Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Laptop slow, full of trojans
|
|||||||
 |
|
Thread Tools |
|
#1
10-12-2008
|
|||
|
|||
|
Laptop slow, full of trojans
So my friends new laptop is moving at a crawl. I'm trying to help him but I can't seem to clean it all up.
It's running Vista Premium and when booted into normal mode, it runs real slow and the task manager shows that 800mb of the 1gb of ram is being used (from startup!). But the task manager also shows no programs sucking up that much ram, there seems to be something hidden using up half a gig somewhere and I can't get rid of it! After numerous scans I've found many instances of Trojan.Vundo and Trojan.Zlob but the ram is still be used up! I've ran Ccleaner, Vundofix (didn't find anything), ATFcleaner, Malwarebytes' Anti-Malware (found over 20 infected areas from the trojans), and am running spybot now and have dowloaded SuperAntispyware and will run that afterwards as well. I just noticed that the Java is out of date and will update that as soon as S&D is done and I boot back into normal mode. Last time I booted into normal mode after all these scans, it still had the ram used up even though it looked like the vundo trojan files hadn't started back up. What else can be back there? I'll upload the HijackThis log. Thanks! 
|
|
#2
10-12-2008
|
||||
|
||||
|
Try This website
http://hjt.networktechs.com/parse.php
If you will take the log you provided and paste it at this website (go throught 'parse' process following the directions) it will show you some of what is currently running on your computer. It will also provide information of other processes found on your system. If you will take a look at this webiste this is where you can download a 'startup control panel' which also is helpful in diagnosing start-up issues with your sytem. http://www.mlin.net/StartupCPL.shtml Regards.
|
| You can remove this banner by registering, join the TS Community for free. |
|
|
|
|
#3
10-12-2008
|
|||
|
|||
|
Hey Bill!
I've been using hjt for a while now and I didn't know about that site, pretty cool. I'll boot up the laptop and parse the log and post it soon. I use codestuff starter to view processes and control startup files, is startupcpl better or the same? thanks!
|
|
#4
10-12-2008
|
||||
|
||||
|
I would recommend for you to upgrad vista to SP1 then run hijackthis under normal mode. Make sure to right click and select run as admin. then attach the log here
|
|
#5
10-12-2008
|
|||
|
|||
|
I'll give it a shot but I've tried to update to sp1 twice already and it's hung up at the end of the install both times. Also, whenever I tried to run spybot, it stops with an error message, "not enough storage is available to process this command".
so I'll boot it up, post the parse and then try to update sp1 again. Third times a charm right? right? anyone?  So here's my hijackthis parse: http://hjt.networktechs.com/parse.php?log=543390 It recommended getting rid of something called, "Gopher Prefix:" which is fine, was on my radar anyway. But then also red flaged what looks to be the windows sidebar. Am I seeing that right? Doesn't really matter, I've already disabled it since my friend doesn't use it anyway, but just seems odd. Your thoughts? thanks! Last edited by momok; 10-14-2008 at 01:25 AM.
|
|
#6
10-13-2008
|
|||
|
|||
|
I was trying to download sp1 and I kept getting warnings from comodo firewall (that I just installed) saying that a file "spclite.exe" was trying to access files and stuff. I uploaded a few screenshots if that helps. Problem is that since I started blocking it, sp1 hasn't downloaded, are they related?
If that file is needed to download sp1, why doesn't comodo recognize it? thanks guys.
|
|
#7
10-13-2008
|
||||
|
||||
|
Allow spclite to be run. Its essentially Vista SP 1 trying to install itself.
|
| You can remove this banner by registering, join the TS Community for free. |
|
|
|
|
#8
10-13-2008
|
|||
|
|||
|
ah, comodo didn't recognize it probably because it installs in a random folder on the C: each time. Got it. Thanks momok!
