TechSpot

please help, not sure where to go with this!!!

By squiddly
Dec 2, 2006
  1. Hi all,
    i really need help with my laptop. I'm connected on a LAN, and its normally fairly fast, and didn't have problems with it before. But in the last few days, if i try to enter certin sites such as bebo, wikipedia, photobox, etc, it comes up with loads of weird script, an example is "x?콙v۸?ϝ?@?ɖc??;^yǶ֛Iڧvw枾??$Ɯ.˚壦i??ছ霜3?'1?U?P Б?弥[d?ώ9}?Ӽ?}f?/._?~s?G첡a꥞rߴ_~0??Ȳ?尹=???y?c?ˡ???uބ~?w?ﯯ"...... and it goes on like that for a whole page!!! what is it?
    Also sites like YouTube won't play the videos and I've noticed that its slowed down slightly.
    Any ideas as to what the problem is and how i can fix it?
    would really appreciate it! Thanks!
     
  2. N1Hawk

    N1Hawk TS Rookie Posts: 222

  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I agree with N1Hawk, you may be infected with something nasty.

    Rather than go through a load of instructions, let`s see if your system is clean or not.

    Go and read this thread HERE, then post a HJT log as an attachment into this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. squiddly

    squiddly TS Rookie Topic Starter

    heya, thanks a mil for all the help. I ran the scanners and downloaded all the other programs. it got rid of a fair bit of rubbish, but i'm still having the script errors and youtube still causes IE to stop responding after a few seconds of video! how can i fix this? I'm attaching the log from hijackthis too.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Unfortunately, your system is infected with several nasties.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :)


    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. squiddly

    squiddly TS Rookie Topic Starter

    okay, done those although the tools didn't really work. here are the fresh logs.
    Thanks again
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Can you please tell me what this programme is and did you install it yourself?

    C:\Program Files\Power Manager\PM.exe


    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    upnp.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [np] c:\windows\system32\upnp.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYIE

    O15 - Trusted Zone: *.moove.com

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0 .0.15.cab

    O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab

    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

    O20 - Winlogon Notify: uservmem - C:\WINDOWS\SYSTEM32\uservmem.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    c:\windows\system32\upnp.exe

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\uservmem.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. squiddly

    squiddly TS Rookie Topic Starter

    hiya, done all of that, and it seems to have fixed it! youtube working normally again, most of the scripting errors on previously affected sites are fine (with exception of wikipedia) and system is much quicker.
    Thank you so much for all the help, absolutely invaluble, and would be lost without it!
    Here's the fresh log also.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`d still like to see a fresh HJT log.

    Also, I did ask you what this programme was. C:\Program Files\Power Manager\PM.exe

    Regards Howard :)

    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. squiddly

    squiddly TS Rookie Topic Starter

    haven't a clue what te power manager is, should i get rid of it? It doesn't sound familiar.

    here's the log, i mustn't have attached it properly before.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Power Manager

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    PM.exe

    Close task manager.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Power Manager<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    The HJT log you posted is not a full HJT log, please post a fresh HJT log.

    Regards Howard :)

    Edit: I`ve just seen your HJT log from your post#8. it appears you`re still running HijackThis.exe and not HijackThis1991.exe. Please rename HijackThis.exe as per these instructions.

    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. squiddly

    squiddly TS Rookie Topic Starter

    ok, got rid of power manager no prob. i renamed HJT and ran a scan so here's the log:
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Have HJT fix the following inactive entry.

    O20 - Winlogon Notify: uservmem - uservmem.dll (file missing)

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. squiddly

    squiddly TS Rookie Topic Starter

    okay, done that, and everything back to normal. Thanks once again for all your help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...