TechSpot

Dell Inspiron 9300 - Serious Issue, Malware?

By Gareth B
Oct 14, 2008
  1. Hi All,

    Here is my situation. It would appear that my laptop has become seriously inhibited.
    After returning home from work a couple of nights ago, my son informed me that the Laptop was not working right.

    Ok here is the run down.


    Ok I have followed the above guide to the best of my ability / Failing laptops.

    I have not been able to get the latest revisions (updates) for Malwarebytes' Anti-Malware and SuperAntiSpyware as I am unable to connect to the internet. I have now purposely at this stage disabled the connection to the router. The reason for this is every time I have attempted to connect I get the following behaviour.

    The desktop will drop-out and I am then forced to CTL-ALT-DEL, to run explorer, the downside of this however is that I get about 10 seconds to try to execute anything. (This is in safe mode and normal boot).

    After running through the 8-step guide, (without the opportunity to connect online).

    After step 4 - The running of Malwarebytes' Anti-Malware, I am now able to get to the desktop and behaviour of the machine is fine, this is without any connection to the router. If I enable the router the whole situation repeats.

    Bearing the above in mind I was unable to undertake step 6 (Update Java Runtime Environment).

    I have attached the requested logs.

    Please Help.

    Many Thanks
    Gareth B
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please run HJT again, and tick and fix these two:
    Also go to C:\WINDOWS\system32 and delete qoMedASM.dll
    You may need to do this in Safe Mode

    Then try connecting and updating, and scanning again
    Ideally let us know (say even before you update the Programs) that it is presently working
     
  3. Gareth B

    Gareth B TS Rookie Topic Starter

    Firstly thank you.

    Ok trtied to delete qoMedASM.dll in both normal mode and safe mode.

    In safe mode it give me the message.

    Cannot delete qoMedASM: It is being used by another person or program.
    Close any program that might be using the file and try again.

    On a slightly different note when i boot into safe mode there are to logon option.

    Mine and Administrator, is this usually the case?

    Cheers
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes that's normal
    I should've said log on to Administrator, but forget that now

    In HJT there's an option to remove files that cannot be removed normally

    Run HJT
    (Doh, I haven't got it installed !!!)

    Anyway, it's on the first screen, that says misc, tools or something
    And in there, is a program to remove files in use (I don't know the label, but can get it if you like)
     
  5. Gareth B

    Gareth B TS Rookie Topic Starter

    Hi Again,
    It wouldn't let me log on as Administrator, asking for a password and mine did not work. Then logged on in safe mode as me, and tried to delete the file on reboot through the Hijack program, however the file remains?

    Not tried to enable my connection just yet.
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Sorry was away from computer

    Please try connecting and let me know the result
    We can work out the Admin pass thing a bit later on
     
  7. Gareth B

    Gareth B TS Rookie Topic Starter

    It seems to connect but everytime i tried to updates or go online, it states there is no connection. the pc i am using now is connected via the same connection. ?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  9. Gareth B

    Gareth B TS Rookie Topic Starter

    It is wireless yes. And the symptoms have now reverted. !
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    ok it's getting more difficult ! :)

    Lets start by removing that Admin Password (it'll probably help a great deal)
    Have a look h e r e Go for the Live BootCD and then boot from it

    This will take you a little while (download and burn ~ 20 mins & Boot and view password ~ 20 mins or so) So hear back in an hour or so :) Good Luck

    By the way, once you write down (the case sensitive) password(s)
    Go back to Safe Mode, and try removing that file again
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Question about this statement:
    Can you connect when you bypass the router? If so, you may have a bad router.
     
  12. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    When i read this i just have to ask to cover all possibilities: Have you ever assigned an Administrator password? From your statement, maybe not. Did you try just hitting Enter? (The default password is no password)
     
  13. Gareth B

    Gareth B TS Rookie Topic Starter

    Hi All,

    The router is fine i have other hardware working fine through it.
    I have never assigned an Admin Password, and as your suggestion tried the default of no password.
    Gonna try the Live Boot Cd this morning. Fingers Crossed.

    Ok got on as Administrator, but still cannot remove the qoMedASM.dll file?

    Just to let you know i havetreid the following:

    Logon as Administrator.
    Tried to remove the file using Malwarebytes' Anti-Malware. (remove file on Reboot)
    Reboot
    Look for ther file on reboot it is still there.
    Ty to remove thefile using a similar utility in Hijack
    Reboot
    Look for ther file on reboot it is still there.
    I have not attempted to go online per say as yet, as i know the virus will start all over again.

    Any other suggestions would be greatly appreciated.

    Cheers

    Managed to get the file off in the end using and Unlocker program. Ran through the win sock cmd commands, and now have established a connection. It is now time for the * step guide from fresh. I will re-post all relevent logs a little later.

    Phweh


    Thanks Kimsland - going through the whole routine one last time.
    Anything else i should do once i have completed the step by step guide.


    Ok New note - What Firewall protection would you reccomend, at the moment I am using the default Firewall supplied with windows.
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I was going to suggest Unlocker, but I knew you couldn't download, so stuck with the normal ones.

    Anyway, thanks for the update.
    Also instead of replying to yourself (causing excessive emails to everyone :) just use Edit instead)
    Edit: Moderator now combined your posts

    Hear back from you later on.
    .
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...