TechSpot

Major Issues

By SwimChao
Aug 10, 2008
  1. Im a complete and udder newb to the world of computer buisness. I've used a computer all my life, but never had to deal with any major problems.

    Recently I've noticed some problems with my PC, IE: Random files in the startup programs, two days ago I couldn't goto certain websites (Once I moved a file I thought was suspicious it was fixed..), I cannot run system restore and biggest of all -- I cannot run safe mode. When I try to run it, it goes down a big list of stuff, that I assumed was loading, and then the computer reboots. It then eventually goes to the starting modes screen again, and says something like "The startup failed due to the power button being pressed or the power cord being removed.." and none of that happened. :X

    I've done scans with Spybot S&D and Ad-Aware. I can't get Avast! installed this time around (I've used it in the past just to make sure things were clean, free trial versions) for some reason, it says something along the lines of "There's an error and can't install". As for what happened with Spybot and Ad-Aware... They picked up alot of Malware and such not, Spybot picked up ALOT of "Trojans" and "TrojansC", I know what a Trojan is.. kind of. But not a TrojanC. I let Spybot handle this and alot of the signs I saw seemed to stop.. Though my computer is still running sluggishly. I fear that the problem is still there, as I still can't run my computer in safe mode. (As I said.. Im a newb, laugh at this: I haven't defragged in 6 years of this computer's life) As it was suggested from a friend I defragment the computer in there.

    Please, I don't know what else to say. This is sort of a last resort -- I don't have installation discs and junk so I want to avoid a harddrive reformat for the time being.

    Edit: On another side note, I've noticed the name virtumonde used alot. When I ran ad-aware, like.. 5 of the files found were labelled that. Also, when Im running my scan I notice it goes through a thing of files called 'virtumonde.dll' or something like that.
     
  2. jobeard

    jobeard TS Ambassador Posts: 13,516   +336

    NOT, don't defrag (yet). Let's prune the cruff out of the system first and when all is
    well, THEN defrag.

    When you get to that point, run CHKDSK /F from the command prompt before attempting any/all defrags in the future.

    Q? Is Safe Mode a user "don't know how" or the system will not issue?
    Safe mode: boot the system and as soon as anything starts to appear on the screen,
    start tapping F8 abount every second. A VGA screen should appear and you can use the Arrow keys to navigate to Safe Mode and then login as the Administrator.
     
  3. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    I've gone through the right process in opening safe mode multiple times, tapping F8, going to the black and white screen. But once I click the "Safe Mode" one, it goes and reboots (What appears to be starting up) then I hear the click of the sound off in the PC quietly, then the beep and it restarts and goes to the same screen again. With the message I re-added in my first post a few minutes after I posted it.

    On a side note, I researched the virtumonde thingy a little bit and almost ALL of the symptons on there match up with what goes on with the computer. So I'm making an assumption with what I've experienced and what it says, that that is what I have.
     
  4. jobeard

    jobeard TS Ambassador Posts: 13,516   +336

  5. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    As said, all symptoms fit and all of what it says here fit.

    Should I be using the link that it has in there? "FREE SpyHunter Spyware Detection Tool"?

    I don't want to make any mistakes here and want to move quickly, so I'm doing double checks and what not to HOPE it works properly.
     
  6. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    I'm not sure if I was supposed to, but I did download the spyhunter thing..

    It did the scan, and now it's making me 'register' or some nonsense so that I can do the removal process.

    Im uneasy on the situation, anyone around to give it the OK or the No! Don't do that!?

    Please?
     
  7. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    I ran a program a friend found called VundoFix

    I think it may have handled THAT problem, I have yet to check if I can use Safe Mode yet. Does anyone have any theories on why? Or know of reasons why that's happened before?

    Thanks,
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You don't use a resident antivirus program. Your spyware/adware programs are picking up multiple infections. I very strongly suggest that you go through the malware cleaning, beginning with Step 1, posting the appropriate logs as attachments. Then the system can be cleaned as a whole, not in pieces and maybe you can get rid of all the malware. Don't obsess on just Virtumonde- chances are good that you have other malware also.

    Start here: New malware cleaning instructions from TechSpot:

    http://www.techspot.com/vb/post645589-1.html
     
  9. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    I did investigate further and am going to post my reports after I scan.

    Im not extraordinarily good at this. So Im doing my best to keep up, I'm going through the scans as well.
     
  10. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    I've done alot of scans and cleans and such.

    Im to the point where I should be going into safe mode.. But Im still having the same problem.

