
    Messages:
    23,931
    Thanks Received:
    1,304
    Location:
    London
    Country:
    United Kingdom
    I just posted a fairly detailed reply - and "communication problems" dumped it. SO I've HAD IT with computers for a while................

    SHort version - nothing reported having run Combofix, thanks Adrian, but it does seem to be quieter now.

    What programs?? :confused:
    I run half a dozen apps open together sometimes - normal isn't it?
    32 bit I'm sure, as it's 2005 or so, Pentium 4 2.66 GHz. 3 gig ram
     
  16. alumni

    alumni

    Joined:
    12 Dec 2010
    Messages:
    2,769
    Thanks Received:
    83
    Location:
    Yorkshire
    Country:
    United Kingdom
    What's in your hosts file?

    It's often targetted but overlooked in the fight to clean the machine.
    Had one this week where the file itself had 'disappeared'.

    You might want to shut down one of the anti virus progs and repeat a scan with the enabled one. Two packages running together can cause allsorts of silly problems - just like you've been experiencing.
     
Sponsored Links
Loading...
Related Threads
  1. DIYspanner
    Replies:
    16
    Views:
    1,548
  2. JohnBoyII
    Replies:
    4
    Views:
    638
  3. Alison556
    Replies:
    16
    Views:
    1,338
  4. fitter
    Replies:
    9
    Views:
    1,428
  5. fitter
    Replies:
    0
    Views:
    514
  6. fitter
    Replies:
    0
    Views:
    457
  7. fitter
    Replies:
    0
    Views:
    481

Share This Page