anyone's thoughts on the hjt? I'll get rid of the gopher thing but I'm not sure about the sidebar ones. Okay, I got rid of the 3 red flagged files on hjt that the website recommended and I haven't noticed a difference. I ran a panda online scan and it didn't find anything other then a tracking cookie. SP1 did install (thanks mamok) and I'm now downloading the newest updates. Thing is that it's still using up most of it's memory. The laptop has 1gb and it always hovers around 800mb nomatter what programs I have running. And from the task manager, I usually don't have more then a few hundred being used (plus whatever the system is using) which should put the usage probably not above 500mb or so. So there appears to be something still trying to make this machine sluggish. Does that make sense? When I first booted up the laptop I received 3 fake pop-ups warning me that the system was slow and that I should download their free antivirus software. I should have wrote down what they were called (something like rapid antivirus, etc.) but I haven't seen them since. Could that have anything to do with it? I'm running out of ideas... Last edited by momok; 10-14-2008 at 01:27 AM. Reason: don;t double post
|
|
#10
10-14-2008
|
|||
|
|||
|
Thoughts on the HJT -
Pick one security solution: Spybot Security center & McAfee appear to overlap on at least the AV protection and perhaps more. Actually, I have never called SpybotSD a security center - is this a fancy label or an upgrade package? You added firewall afterward. Sony / VAIO o23 services are mind boggling! That must be bloating things a bit.
|
|
#11
10-14-2008
|
|||
|
|||
|
Oh, sorry momok, I completely forgot to post those after doing the scans. The only one (Malwarebytes I think) that found anything supposedly cleaned out the trojans. I'll see if I can dig up the logs and post them.
I went through the 8 step and downloaded and ran the programs asked, I just only remembered that it asked for hjt log, I didn't mean any disrespect by not posting the others. I guess I just thought that I should do the scans, not that anyone wanted to see the actual results. Again, I am familiar with posting hjt logs and had not heard of people wanting others and though I read it, it just didn't click. to rf6647: I know, I don't much care for McAfee but it was on my friends computer so I didn't feel that I could uninstall it when I installed the other programs. I guess I probably should have disabled it, I'll look into that. And yes, Sony loads that thing with plenty of crap if you ask me! I know he doesn't use most of their programs so I'll talk to him and disable what I can. So I'll try to dig up those logs this afternoon and get back to you guys. Thanks for being willing and patient with me!
|
|
#12
10-14-2008
|
||||
|
||||
|
fuzmnky, if you're coming here for help with the malware problem, then this is where you post your logs, not on another site. You should also follow the sequence of cleaning and run the programs given.
Please begin with Step 1 here, complete the running of the programs, then attach all of the logs. NOTE: HijackThis is to be run after Maywarebytes and SuperAntispyware.
|
|
#13
10-14-2008
|
|||
|
|||
|
hi bobbye,
I'm sorry, I think I need to clarify for a second. I did not post logs on another site. I've not gone to any other sites for help with this laptop. This was and is my first stop whenever I have computer issues. Usually I find my answers in other posts without needing to post for any help myself. I saw the sticky when I first started searching for help here and I downloaded all the suggested programs and ran them. I was not familiar with needing to post virus scan logs, in my mind if the virus scanning program found any files needing to be deleted, it would flag them for me and tell me what to do. I was not aware that other people would be interested in the minute details. One did find those two trojans from my original post, I simply thought that was all the info needed from those scans. I apologize for not reading throughly enough to realize that I needed to post those logs as well. Again, I am sorry I didn't know that by not doing so I was wasting everyone's time. If you'd like a little back story, my buddy handed this to me the day I was leaving on a weekend vacation with my wife and she was not happy about it and I tried to minimize the time I spent on it. In retrospect I should've just told him next week but by the time I realized that it was going to take a lot of time, I had already posted here and was already getting advice and thought it rude to ignore it until I got home. So I was a little rushed at first and I again apologize. I was familiar with posting HijackThis logs, which is why I did so. Since HJT doesn't tell me what's bad I know that I would need help deciding what needed to go. I'll go back to the sticky and run through it again. I'll post all my results and not bother with the old logs since they probably don't matter anymore. If any of you are still willing to help me, I appreciate it!
