TechSpot

Malware's Got Me by the Nads

By Deep2
Feb 16, 2008
  1. Tried multiple anti-virus and anti-malware tools, paid and free, and still I keep getting hit with one nasty.
     
  2. tuant

    tuant TS Booster Posts: 201

    Allow your computer to view hidden files. Delete all temp. files (disk cleanup). Restart your machine in safe mode and run full system scan.

    Is there a specific name of the malware or trojan you having issues with? It would make it a lot easier to troubleshoot if we know what it is that were trying to get rid of. Often there are procedures and certain methods for a particular trojan
     
  3. Deep2

    Deep2 TS Rookie Topic Starter

    Here is the detail...

    Sorry - when doing my first entry it looked like the file attachment was a second step in the process and I clicked submit too soon.....

    I've attached a 'Hijackthis log'

    Symptoms of the attack are:

    1. Windows pop-up message with:
    Header/Title: Windows Internet Explorer
    Content: Notice: Your computer has tracks of all adult sites you have visited. In most cases you... etc etc.

    2. Buffer overrun - often triggered when I close Windows Explorer, but not 100% consistant.

    3. 'winlogon.exe' process running, averaging about 5% CPU utilisation

    4. Various other windows messages that lead through to dodgy web sites offering antivurus software.

    5. Random opening of new browser windows

    6. Overall crapped system that runs horribly.

    Actions I've done to date to try and eradicate this thing are:

    1. Always had CA Antivirus running

    2. Since downloaded installed and run:
    - ParetoLogic Anti-Spyware (registered version - BTW, I'd consider it as rubbish software)
    - RegCure Registry Cleaner (from ParetoLogic, registered version)
    - Sunbelt Counterspy (free and fully functional for the first 13 days)
    - Spyware Doctor (as provided within the Google Pack)

    3. I already systematically went through and deleted all Temp files - I was unable to delete some

    4. Ran the above processes with network cable unplugged in case new things were coming in faster than existing were being dealt with.

    5. Removed 'Windows System Restore' for while, when trying to do all the above.


    What I haven't done:

    1. Do anything in Safe Mode.
     
  4. N3051M

    N3051M TS Evangelist Posts: 2,115

  5. kittengod094

    kittengod094 TS Rookie Posts: 24

    could you post the mem usage of those many svchosts.exe's that are running? just see htem though task manager. thanks. reason is I'm cunducting a somewhat study that those processes are the mainframe of these viruses. thanks again.
     
  6. Deep2

    Deep2 TS Rookie Topic Starter

    Here's the Log Files Etc

    Phew! That was no small feat. Here are the results:

    - 3 log files attached.
    - Panda Antiroot scan found nothing

    Note. I couldn't run Ad Aware personal se - while I was in safe mode and mid way through doing the set of scans it just came back as a broken file. I think I will need to reinstall it.

    Only been going a short time again now, but so far so good, with no real signs of problem yet. Only failure was AVG Antispyware locking my CPU at 100% on bootup. Possibly too many spyware tools, antivirus tool and firewall installed all at the same time?? I resorted to using Task Manager to kill that process.

    ....half an hour later, been surfing the Web and still no sign of the little vermin :)
     
  7. N3051M

    N3051M TS Evangelist Posts: 2,115

    you had a vturono infection.. but it looks clean to me.. although a second opinion can confirm this, since this isn't my field..

    just have these fixed in hjt...

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: vturono - vturono.dll (file missing)

    i don't know about this tho:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    tell us if you have any other symptoms again..

    Edit: before i forget, you should review your security programs now.. look at what you have and decide on what to keep. You should only have 1 firewall, then 1 active AV scanner (disable the resident scanner on the other if you want to keep both, up to you), and then whatever antispyware/adware programs you wish.. simply uninstall any others.. this will free resources back to you and also reduce chances of conflict.
     
  8. Deep2

    Deep2 TS Rookie Topic Starter

    Thanks Team

    Yep, a day later now and all is looking good. I'd already set about deleting all the additional virus/malware protection programs as my machine was largely rendered unusable.

    A giant thanks for you help. :)
     
  9. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    this is the AVG email scanning proxy -- LEAVE IT alone :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...