please help, not sure where to go with this!!!

Status
Not open for further replies.
S

squiddly

Posts: 7   +0
Hi all,
i really need help with my laptop. I'm connected on a LAN, and its normally fairly fast, and didn't have problems with it before. But in the last few days, if i try to enter certin sites such as bebo, wikipedia, photobox, etc, it comes up with loads of weird script, an example is "x?콙v۸?ϝ?@?ɖc??;^yǶ֛Iڧvw枾??$Ɯ.˚壦i??ছ霜3?'1?U?P Б?弥[d?ώ9}?Ӽ?}f?/._?~s?G첡a꥞rߴ_~0??Ȳ?尹=???y?c?ˡ???uބ~?w?ﯯ"...... and it goes on like that for a whole page!!! what is it?
Also sites like YouTube won't play the videos and I've noticed that its slowed down slightly.
Any ideas as to what the problem is and how i can fix it?
would really appreciate it! Thanks!
 
Hello and welcome to Techspot.

I agree with N1Hawk, you may be infected with something nasty.

Rather than go through a load of instructions, let`s see if your system is clean or not.

Go and read this thread HERE, then post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
heya, thanks a mil for all the help. I ran the scanners and downloaded all the other programs. it got rid of a fair bit of rubbish, but i'm still having the script errors and youtube still causes IE to stop responding after a few seconds of video! how can i fix this? I'm attaching the log from hijackthis too.
 
Unfortunately, your system is infected with several nasties.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :)


This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Can you please tell me what this programme is and did you install it yourself?

C:\Program Files\Power Manager\PM.exe


Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

upnp.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [np] c:\windows\system32\upnp.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYIE

O15 - Trusted Zone: *.moove.com

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0 .0.15.cab

O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O20 - Winlogon Notify: uservmem - C:\WINDOWS\SYSTEM32\uservmem.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\windows\system32\upnp.exe

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINDOWS\SYSTEM32\uservmem.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hiya, done all of that, and it seems to have fixed it! youtube working normally again, most of the scripting errors on previously affected sites are fine (with exception of wikipedia) and system is much quicker.
Thank you so much for all the help, absolutely invaluble, and would be lost without it!
Here's the fresh log also.
 
I`d still like to see a fresh HJT log.

Also, I did ask you what this programme was. C:\Program Files\Power Manager\PM.exe

Regards Howard :)

This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
haven't a clue what te power manager is, should i get rid of it? It doesn't sound familiar.

here's the log, i mustn't have attached it properly before.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Power Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

PM.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Power Manager<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

The HJT log you posted is not a full HJT log, please post a fresh HJT log.

Regards Howard :)

Edit: I`ve just seen your HJT log from your post#8. it appears you`re still running HijackThis.exe and not HijackThis1991.exe. Please rename HijackThis.exe as per these instructions.

This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

Have HJT fix the following inactive entry.

O20 - Winlogon Notify: uservmem - uservmem.dll (file missing)

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of squiddly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

midian182
Fire Ants live up to their name by invading PC and eating thermal paste, raising system...
Replies
6
Views
223
Hotlynx16
H
midian182
The hidden hazards of bargain PSUs: a case packed with iron filings
Replies
12
Views
402
fb020997
fb020997
yRaz
Opinion: AI is a lot closer to being conscious than many people predict and we need to talk about that.
Replies
0
Views
1K
yRaz
yRaz

Latest posts

Back