TechSpot

After removing "System Alert Popup" my computer is very slow

By ZILDJMAN67
Feb 11, 2007
Topic Status:
Not open for further replies.
  1. I recently contracted something called "System Alert Popup" found a thread here on how to go about removing it. Followed all the steps and used all the tools. I think my system is clean of this trojan. When i checked add/remove programs and tried to remove it. there was a message that it may have already been removed, and asked if i wanted to remove it from my program list which i said yes.

    However, now that i have all these new programs installed on my computer. or for another reason i don't understand my system seems to be grinding away almost constantly. When it is started it takes about ten minutes to boot up to working order. Do I still have a virus, or some other problem

    thanks
    chris
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Let`s check to see if you still have any nasties on your system.

    Go and read this thread HERE, then post a HJT log as an attachment into this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. ZILDJMAN67

    ZILDJMAN67 TS Rookie Topic Starter

    Fresh Hijack Log

    Thanks for the help Howard!! Here is the log file you requested
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your system is infected with an unknown worm/virus/trojan.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. ZILDJMAN67

    ZILDJMAN67 TS Rookie Topic Starter

    All Tools Have Been Used

    Howard, I followed your instructions and found nothing new to remove. Although the tool "Look-2-Me" did not function when I attempted to use it. The screen came up and I checked to run as a task. It said it would close and re-open in 1 minute, but never did.

    I have attached all the logs, I think I got it right. It doesn't look like much has changed. What is my next step?
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    TrueInstallSBC.exe
    norton32.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - Global Startup: norton32.exe

    O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab

    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

    O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab

    O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc04.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab

    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F465BE64-E23A-448D-9395-9C9D3E849033}: NameServer = 24.229.54.212,207.44.96.129,24.229.54.220<Only fix this if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\norton32.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. ZILDJMAN67

    ZILDJMAN67 TS Rookie Topic Starter

    Before I Begin...

    Howard, 2 things before I gedt started on your last instructions.

    1 - When running the program CCleaner there is a tab for "Issues" I also ran that utility and it found a bunch of "Issues" Before I click the "Fix Issues" button I wanted to check with you....

    2- I am not certain of this instruction in your last post. I don't know if this reference belongs to my ISP?

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F465BE64-E23A-448D-9395-9C9D3E849033}: NameServer = 24.229.54.212,207.44.96.129,24.229.54.220<Only fix this if it doesn`t belong to your ISP.
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Is this your ISP? dns.sun.ptd.net if it is, don`t fix that 017 entry.

    Do not run the issues option in Ccleaner as it has been known to cause problems.

    Regards Howard :)

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. ZILDJMAN67

    ZILDJMAN67 TS Rookie Topic Starter

    New Log

    Howard,

    This is what I have after your last post. However, because I am unsure if that entry for my ISP is right or wrong i did not fix it. I use a local cable provider for my ISP (Optimum Online) but I am not sure what the server is called, and if that line is a reference for them or not. If you think I should run the fix on that as well let me know. But I don't want to risk the chance that I may come out of it without a way to access the net, to get you to fix it for me....lol

    thanks again
    C~
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean. It only remains to resolve the 017 entry.

    This is the info for the 017 entry.

    OrgName: PenTeleData Inc. - Cable
    OrgID: PENC
    Address: 540 Delaware Ave.
    City: Palmerton
    StateProv: PA
    PostalCode: 18071
    Country: US

    ReferralServer: rwhois://rwhois.ptd.net:4321/

    NetRange: 24.229.0.0 - 24.229.255.255
    CIDR: 24.229.0.0/16
    NetName: PENTEL-CABLE
    NetHandle: NET-24-229-0-0-1
    Parent: NET-24-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.PTD.NET
    NameServer: NS2.PTD.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    Comment:
    Comment: whois reassignment information for this block is available at:rwhois.ptd.net port 4321
    RegDate: 1997-05-02
    Updated: 2002-12-17

    RTechHandle: DM41-ORG-ARIN
    RTechName: Domain Master
    RTechPhone: +1-610-826-4701
    RTechEmail: dns-request@ptd.net

    OrgAbuseHandle: ABUSE9-ARIN
    OrgAbuseName: Abuse Department
    OrgAbusePhone: +1-800-281-3564
    OrgAbuseEmail: abuse@ptd.net

    OrgTechHandle: SYSTE-ARIN
    OrgTechName: Systems Administration
    OrgTechPhone: +1-800-281-3564
    OrgTechEmail: dns-request@ptd.net

    If that is from your isp, don`t fix it.

    Regards Howard :)

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. ZILDJMAN67

    ZILDJMAN67 TS Rookie Topic Starter

    Mission Accomplished!

    Howard,

    I checked with the service provider you listed in the last post. They are from a cable provider I had used years ago. I used the hijacker to fix the command in question. Things seem to be running normally now. Thank you so much for your help. I hope it stays this way....

    Any tips on keeping this type of infection from happening to me again? Now that I have all these new tools on my system what should I do with them?

    Regards
    Chris
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Here are the tools you need to keep, you can get rid of the rest.

    SS&D/AD-Aware se personal/AVG Antispyware/Ccleaner. In addition I recommend you install the Spyware Blaster programme from HERE.

    You might also want to take a look at this thread HERE. It`ll show you how you can keep your system more secure.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.