this past week my laptop became infected it appears with spyware and trojan. stuff keeps loading on my browser. How can I get rid if this? Is there a free download? I have Internet explorer 7 with xp. I use avg. did a scan and it told be about monster and banker. I know enough to be able to remove some of these things manually if I can get some directions. Any help will be appreciated
Infected with IEmonster.b & Inforstealer.Banker.s
- Thread starter tcbrb46
- Start date
- Status
Tom
Rich will be checking back soon, but you need to run MBAM again as all the Malware in the log says "No action taken" meaning you did not click the next button and select to remove all.
Then if they are removed then you should run MBAM again to confirm it does not find more that the first ones had hidden. Other words the first scan may have exposed others to be cleaned.
I am surprised SAS came up clean.
So get those logs and a new HJT log last posted back.
Mike
Rich will be checking back soon, but you need to run MBAM again as all the Malware in the log says "No action taken" meaning you did not click the next button and select to remove all.
Then if they are removed then you should run MBAM again to confirm it does not find more that the first ones had hidden. Other words the first scan may have exposed others to be cleaned.
I am surprised SAS came up clean.
So get those logs and a new HJT log last posted back.
Mike
I will run mbam again
thanks
Hi
I ran the mbm and hijack program again and everything was clear. I am going to reformat my hard drive as it is very slow for what ever reason. I seem to have a lot of processes running and I am not sure which ones to close. I think its time to clean up by reformating.
Thanks
Tom
thanks
Hi
I ran the mbm and hijack program again and everything was clear. I am going to reformat my hard drive as it is very slow for what ever reason. I seem to have a lot of processes running and I am not sure which ones to close. I think its time to clean up by reformating.
Thanks
Tom
Well Tom just check to be sure we are clean!
If we are we will begin to tune/tweak your system for performance.
To begin do the below so that I can see what is running.
----------------------------------------------------------------------------------------------------------------------------------
Download RSIT
http://images.malwareremoval.com/random/RSIT.exe
Run it, when finished it will open a log Maximized on the screen, copy/paste the contents of this log back here then close that log.
Then the 2nd log is Minimized so Max it and attach it also.
The logs will contain a HighJackThis log also.
----------------------------------------------------------------------------------------------------------------------------------
Lets look at your startups
http://www.tombraiderhub.com/download/ardiag.exe
when run give it a couple minutes it will produce a text file attach the contents back here.
----------------------------------------------------------------------------------------------------------------------------------
Mike
If we are we will begin to tune/tweak your system for performance.
To begin do the below so that I can see what is running.
----------------------------------------------------------------------------------------------------------------------------------
Download RSIT
http://images.malwareremoval.com/random/RSIT.exe
Run it, when finished it will open a log Maximized on the screen, copy/paste the contents of this log back here then close that log.
Then the 2nd log is Minimized so Max it and attach it also.
The logs will contain a HighJackThis log also.
----------------------------------------------------------------------------------------------------------------------------------
Lets look at your startups
http://www.tombraiderhub.com/download/ardiag.exe
when run give it a couple minutes it will produce a text file attach the contents back here.
----------------------------------------------------------------------------------------------------------------------------------
Mike
I have malware running at home presently. Had to sub at the high school and have to play hockey tonight. will get this done in between. Should be able to send stuff back soon. no later than wednesday. Was not aware of other things I could do to speed up computer. Windows startup sucks. Computer startup could be a little faster. Thanks for your time. I have three laptops and a desktop to keep running. There is always new things to learn.
Tom
Tom
10-4 to that.
I've been doing this for 30 years professionally and I still learn.
At the age of 64 I have the CRS syndrome so sometimes I even learn from myself.
I will tackle an issue here or in my work thinking I have never seen this issue before but as I delve in I remember that I had just forgotten.:haha:
Besides enjoying helping people that is the reason I Volunteer here. It helps keep me sharp.
Besides I have a lot of help here, even to the point I have a helper following me around to make sure I remember. Now is that nice or what!
Mike
I've been doing this for 30 years professionally and I still learn.
At the age of 64 I have the CRS syndrome so sometimes I even learn from myself.
I will tackle an issue here or in my work thinking I have never seen this issue before but as I delve in I remember that I had just forgotten.:haha:
Besides enjoying helping people that is the reason I Volunteer here. It helps keep me sharp.
Besides I have a lot of help here, even to the point I have a helper following me around to make sure I remember. Now is that nice or what!
Mike
Infected with IEmonster.b &Infostealer.Banker.s
Too long I will reply twice too long. Had to copy and paste superanti spy and malware. could not find the logs i saved today.
Tom
Copy the following text and paste it to your report AS IS!!!
Moderator Edit:
.
.
.
.
