Having issues help quick

By Katana
Apr 12, 2007
Topic Status:
Not open for further replies.
  1. Upon entering my computer, there seemed to be a very large problem, considering my computer which is normally fast was going like a windows 95...

    So I brought up the task manager to see wtf was going on and looked at its performance reading...

    The graph that it has looks almost identical to a tangent graph, or y=tan x...meaning that it's randomly spiking up to a peak and falling back to 0 at regular intervals consistantly.

    So I wanted to see what the hell was making my pc go nuts, and when i watched the processes, I found that there was a problem with the cpu output that the process named "system" was giving.

    It is normally very low, actually if i'm not mistaken it's normally at 0. Well at random maybe 4 second intervals it spikes up to 99 and then goes back to 0. This is pissing me off to no end and I dont know what the problem is!

    I've run a nod32 virus scan and I have used CCleaner. Idk what to do.
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Run HiJackThis and post the results here. Sounds as if you have an infestation
  3. Katana

    Katana Newcomer, in training Topic Starter Posts: 36

    What's a reliable site to download it from?
  4. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    www.majorgeeks.com in the Anti-Spyware section. There are many others you can find with a Google search of "HijackThis"
    It is free... but it is difficult to use for first timers, so send the dump here for others to analyze
  5. Nuradonai

    Nuradonai Newcomer, in training

    Here are some simple guides that may prove to be useful.

    Clean out your temporary internet files and temp files.

    Go to "Start" -> "Run" and type in the box: "cleanmgr". Let it scan your system for files to remove. Make sure these 3 are checked and then press "Ok" to remove:

    * Temporary Files

    * Temporary Internet Files
    * Recycle Bin

    Scan your computer with Ad-Aware and Spybot - Search and Destroy

    Download Ad-aware SE and update it (the Globe icon, then Connect). Then click on Perform Full System Scan. Uncheck Search for negligible risk entries and click on Next. Eliminate all that Ad-aware finds. A more thorough tutorial on use Ad-aware can be found here:

    Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer


    [​IMG] - Download Ad-Aware SE



    Restart your computer after cleaning with Ad-aware and scan again. Repeat the process until no further items are found as bad.

    Next,

    Download SpyBot - Search and Destroy and install the program. After installing the program, click on Search for Updates and download what the program finds. Click on Search & Destroy and on Check for problems. Delete what it finds.

    Using Spybot - Search & Destroy to remove Spyware from Your Computer


    [​IMG] - Download Spybot - Search and Destroy



    Scan your computer for malware infections

    Before posting the log we would like you to attempt to remove most of the malware on your computer using free anti-virus/anti-trojan products. We have provided a list of our recommended online and free/trial software that we would like you to scan your computer with as part of this step. Most of these applications need Microsoft Internet Explorer in order to function, so do not use Firefox or Opera. The only one that is available for use in these two browsers is Housecall AntiVirus

    Housecall Anti Virus

    Panda Anti Virus

    Bit Defender



    If you already have an anti-virus program, update it and let it check as well.


    Run McAfee Stinger:

    Once the computer has been scanned, we would like you to download the following program:

    [​IMG] http://vil.nai.com/vil/stinger/



    This program will scan your computer for the most common worms, trojans, and viruses that are currently in the wild. Instructions for using this program can be found on the McAfee stinger page.

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location, so you can delete it yourself.


    Enable or install a firewall

    If you do not run a firewall, download one. This also applies to using Microsoft's built-in firewall with Windows XP SP-2. The problem with the built-in firewall is that it only monitors what tries to get in, anything that is already in your system, can dial out. So if you have a Trojan that steals passwords, the passwords can be sent out... Of course this can also happen to your financial data, or social security number, etc. So a, so called, one-way firewall is not good! Use a good firewall like Sygate Personal Firewall or ZoneLabs Zone Alarm.


    Using Windows Update to get the latest Windows security updates.

    One thing which is often overlooked in getting you computer secure is updating all the security patches that Microsoft has for Windows and Internet Explorer. There is only one caveat... If you are not running Windows XP SP-2, do NOT update to it!!! The update is known to be faulty when there is malware present on your system. This can render your computer system unstartable! So, in short, get all updates you can apart from SP-2!

    This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. You may need to do this more than once.


    Download HijackThis and create a log

    [​IMG] Download HijackThis from the following download location:

    HijackThis Download Link


    Start HijackThis, and click on the Do a system scan and save a logfile button.

    HijackThis will scan your system, and after it is done, Notepad will open with the log in it. In the Notepad window, click on the Edit menu and then click on the Select All menu option. All the text should now be highlighted.

    Click again on the Edit menu but this time click on the Copy menu option.

    Now click on the following link to start creating a new topic HijackThis forum:

    Finally, Post a HijackThis log here.
    2 people like this.
  6. momok

    momok Newcomer, in training Posts: 2,272

    Hi

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.
    The logs will enable us to understand more about the problems on your system.

    PS. Gd work Nuradonai. Though, in the future you can shorten your post by using the link in my signature. Its a comprehensive guide in our forums for Viruses/Spyware/Malware, preliminary removal instructions. =)


    Regards,
    Your friendly Momok =)
  7. Nuradonai

    Nuradonai Newcomer, in training

    Mom, you're 1337ness has been conceded.
  8. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    I would buy or borrow Service Pack 2 on disc if you need SP2
  9. Katana

    Katana Newcomer, in training Topic Starter Posts: 36

    Okay I ran the "Do a system scan and save a logfile" task and here is the text document that was created:
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    You`re running an outdated version of HijackThis and have not renamed it.

    Please see the instructions HERE and post a fresh HJT log as an attachment.

    Regards Howard :)
  11. Katana

    Katana Newcomer, in training Topic Starter Posts: 36

    Sorry about that! I didn't realize that there was such specific rules on the HJT program...I'll follow the rules you sent me!
  12. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.
    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the following file path's you need to enter:
    C:\WINDOWS\system32\sstqp.dll
    C:\WINDOWS\SYSTEM32\efccbab.dll


    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.


    After you are done, please post a fresh HJT, C:\vundofix.txt, AVG Antispyware log from normal mode as an attachment into this thread.

    For AVG Antispyware instructions please see HERE.


    Regards,
    Your friendly Momok =)
  13. Katana

    Katana Newcomer, in training Topic Starter Posts: 36

    My thanks x1000 it seems to have worked. My system cpu is staying at 0 now, no more lags. Just in case, I will post the HJT file again like you requested.

    Again, my thanks!
     
  14. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Well done, your HJT log is now clean.

    Have HJT fix these entries.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    O2 - BHO: (no name) - {1D531771-1AD5-4F27-87A2-6980501F9703} - C:\WINDOWS\system32\efccbab.dll (file missing)

    O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\uwrrjvtd.dll (file missing)

    O2 - BHO: (no name) - {A08E8CF9-1810-412E-A19A-A6BAF1889613} - C:\WINDOWS\system32\sstqp.dll (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Katana only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.