TechSpot

Cheakup

By Mekaonija
Mar 17, 2007
  1. Hey, I think my comp is getting a bit sluggish again. I uninstalled and deleted everything I don't use, and ran some scans and clean ups, it's a bit better but now when I try to run "msconfig" to change my start up options it pops up for a second then closes it self. Not sure what's going.

    edit: Zomg, its doing the same thing with Analyze.exe. and I wasn't sure about anything else but now that I think of it I'm sure that other programs have closed themselves also Y~Y

    Running AVG Virus/Spyware scans again, found some Adware so far...

    Thanks :giddy:
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Ah-ha! The problem is that Word documents can contain viruses themselves, because they can harbor malicious macros. I think that's why Howard doesn't like people posting HJT logs as .doc files.

    Anyway,they may or may not be causing the problem. Have you tried booting into safe mode? That may work; instructions HERE.

    Try running that stuff from safe mode and let me know if it works.

    Regards :)
     
  3. Mekaonija

    Mekaonija TS Enthusiast Topic Starter Posts: 114

    Lol, yeh... Well they were seemingly harmless xD My friend gave them to me, but I guess thats the source of the prob...I'll go in safe mode when scans complete... =p
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Oops, I didn't realize that you could do some scans. When they complete, it would be good to boot into safe mode, and if you can run HijackThis, do it and post a log as an attachment. It certainly sounds like some kind of malware, which can be picked up even from visiting certain malicious sites.

    Anyway, please post a HJT log if you can.

    Regards :)
     
  5. Mekaonija

    Mekaonija TS Enthusiast Topic Starter Posts: 114

    Ok heres a log, and damn my resolution was like 1x1 in safe mode, I couldn't see anything xD It was hell to get this log...and by the looks of it I'm not liking it, well from what I saw anyway... I can't really tell because by the time I can even try and look at it, it closes lol... Odd how Mozilla firefox isn't closing tho =o
     
  6. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Have HJT fix these entries:

    F3 - REG:win.ini: load=C:\WINDOWS\system32\iltbeebzkc\smss.exe

    F3 - REG:win.ini: run=C:\WINDOWS\system32\iltbeebzkc\smss.exe

    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

    Have HJT fix all of the O1 - Hosts entries.

    Now reboot into normal mode and see if you can do another HJT log. Logs are somewhat limited when in safe mode, so it will help if you can do one in normal mode. Also run AVG Antivirus and AVG Antispyware, delete whatever they find, and post their logs here.

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    If these instructions are unclear or you're not sure how to follow them, don't hesitate to ask.

    Regards :)

    This thread is for the use of Mekaonija only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  7. Mekaonija

    Mekaonija TS Enthusiast Topic Starter Posts: 114

    Thanks a lot, problems all gone ;D

    Here new Log.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\iltbeebzkc<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Well done kitty500cat :)

    Regards Howard :)

    This thread is for the use of Mekaonija only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Mekaonija

    Mekaonija TS Enthusiast Topic Starter Posts: 114

    Thanks :grinthumb

    I don't think that folder existed though
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If the folder wasn`t there then it doesn`t matter.

    However, the folder definitely existed, because it was in your HJT log. You did turn on show all files and folders as per my instructions, didn`t you? If not, then that`s probably why you couldn`t find it.

    Regards Howard :)

    This thread is for the use of Mekaonija only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Mekaonija

    Mekaonija TS Enthusiast Topic Starter Posts: 114

    Oh right, I forgot to uncheck one of the hidden options...ehehe sorry =p

    Its gone now though thanks =D
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem mate lol.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Mekaonija only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...