Too long I will reply twice too long. Had to copy and paste superanti spy and malware. could not find the logs i saved today.
Tom
Copy the following text and paste it to your report AS IS!!!
Moderator Edit:
Do Not Paste Logs Into Replies. Always Attach Them
.
.
.
.
Hi Tom
Sorry about the copy/paste thing came from another board where they actually disdained attachments for pasting directly to the post.
But we have an Opps!
Run MBAM click More Tools-Run Tool and paste the following one at a time into File name: and click ok
C:\WINDOWS\system32\husowipe.dll
c:\windows\system32\lofiketo.dll
Additionally Run HJT Scan only select and delete the below.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Reboot then we need another HJT log.
Mike
Sorry about the copy/paste thing came from another board where they actually disdained attachments for pasting directly to the post.
But we have an Opps!
Run MBAM click More Tools-Run Tool and paste the following one at a time into File name: and click ok
C:\WINDOWS\system32\husowipe.dll
c:\windows\system32\lofiketo.dll
Additionally Run HJT Scan only select and delete the below.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Reboot then we need another HJT log.
Mike
Infected with IEmonster.b &Infostealer.Banker.s
Mike
I ran mbam could not find files. However, I recognized the files. Could not find husowipe.dll. I did find lofiketo.dll in AVG antivirus that was in the virus vault. I remembered this file when I looked at the processes running.
I ran hjt and deleted the file and ran it again it was gone.
Attached is the hjt log after reboot.
Thanks
Tom
Mike
I ran mbam could not find files. However, I recognized the files. Could not find husowipe.dll. I did find lofiketo.dll in AVG antivirus that was in the virus vault. I remembered this file when I looked at the processes running.
I ran hjt and deleted the file and ran it again it was gone.
Attached is the hjt log after reboot.
Thanks
Tom
All Right good job!
OK so we will move on to Tune/tweak for speed.
Did you forget Ardiag at the bottom of post #8? Get this log to me.
Has your computer ever had Norton, Mcafee or Zone Alarm installed?
Below we begin to address your slow system
----------------------------------------------------------------------------------------------------------------------------------------------------
Clean and tweak services
In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.
Nothing is un-installed or deleted only disabled from running!
They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.
Disabled uses no memory (RAM) and no CPU cycles.
Manual uses the RAM but a small amount of CPU.
Auto and not started they use even more RAM and CPU.
Auto and started even more RAM and CPU ..
Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.
Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Fast User switching
Health Key and Certificate Management Service
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing
IF you are using a wired network card and "NOT" using wireless on this computer then you can
also disable
Wireless Zero configuration
Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.
In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.
This is not to be confused with Wired Auto Config do not disable that!
----------------------------------------------------------------------------------------------------------------------------------
Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Have XP CD available in case DAF needs a file.
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here 1 at a time do the below
Flush DNS
Flush Icons
Process Idle Tasks
Reset WMI/WBEM (not reinstall)
Watch for any File not found or other errors and make note as this may point to a problem!
----------------------------------------------------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
-------------------------------------------------------------------------------------
The Malware issues we fixed could be found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy service running which is the default.
----------------------------------------------------------------------------------------------------------------------------------
Copy for pasting > chkdsk c: /f
then
Start-Run
paste the above.
It will want to do it on next reboot so reboot and let it do it.
When back to Desktop do a Defrag and report back on system status and speed.
Mike
OK so we will move on to Tune/tweak for speed.
Did you forget Ardiag at the bottom of post #8? Get this log to me.
Has your computer ever had Norton, Mcafee or Zone Alarm installed?
Below we begin to address your slow system
----------------------------------------------------------------------------------------------------------------------------------------------------
Clean and tweak services
In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.
Nothing is un-installed or deleted only disabled from running!
They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.
Disabled uses no memory (RAM) and no CPU cycles.
Manual uses the RAM but a small amount of CPU.
Auto and not started they use even more RAM and CPU.
Auto and started even more RAM and CPU ..
Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.
Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Fast User switching
Health Key and Certificate Management Service
Indexing service
Messenger
Net logon
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing
IF you are using a wired network card and "NOT" using wireless on this computer then you can
also disable
Wireless Zero configuration
Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.
In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.
This is not to be confused with Wired Auto Config do not disable that!
----------------------------------------------------------------------------------------------------------------------------------
Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Have XP CD available in case DAF needs a file.
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here 1 at a time do the below
Flush DNS
Flush Icons
Process Idle Tasks
Reset WMI/WBEM (not reinstall)
Watch for any File not found or other errors and make note as this may point to a problem!
----------------------------------------------------------------------------------------------------------------------------------
Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
-------------------------------------------------------------------------------------
The Malware issues we fixed could be found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy service running which is the default.