|
|
#15
10-15-2008
|
|||
|
|||
|
thanks momok!
it took 3 hours but I finished the Malwarebytes scan. It came out clean, here's the log. I'll update SuperAntiSpyware and run that but I'm going to bed and will post that log first thing in the morning. I've already updated Java and I will do another hjt log after the sas scan is done. thanks!
|
|
#16
10-15-2008
|
||||
|
||||
|
Quote:
Your mban log is clean. IF you have Tracking Cookies on board, they ill show up in Superantispyware. That's also a good way for us to get some idea of sites that may be dropping the Cookies and we can give you help to limit what Cookies the system will accept. We like HijackThis run AFTER the other programs, because it shows any 'left over' entries that need to be removed. It's an orderly process that has been found to work in the best interest of the user with the problem.
|
|
#17
10-15-2008
|
|||
|
|||
|
Hey guys,
thanks for explaining that to me bobbye I had no idea that was not kosher! I've ran these scans so much, SAS only found one tracking cookie during this last pass. I ran a Panda scan the other day that cleaned 10 or so out. Here's the SAS log and then the HJT one I ran afterwards. ram is still running at over 800mb. Just weird.
|
|
#18
10-15-2008
|
|||||
|
|||||
|
Well, it's easy to see why so much RAM is being used! The system is running 4 antivirus programs: Avira, McAfee, Panda, Housecall and 2 firewalls: Comodo, McAfee.
Decide which you want and remove the others! Avira/Antivir: Quote:
Quote:
Quote:
Quote:
Quote:
I didn't see any malware in the log. Check you Cookie settings. Privacy> Advanced> CHECK 'override Cookie setting'> CHECK 'accept first party Cookies'> CHECK 'block third party Cookies'> Check 'allow per session Cookies'> OK> Apply> OK. That should bring the security level up.
|
|
#19
10-17-2008
|
|||
|
|||
|
Hey Bobbye! Alright, I'll give that a shot.
Though I may be mistaken but I think the ram issue was there before I started downloading these programs. And I even disabled McAfee's virus and firewall protection. Also Panda and TrendMicro are not stand alone programs on the laptop, but from their free online scans. After an online scan, do they run in the background? If so, that sucks. I'll keep McAfee since I think they have it paid for already. And since that comes with a firewall, I'll get rid of Comodo too. I haven't checked into the Viao programs yet, though my friend said that it became slow, so I'm wondering how bad they were to begin with. But I don't think he used any of them except the one that controls the wireless. Anyway, I'll try anything and I hope the problem is simply bloatware! I'll let you know the results, thanks!
|
|
#20
10-17-2008
|
||||
|
||||
|
Re Housecall and Panda:
Quote:
Quote:
It took me a year to get rid of the Dell trash and then only, finally, using the Windows Installer Cleanup Utility. So I encourage you to check those Services> Disable the Startup up type for any that aren't being use and change Startup type to Manual for those that "may" be used sometimes, but aren't needed or used always. NOTE: when changing Services, always check the Dependencies tab. It is usually easiest to change Services while in Safe Mode using Start> Run type in services.msc> access the Services here. Remember: you want to end up with one antivirus program, one firewall and at least two spyware/adware programs.
|
|
| Tags |
| ram, slow, trojans |
| Thread Tools | |
|
| Similar Topics | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Problem with the slow speed of PC and trojans | Al Nauman | Introduce yourself | 5 | 09-22-2008 10:37 AM |
| Toshiba Laptop, Not running full potential? | MTA630 | Mobile Computing | 1 | 08-29-2008 12:52 PM |
| Full size laptop numpad issues on Vista | jreddick | Mobile Computing | 9 | 04-01-2008 02:10 AM |
| Full screen letterbox to FULL creen | tizerist | Audio and Video | 3 | 07-13-2007 06:16 PM |
| Windows XP on laptop running slow, more like walking slow. Hijackthis log included | Lunatic | Security and the Web | 6 | 02-17-2005 04:48 AM |
All times are GMT -4. The time now is 06:28 AM.