    I goto the screen after tapping F8 and click "Safe Mode". It begins to start up, then reboots and takes me to a new screen (Somewhat the same) where it says things in three different portions about how it couldn't start.

    (Example:

    There's a few lines of text here about how it may be caused by software or hardware.

    Then after a spot is skipped, there's lines about another way it may have happened.

    Then again like before, here it says that it could have been the power button or cord being unplugged

    then here it has the commands :

    Safe Modes, etc)

    I'm attaching my current logs, because I don't know what else to do.

    Someone, please give me a hand.. ASAP.
    Thanks, Adam
     
  11. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    After a long night of trying to fix Avast! I was able to get all my viruses (I think) in the chest. I want an okay on wether or not I should remove them/delete them or what.

    Someone please give me a shout ASAP so I can hopefully finish this.

    -- And tell me HOW to do that. (Is it the "Delete" command? Because it just says that's Delete from chest on the info bar on the bottom when I hover my mouse over it)
     
     
  12. jobeard

    jobeard TS Ambassador Posts: 13,516   +336

  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please don't so any more to your system. It is not in good shape. I will ask that someone go though your logs ASAP.
     
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Hi my name is xxdanielxx I will be helping you get clean but first read the link below and let me know if you want to fix your problem or just reinstall windows

    http://www.techspot.com/vb/topic65943.html

    You have a very bad infections of cool web search and others please advice on what you want to do
     
  15. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Regardless of what has been said here (Despite it was said after I had done it)
    Throughout the night I ran avast! boot scan. It quarantined alot alot alot of files. I wondered what to do with them.


    Hello, Daniel. Currently I want to try and clean this computer as much as I can. I only use it for leisure purpouses, and I don't have discs to reinstall windows.

    I apologize in advance/past. I'm an extremely impatient person, and get itchy sitting and waiting. So I tend to throw things and make my own decisions. As I said, Avast! quarantined a bunch of things, 56 total infections were picked up and put in the chest.

    Hey Bob, I didn't see your post. What exactly do you mean, and what is backweb going to be/trying to be explained as?
     
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Ok thats all I needed to know lets get to work


    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

    You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

    Download about:buster by RubbeRDuckY Here.
    Download CWShredder Here.
    Download Sp.html-Se.dll Hijack Fix 9xBeta 9 Here.
    Download and install CleanUp! Here

    Save all of these files somewhere you will remember like to the Desktop.

    Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

    Run the CleanUp! installer. You dont need to do anything with it right now.

    Unzip About:Buster
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.

    Update CWShredder
    • Open CWShredder and click I AGREE
    • Click Check For Update
    • Close CWShredder

    Boot into Safe Mode:
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please run about:buster by RubbeRDuckY:
    • Click Begin Removal to allow AboutBuster to scan for Alternate Data Streams.
    • Click Yes to allow it to shutdown explorer.exe.
    • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
    • Reboot your computer into safe mode again

    Run about:buster again following the same instructions as above, this time without the restart at the end

    Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

    Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

    Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

    Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

    After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
     
  17. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Daniel, What am I doing about all these files Avast! has quarantined in the chest..?
    As we speak, I am downloading the tools. Despite the fact after Avast! did it's thing, I can already notice increase in the performance of my computer, close to-if not that of what it was before.
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    go ahead and remove them
     
  19. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Daniel, I was wondering about my previously asked question: Do you know if the delete function in the chest will remove them entirely from my computer or just remove them from the chest?
     
  20. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    again go ahead and remove them
     
  21. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Daniel, I have used the delete function in Avast! Virus Chest.

    I looked up what you said the problem might be, I've never had a problem with my webpage changing. I've had occasional popups, but not many, especially not since I've gone through so many cleans and scans (Not sure if they worked or not). My system has only been noticeably sluggish since my browser locked up for certain sites a couple days ago, but that problem was removed.

    Should I continue to go ahead and follow the instructions you left?

    Sorry for asking so many questions!
     
  22. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Ok we can take a different approach first post a fresh hijackthis log
     
  23. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Daniel, I wasn't trying to sound hostile in anyway. My apologies.

    I will follow the steps you gave me and report back with what you said to report back with.
     
  24. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Lets take a different route post a fresh hijackthis log we may be able to take care of it if not then lets go to that step
     
  25. SwimChao

    SwimChao TS Rookie Topic Starter Posts: 106

    Daniel, I looked over the log but didn't compare it. I'll leave it to the expert, I don't know what I'm sticking my nose in.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.