Internet Browsers will not open - possible malware

Status
Not open for further replies.

aegisrose

Posts: 69   +0
Greetings TechSpot forums!
always a pleasure coming here to get answers. :haha:

After moving recetly, my old XP machine started experiencing problems opening internet browsers (ie 8 and Firefox 3.0.13). They simply crash.

I know it's not my router or ISP because I have 4 other machines connected and running at full blast. And there is some sort of connectivity because windows updates downloaded some updates.

I read somewhere it might be loose memory sticks so I went into the guts and all is secure in there.

I have the latest application versions of Malwarebytes, Superantispyware, and Hijackthis, but whatever is attacking the PC will not let me update the definitions library. I think Malwarebytes did update, but a weird error flashed for a moment while updating, so i'm not confident it's all the latest info.

Is there a way to get those updates and move them via flash drive from my laptop to the sick PC?

In the mean time, I've attached the hijackthis log, and the superantispy log (last update was july 09).

Any insight would be appreciated. THANKS!
 
I think the topic was not replied to because all 3 logs are not attached
Try again to update Malwarebytes and run a quick scan

Also uninstall the old and obsolete AVG8
Then after uninstalling it, then run the AVG Remover tool: http://www.avg.com/filedir/util/support/avgremover_en.exe

Restart

Download and install Free Avira Antivirus: http://www.free-av.com/
Update it, and run a full scan

Restart

Reply with 3 new logs:
Malwarebytes
HijackThis
Avira scan log

Oh you can uninstall SUPERAntispyware to begin with too


Edit:

I mentioned to uninstall AVG8 to you in your thread here: https://www.techspot.com/vb/topic138422.html
Since you still have it, maybe someone else wants to support you in removing malware
I think AVG8 went out about 6 months ago now though (could be more)
 
Thanks for the response Kimsland... I'll see what I can do about AVG and Malware Bytes since I can't seem to update any of the programs.

I'll post again tomorrow.

EDIT: this whole ordeal is on my old PC. I'm not particularly attached to AVG so I've uninstalled it and installed Avira on it. I was able to update it too! More to follow...
 
virus infections usually dont prevent internet applications , they want you to go online so they can steal your info or sell u somthing.. right click on my computer, than click on manage than click on event logs and check sytem folder and applications folder for errors..
 
virus infections usually dont prevent internet applications , they want you to go online so they can steal your info or sell u somthing.. right click on my computer, than click on manage than click on event logs and check sytem folder and applications folder for errors..

Hey Stellar... you might be onto something.

I see some errors that say "could not join the network because another machine has the same name..." which is accurate because I named my new PC the same as the old one.

I've renamed the old one and started running all the scans as well.

We'll see what turns up.
 
renamed machine and ran scans

I renamed the machine. This helped me connect to the internet.

Eitheway, to be on the safe side, I ran the scans. If someone could take a peek just to confirm that it looks good, I'd sure appreciate it!
 
i cant see the logs at the moment sence im on my phone, go to pandasecurity.com and run the active scan 2.0 takes about a hour.
 
I can see the logs ;)

Please run IE Reset (you have a number of Browser Helper Objects that just slow down your browsing in my view)

Or manually from here https://www.techspot.com/vb/post682762-2.html
Then restart Internet Explorer

Your Malwarebytes scan only needed to be a quick scan :rolleyes:
And you have not removed found Malwares at the end of the scan
As it also has an older database, please open Malwarebytes; Update it; then run a quick (~10min maximum) scan
Please provide this new scan log


Combofix:
  • Download Combofix to your desktop.
  • Disable your Antivirus (as Combofix will remove any found malwares)
  • Double click ComboFix & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here
Also restart and provide a fresh HJT Scan log

3 logs required again ;)
 
Right click on Avira shown on your Taskbar
Remove the tick

8wcbnp.jpg
 
Hi, I suspect you are still infected. Please follow the following precisely (we don't want to mess up Windows ;))

Also, allow any Firewall message that may pop up


  1. Download Atapi.zip to your Desktop
    • Extract Atapi.zip file directly to your Desktop, giving Atapi.sys

  2. Start > Run > cmd /c del /a/f/q c:\atapi.sys > ok

  3. Start > Run > cmd /c start /min cmd /c "copy %windir%\system32\drivers\atapi.sys Desktop\*.suspect >log.txt&log.txt"
    • You will get "1 file(s) copied." Please close this Notepad

  4. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys %windir%\system32\drivers\atapi.sys >log.txt&log.txt"
    • You will get "1 file(s) copied." Please close this Notepad

  5. Start > Run > cmd /c start /min cmd /c "copy Desktop\atapi.sys c:\atapi.sys >log.txt&log.txt"
    • You will get "1 file(s) copied." Please close this Notepad

  6. Start > Run > cmd /c start /min cmd /c "dir /a c:\atapi.sys >log.txt&log.txt"
    • Please save the text file to be attached to a new reply
Restart

Run Combofix again, attach
attach.gif
the log

:)
 
Yes, I forgot the "/c" I have edited it in above ;)

But instead of doing this single command log file, lets check the entire of the system drive (Note this one will take a bit longer as it searches)
Start > Run > cmd /c start /min cmd /c "PEV -l %systemdrive%\atapi.sys >Log.txt&Log.txt&del Log.txt"
Wait about 30 secs for this log to show. Please save this log file to be attached later on

Please also provide the new Combofix log as an attachment (this must be performed after Restart)
And also attach the file: atapi.suspect (located on your Desktop) You need to Zip this up first

3 Attachments required
 
The atapisuspect file, you have renamed :confused: It was originally atapi.suspect
I have tested this file and it looks ok, so be it.

The redirection looks as though it may now be resolved :)


Un-install Combofix
  • Click Start then Run
  • Now type Combofix /uninstall in the runbox and click OK
  • Any popup errors about Antivirus just ok or close
Note: 1 space after ComboFix in that uninstall command


Clear system restore points

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK


Update Java

Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates

Run TFC Cleaner
Download and Run TFC
(You may need to Restart)


Restart

Report how everything is running well :)
 
Excellent

Yep~ the machine is running VERY well now!!!

oh.. and I renamed the atapi zip bexause I wasn't sure if it would like having a "." in the middle of the file name when I zipped it. I guess it doesn't really matter.

Thanks so much for your time and efforts. I've addressed a couple of my issues via TechSpot and I learn a lot each time.

Thanks again Kimsland!!! You rock!!!! :grinthumb
 
No problems :)

Hey Malwarebytes has just updated to a new version 1.42
Please startup Malwarebytes, and do an update to the program and then the database
Then run a quick scan. I don't expect you'll have any issues, but hey a 5 or 10 minute scan can't hurt ;)
 
Thank you kimsland. It gets a bit overwhelming in the V&M forum at times. Sorry you got missed. I usually start at the bottom with the oldest posts, but sometimes I miss.

You really need to do the Java update- (jre1.6.0_05) having the older version leaves a vulnerability to the system.

Would also stress cleaning up the system- especially the temp files- more regularly. Heaps of those can really slow you down.

I didn't see any malware in the logs- or anything that hadn't been handled. Can't help wonder if this was the devil in the system:
see some errors that say "could not join the network because another machine has the same name..." which is accurate because I named my new PC the same as the old one.

Thanks for atapi info kimsland. Have saved all for next atapi day!
 
Status
Not open for further replies.
Back