TechSpot

Think I have a virus...

By andehpandeh
May 25, 2007
  1. Hey, I know you get this all the time...
    Basically, the computer freezes every so often, and has been running quite slow, I'm just a little suspicious because svchost.exe and explorer.exe are running at really high rates...

    If you could just help fix it I'd be so glad. :)

    Ok, here's my hijack this log:

    Please help! :)

    AndehPandeh
     
  2. MMDominator88

    MMDominator88 TS Rookie Posts: 152

    Do you ever use Google Toolbar ??? because if not, you should remove it because it can be vulnerable to spyware/malware, etc.

    and if your svchost.exe is at really high rates, see if you have windows automatic update turned on, and if you do...go to the windows update page and go to the options tab on the left, scroll down and disable the "Microsoft" updates, but leave the automatic updating "ON" and see if your svchost.exe process starts using less CPU
     
  3. Mekaonija

    Mekaonija TS Enthusiast Posts: 129

    Well i'm no Hopkins, but i think, THINK, that you can get rid of this
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    but I don't think thats your problem.
     
  4. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Please do not fix the O2 entry. It is part of a crucial startup process for SpyBot search and destroy which will protect your system.

    Also, please do not not copy and paste logs in the future.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    ntlide3

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    cmd.exe

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

    Close HJT.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs. You can download the utilities from the links in my signature.


    Regards,
    Your friendly Momok =)

    This thread is for the use of andehpandeh only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. andehpandeh

    andehpandeh TS Rookie Topic Starter Posts: 16

    Thanks Guys

    I've turned automatic updates off, thanks :)

    To momok...

    Thanks, I couldn't see an ntlide3 or cmd.exe in either safe mode or normal...

    And I deleted O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe etc.. (and 20)

    There was no 19.

    Hope this is ok!

    AndehPandeh
     
  6. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Please post the 3 requested logs as attachments. Thanks.


    Regards,
    Your friendly Momok =)

    This thread is for the use of andehpandeh only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. andehpandeh

    andehpandeh TS Rookie Topic Starter Posts: 16

    Logs

    Here are my logs, as requested. :)

    HJT, Combofix and AVG Anti-Spyware.

    AndehPandeh
     
  8. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\VundoFix Backups
    C:\WINDOWS.0\system32\rqtss.bak1

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of andehpandeh only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. andehpandeh

    andehpandeh TS Rookie Topic Starter Posts: 16

    Third Time Lucky :)

    Here are my new fresh logs.

    AndehPandeh
     
  10. momok

    momok TS Rookie Posts: 2,272

    Very good.
    Your logs look very clean now. =)

    Delete all files in AVG Antispyware Quarantine folder.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of andehpandeh only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. andehpandeh

    andehpandeh TS Rookie Topic Starter Posts: 16

    Thanks very, very much Momok!

    AndehPandeh
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.