PC Infected
- Thread starter jlashto
- Start date
- Status
Spyder_1386
Posts: 465 +0
That doesn't really tell us much. What happened when it "siezed up"? Did it just shut down? Did it give you a BSOD (Blue Screen Of Death)? Did it freeze? Also, what were u doing when it first started seizing up? Are you able to reload windows? At what point after restart does it sieze up again?
Just try giving us any information that we could use to help you out....
Spyder_1386
Sorry about that. The browser would go where it wanted to go and not were I wanted it to go. I had a boat load of pop ups. When I attempted to do a search it always went to the same websites and not my normall search results. All of a sudden the computer just slowed to a crawl. It took a long time just get the logs but after wards my system is running better. It appears to be cleaned up but my avg still picks up a trojan when I run it. I'm not sure if it's totally clean. I don't know enough about viruses and trojans so that's why I'm asking for help.
Also I all of a sudden had a lot of programs (gaming, advertising, dating, anti spyware, etc) that I didn't download. But I think the initial scans cleaned that stuff up. I also deleted alot of it.
Also I all of a sudden had a lot of programs (gaming, advertising, dating, anti spyware, etc) that I didn't download. But I think the initial scans cleaned that stuff up. I also deleted alot of it.
Holy Moley!
Tells me a lot!! If you were a dog you would be eat up with Mange! Might not make it to the Vet!
But excellent job on the cleanups.
Wow for sure you need to UPPDATE and run both MBAM and SAS as they will find more that the first runs did not finish or exposed that it did not even see the first run.
So run them both again FULL Scans and post the logs.
Mike
EDIT:
Run HJT Scan only remove the below
O4 - HKUS\S-1-5-19\..\Run: [kezedanuba] Rundll32.exe "C:\WINDOWS\system32\zidopuli.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kezedanuba] Rundll32.exe "C:\WINDOWS\system32\johakehe.dll",s (User 'NETWORK SERVICE')
Tells me a lot!! If you were a dog you would be eat up with Mange! Might not make it to the Vet!
But excellent job on the cleanups.
Wow for sure you need to UPPDATE and run both MBAM and SAS as they will find more that the first runs did not finish or exposed that it did not even see the first run.
So run them both again FULL Scans and post the logs.
Mike
EDIT:
Run HJT Scan only remove the below
O4 - HKUS\S-1-5-19\..\Run: [kezedanuba] Rundll32.exe "C:\WINDOWS\system32\zidopuli.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kezedanuba] Rundll32.exe "C:\WINDOWS\system32\johakehe.dll",s (User 'NETWORK SERVICE')
@Spyder_1386 please read here:
Important Topic (please read) Special governing rules for the Virus & Malware removal board
@jlashto please do the following:
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Run Startup Control Panel and remove any not required startups: (should be most!)
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
Edit:
Oh mflynn just replied
Important Topic (please read) Special governing rules for the Virus & Malware removal board
@jlashto please do the following:
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Run Startup Control Panel and remove any not required startups: (should be most!)
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
Edit:
Oh mflynn just replied
Sorry It took me a while to get back. But I've attached the additional logs and I've ran HJT and removed the 2 lines. I also removed AVG, killed quite a bit of startups that didn't need to startup, installed and ran Avira, updated and ran Malwarebytes. I'm running faster but I can't tell if I'm free of the junk yet.
You will need to start Malwarebytes up again, and update it (you should see the update button)
Then run another full scan
You can also re-open HJT Scan and tick the following "file missing" entries
Then select Fix:
Then download Combofix
Lots of info on its use h e r e
Direct download h e r e
Double click on it to run, answering any prompts along the way (including updating if required)
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log and new HJT log and the Malwarebytes log
Then run another full scan
You can also re-open HJT Scan and tick the following "file missing" entries
Then select Fix:
Then download Combofix
Lots of info on its use h e r e
Direct download h e r e
Double click on it to run, answering any prompts along the way (including updating if required)
Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
Once Combofix has finished, save the log file to be attached to a new reply
Restart back to Normal mode, and attach the Combofix log and new HJT log and the Malwarebytes log
Oh yes I second that on ComboFix! Those are some bad boys and plenty of them.
You also should do another Updated SAS Quick scan and select the tracking cookies for removal.
I advise after the new Combofix log is posted that in addition to the SAS above that you run Updated MBAM Quick scan once more as the ComboFix may have exposed more that MBAM can now see.
Mike
You also should do another Updated SAS Quick scan and select the tracking cookies for removal.
I advise after the new Combofix log is posted that in addition to the SAS above that you run Updated MBAM Quick scan once more as the ComboFix may have exposed more that MBAM can now see.
Mike
Please un-install CA Internet Security Suite (if found in Add\Remove Programs list)
And uninstall Symantec (Norton) Antivirus (if found in Add\Remove Programs list)
Then run the Norton Removal tool (either way )
Restart, and provide a new HJT scan log
And uninstall Symantec (Norton) Antivirus (if found in Add\Remove Programs list)
Then run the Norton Removal tool (either way
)Restart, and provide a new HJT scan log
Good morning
Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt.
Also give us a rundown on how computer is running to this point.
Mike
Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt.
Code:
@echo off
rd /s /q "c:\program files\temp01"
exit
exitAlso give us a rundown on how computer is running to this point.
Mike
It was to delete a bad Folder left from Malware!
Good job!
Go with peace and love!
Thread closing-------------------------------------------------------------------
Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.
Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.
If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.
-------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
Every two weeks or so, run MBAM and SAS until clean.
They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.
If they find something they can not clean, then get back to us.
Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to be used with and to co-exist with other Virus scanners.
Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.
It's like looking at it with 2 sets of eyes and from a different angle.
It works like some Firewalls do to learn what is good/bad.
After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.
As it queries you about the prompt to help you determine to approve or not you can google it with one click.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html
Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.
A Disk Scan (chkdsk) and Defrag are in order.
Mike
Good job!
Go with peace and love!
Thread closing-------------------------------------------------------------------
Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.
Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.
If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.
-------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
Every two weeks or so, run MBAM and SAS until clean.
They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.
If they find something they can not clean, then get back to us.
Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to be used with and to co-exist with other Virus scanners.
Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.
It's like looking at it with 2 sets of eyes and from a different angle.
It works like some Firewalls do to learn what is good/bad.
After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.
As it queries you about the prompt to help you determine to approve or not you can google it with one click.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html
Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.
A Disk Scan (chkdsk) and Defrag are in order.
Mike
- Status
Similar threads
Latest posts
-
How to build a Wii the size of a deck of cards- Daniel Sims replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