----------------------------------------------------------------------------------------------------------------------------------
Copy for pasting > chkdsk c: /f
then
Start-Run
paste the above.
It will want to do it on next reboot so reboot and let it do it.
When back to Desktop do a Defrag and report back on system status and speed.
Mike
Infected with IEmonster.b &Infostealer.Banker.s
Mike
Must of missed ardiag when I messed up the other day. I don't think I ever activated Norton on this wireless laptop. I don't recall Mcfee. I have had zonealarm in the past but not sure if it was before or after I replaced the hard drive. Zonealarm would not let me print wirelessly as did spybot. I have not been able to use my printer from my three wireless laptops for the past seven months. The other day I updated ccleaner and advance system care and low and behold I was able to print from my wireless laptops. My desktop runs wirelessly too. My router is in bedroom next to the cable router. Anyway I will tackle your instructions Thursday as it is a little late and the redwings are on. I don't want to start something I might not be able to finish.
Thanks so much for your time, take a brake and have beer or something your working too hard.
Tom
Mike
Must of missed ardiag when I messed up the other day. I don't think I ever activated Norton on this wireless laptop. I don't recall Mcfee. I have had zonealarm in the past but not sure if it was before or after I replaced the hard drive. Zonealarm would not let me print wirelessly as did spybot. I have not been able to use my printer from my three wireless laptops for the past seven months. The other day I updated ccleaner and advance system care and low and behold I was able to print from my wireless laptops. My desktop runs wirelessly too. My router is in bedroom next to the cable router. Anyway I will tackle your instructions Thursday as it is a little late and the redwings are on. I don't want to start something I might not be able to finish.
Thanks so much for your time, take a brake and have beer or something your working too hard.
Tom
Infected with IEmonster.b &Infostealer.Banker.s
Mike
I disabled your list except I did not find Messenger, Ne.TCP Port Sharing, Net Meeting Remote Desktop Sharing, or Remote Registry in the Services Tab. I had to enable Net Logon as I lost my wireless connection.
Downloaded DAF everything went fine except when I Reset WMI/WBEM error message stated "access violation at address 77c0154D in module version.dll."
I had to stop program by cntr,alt,delete and end process. Stuck on first item cimwin32.dll read of address 00000004.
Did ATF cleaner. Did system Restore.
Did chkdsk c: /f rebooted don't know where the info or file went. It did a check and disappeared.
Ran defrag.
System improved somewhat. I clean up files regularly with defrag and ccleaner and tools in windows.
Tom
Mike
I disabled your list except I did not find Messenger, Ne.TCP Port Sharing, Net Meeting Remote Desktop Sharing, or Remote Registry in the Services Tab. I had to enable Net Logon as I lost my wireless connection.
Downloaded DAF everything went fine except when I Reset WMI/WBEM error message stated "access violation at address 77c0154D in module version.dll."
I had to stop program by cntr,alt,delete and end process. Stuck on first item cimwin32.dll read of address 00000004.
Did ATF cleaner. Did system Restore.
Did chkdsk c: /f rebooted don't know where the info or file went. It did a check and disappeared.
Ran defrag.
System improved somewhat. I clean up files regularly with defrag and ccleaner and tools in windows.
Tom
No problem on items in Services as not everyone has all of them.
The Net Logon has nothing to do with wireless it only has to do with logging into a Corporate Domain controller Server.
You might try disabling it again. And if it does effect your wireless connection let me know as you have something unusual going on.
I will look into the DAF version.dll and get back to you perhaps tomorrow.
The Chkdsk gives no log. Normal.
Mike
The Net Logon has nothing to do with wireless it only has to do with logging into a Corporate Domain controller Server.
You might try disabling it again. And if it does effect your wireless connection let me know as you have something unusual going on.
I will look into the DAF version.dll and get back to you perhaps tomorrow.
The Chkdsk gives no log. Normal.
Mike
Infected with IEmonster.b &Infostealer.Banker.s
Ok thanks.
The logon did it again, however, I noticed windows was on selected startup so I changed it to normal startup and no problem now.
Did get a stack overflow before I made change but did not do it this time
Said stack overflow at line 1509. It did that once before I think last night. Might have been about the time I disabled logon. It came up when I accessed IE explorer.
Things are going pretty good now.
Tom
Ok thanks.
The logon did it again, however, I noticed windows was on selected startup so I changed it to normal startup and no problem now.
Did get a stack overflow before I made change but did not do it this time
Said stack overflow at line 1509. It did that once before I think last night. Might have been about the time I disabled logon. It came up when I accessed IE explorer.
Things are going pretty good now.
Tom
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Lenovo and Micron are first to announce a laptop using LPCAMM2 memory- Shawn Knight replied
