After removing "System Alert Popup" my computer is very slow

[ZILDJMAN67]

I recently contracted something called "System Alert Popup" found a thread here on how to go about removing it. Followed all the steps and used all the tools. I think my system is clean of this trojan. When i checked add/remove programs and tried to remove it. there was a message that it may have already been removed, and asked if i wanted to remove it from my program list which i said yes.

However, now that i have all these new programs installed on my computer. or for another reason i don't understand my system seems to be grinding away almost constantly. When it is started it takes about ten minutes to boot up to working order. Do I still have a virus, or some other problem

thanks
chris

 

[howard_hopkinso]

Hello and welcome to Techspot.

Let`s check to see if you still have any nasties on your system.

Go and read this thread HERE, then post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ZILDJMAN67]

Fresh Hijack Log

Thanks for the help Howard!! Here is the log file you requested

 

[howard_hopkinso]

Your system is infected with an unknown worm/virus/trojan.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ZILDJMAN67]

All Tools Have Been Used

Howard, I followed your instructions and found nothing new to remove. Although the tool "Look-2-Me" did not function when I attempted to use it. The screen came up and I checked to run as a task. It said it would close and re-open in 1 minute, but never did.

I have attached all the logs, I think I got it right. It doesn't look like much has changed. What is my next step?

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

TrueInstallSBC.exe
norton32.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - Global Startup: norton32.exe

O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} - http://www.riversoftware.net/x0ff.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc04.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab

O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F465BE64-E23A-448D-9395-9C9D3E849033}: NameServer = 24.229.54.212,207.44.96.129,24.229.54.220<Only fix this if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\norton32.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ZILDJMAN67]

Before I Begin...

Howard, 2 things before I gedt started on your last instructions.

1 - When running the program CCleaner there is a tab for "Issues" I also ran that utility and it found a bunch of "Issues" Before I click the "Fix Issues" button I wanted to check with you....

2- I am not certain of this instruction in your last post. I don't know if this reference belongs to my ISP?

O17 - HKLM\System\CCS\Services\Tcpip\..\{F465BE64-E23A-448D-9395-9C9D3E849033}: NameServer = 24.229.54.212,207.44.96.129,24.229.54.220<Only fix this if it doesn`t belong to your ISP.

 

[howard_hopkinso]

Is this your ISP? dns.sun.ptd.net if it is, don`t fix that 017 entry.

Do not run the issues option in Ccleaner as it has been known to cause problems.

Regards Howard

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ZILDJMAN67]

New Log

Howard,

This is what I have after your last post. However, because I am unsure if that entry for my ISP is right or wrong i did not fix it. I use a local cable provider for my ISP (Optimum Online) but I am not sure what the server is called, and if that line is a reference for them or not. If you think I should run the fix on that as well let me know. But I don't want to risk the chance that I may come out of it without a way to access the net, to get you to fix it for me....lol

thanks again
C~

 

[howard_hopkinso]

Your HJT log is now clean. It only remains to resolve the 017 entry.

This is the info for the 017 entry.

OrgName: PenTeleData Inc. - Cable
OrgID: PENC
Address: 540 Delaware Ave.
City: Palmerton
StateProv: PA
PostalCode: 18071
Country: US

ReferralServer: rwhois://rwhois.ptd.net:4321/

NetRange: 24.229.0.0 - 24.229.255.255
CIDR: 24.229.0.0/16
NetName: PENTEL-CABLE
NetHandle: NET-24-229-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PTD.NET
NameServer: NS2.PTD.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment:
Comment: whois reassignment information for this block is available at:rwhois.ptd.net port 4321
RegDate: 1997-05-02
Updated: 2002-12-17

RTechHandle: DM41-ORG-ARIN
RTechName: Domain Master
RTechPhone: +1-610-826-4701
RTechEmail: dns-request@ptd.net

OrgAbuseHandle: ABUSE9-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-800-281-3564
OrgAbuseEmail: abuse@ptd.net

OrgTechHandle: SYSTE-ARIN
OrgTechName: Systems Administration
OrgTechPhone: +1-800-281-3564
OrgTechEmail: dns-request@ptd.net

If that is from your isp, don`t fix it.

Regards Howard

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ZILDJMAN67]

Mission Accomplished!

Howard,

I checked with the service provider you listed in the last post. They are from a cable provider I had used years ago. I used the hijacker to fix the command in question. Things seem to be running normally now. Thank you so much for your help. I hope it stays this way....

Any tips on keeping this type of infection from happening to me again? Now that I have all these new tools on my system what should I do with them?

Regards
Chris

 

[howard_hopkinso]

Here are the tools you need to keep, you can get rid of the rest.

SS&D/AD-Aware se personal/AVG Antispyware/Ccleaner. In addition I recommend you install the Spyware Blaster programme from HERE.

You might also want to take a look at this thread HERE. It`ll show you how you can keep your system more secure.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of ZILDJMAN67 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.