Malware's Got Me by the Nads
- Thread starter Deep2
- Start date
- Status
Allow your computer to view hidden files. Delete all temp. files (disk cleanup). Restart your machine in safe mode and run full system scan.
Is there a specific name of the malware or trojan you having issues with? It would make it a lot easier to troubleshoot if we know what it is that were trying to get rid of. Often there are procedures and certain methods for a particular trojan
Is there a specific name of the malware or trojan you having issues with? It would make it a lot easier to troubleshoot if we know what it is that were trying to get rid of. Often there are procedures and certain methods for a particular trojan
Here is the detail...
Sorry - when doing my first entry it looked like the file attachment was a second step in the process and I clicked submit too soon.....
I've attached a 'Hijackthis log'
Symptoms of the attack are:
1. Windows pop-up message with:
Header/Title: Windows Internet Explorer
Content: Notice: Your computer has tracks of all adult sites you have visited. In most cases you... etc etc.
2. Buffer overrun - often triggered when I close Windows Explorer, but not 100% consistant.
3. 'winlogon.exe' process running, averaging about 5% CPU utilisation
4. Various other windows messages that lead through to dodgy web sites offering antivurus software.
5. Random opening of new browser windows
6. Overall crapped system that runs horribly.
Actions I've done to date to try and eradicate this thing are:
1. Always had CA Antivirus running
2. Since downloaded installed and run:
- ParetoLogic Anti-Spyware (registered version - BTW, I'd consider it as rubbish software)
- RegCure Registry Cleaner (from ParetoLogic, registered version)
- Sunbelt Counterspy (free and fully functional for the first 13 days)
- Spyware Doctor (as provided within the Google Pack)
3. I already systematically went through and deleted all Temp files - I was unable to delete some
4. Ran the above processes with network cable unplugged in case new things were coming in faster than existing were being dealt with.
5. Removed 'Windows System Restore' for while, when trying to do all the above.
What I haven't done:
1. Do anything in Safe Mode.
Sorry - when doing my first entry it looked like the file attachment was a second step in the process and I clicked submit too soon.....
I've attached a 'Hijackthis log'
Symptoms of the attack are:
1. Windows pop-up message with:
Header/Title: Windows Internet Explorer
Content: Notice: Your computer has tracks of all adult sites you have visited. In most cases you... etc etc.
2. Buffer overrun - often triggered when I close Windows Explorer, but not 100% consistant.
3. 'winlogon.exe' process running, averaging about 5% CPU utilisation
4. Various other windows messages that lead through to dodgy web sites offering antivurus software.
5. Random opening of new browser windows
6. Overall crapped system that runs horribly.
Actions I've done to date to try and eradicate this thing are:
1. Always had CA Antivirus running
2. Since downloaded installed and run:
- ParetoLogic Anti-Spyware (registered version - BTW, I'd consider it as rubbish software)
- RegCure Registry Cleaner (from ParetoLogic, registered version)
- Sunbelt Counterspy (free and fully functional for the first 13 days)
- Spyware Doctor (as provided within the Google Pack)
3. I already systematically went through and deleted all Temp files - I was unable to delete some
4. Ran the above processes with network cable unplugged in case new things were coming in faster than existing were being dealt with.
5. Removed 'Windows System Restore' for while, when trying to do all the above.
What I haven't done:
1. Do anything in Safe Mode.
N3051M
Posts: 2,094 +3
have a read of this first, try and follow the instructions..
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
then repost the hjt log as well as any other requested items for review..
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
then repost the hjt log as well as any other requested items for review..
kittengod094
Posts: 24 +0
could you post the mem usage of those many svchosts.exe's that are running? just see htem though task manager. thanks. reason is I'm cunducting a somewhat study that those processes are the mainframe of these viruses. thanks again.
Here's the Log Files Etc
Phew! That was no small feat. Here are the results:
- 3 log files attached.
- Panda Antiroot scan found nothing
Note. I couldn't run Ad Aware personal se - while I was in safe mode and mid way through doing the set of scans it just came back as a broken file. I think I will need to reinstall it.
Only been going a short time again now, but so far so good, with no real signs of problem yet. Only failure was AVG Antispyware locking my CPU at 100% on bootup. Possibly too many spyware tools, antivirus tool and firewall installed all at the same time?? I resorted to using Task Manager to kill that process.
....half an hour later, been surfing the Web and still no sign of the little vermin
Phew! That was no small feat. Here are the results:
- 3 log files attached.
- Panda Antiroot scan found nothing
Note. I couldn't run Ad Aware personal se - while I was in safe mode and mid way through doing the set of scans it just came back as a broken file. I think I will need to reinstall it.
Only been going a short time again now, but so far so good, with no real signs of problem yet. Only failure was AVG Antispyware locking my CPU at 100% on bootup. Possibly too many spyware tools, antivirus tool and firewall installed all at the same time?? I resorted to using Task Manager to kill that process.
....half an hour later, been surfing the Web and still no sign of the little vermin
N3051M
Posts: 2,094 +3
you had a vturono infection.. but it looks clean to me.. although a second opinion can confirm this, since this isn't my field..
just have these fixed in hjt...
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: vturono - vturono.dll (file missing)
i don't know about this tho:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
tell us if you have any other symptoms again..
Edit: before i forget, you should review your security programs now.. look at what you have and decide on what to keep. You should only have 1 firewall, then 1 active AV scanner (disable the resident scanner on the other if you want to keep both, up to you), and then whatever antispyware/adware programs you wish.. simply uninstall any others.. this will free resources back to you and also reduce chances of conflict.
just have these fixed in hjt...
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: vturono - vturono.dll (file missing)
i don't know about this tho:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
tell us if you have any other symptoms again..
Edit: before i forget, you should review your security programs now.. look at what you have and decide on what to keep. You should only have 1 firewall, then 1 active AV scanner (disable the resident scanner on the other if you want to keep both, up to you), and then whatever antispyware/adware programs you wish.. simply uninstall any others.. this will free resources back to you and also reduce chances of conflict.
D
DelJo63
this is the AVG email scanning proxy -- LEAVE IT alone
- Status
Similar threads
