24 replies to this topic

[kayaref]

Hi, I hope someone can help me, I am not sure if I have a virus or not, or whether I should be posting this in a different forum. Computer sometimes freezes during or after startup, or when working on the computer in any program. The keyboard does not function nor does the mouse cursor. The cursor is frozen on the screen. I cannot reboot without pressing the reset button. I have performed virus scan, malware scan, spyware scan etc with no results. This problem is intermittent, I get no error messages, or blue screen etc, the computer just locks up. I will be very grateful of your assistance, as you have helped me a lot in the past. Many thanks, Kevin

[CatByte]

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[kayaref]

Thanks for the reply CatByte, Please find attached files as requested. I hope I did the DDS correctly as I was not sure about "script blocking protection" Regards, Kevin  DDS.txt   5.8KB   295 downloads  Attach.txt   10.09KB   178 downloads  gmer.txt   18.68KB   775 downloads

Edited by kayaref, 21 October 2009 - 06:49 AM.

[CatByte]

Hi,

I don't see any obvious signs of malware in your logs, but lets do a couple of scans just to be certain, if these are clean then our techs can have a look to see if it's a hardware or setting issue.

Please do the following:


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.

NEXT


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[kayaref]

Hello CatByte, Please find attached reports below as requested. I am sorry it took so long but my computer kept locking up. Regards, Kevin

Attached Files

•  mbam_log_2009_10_22__18_35_31_.txt   835bytes   175 downloads
•  kaspersky_scan.txt   1.77KB   276 downloads

[CatByte]

Hi,

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "D:\MUSIC\Incomplete\Preview-T-1080642-01 - S�bastien Tellier - Kilometer (A-Track Remix).wma"

Did you choose to have this item on your machine?

D:\Utilities\Key Changer\keyfinder.exe

Please advise in detail what symptoms you are still experiencing.

[kayaref]

Hi CatByte, I have done as requested, I am not sure what it was supposed to do but it was very quick whatever it was. The Keychanger you asked about was included in a bunch of utilities copied onto a partition D: on my harddrive from a friend who rebuilt my computer after a faulty power supply cooked my motherboard. I have never used it and as far as I am concerned it can be deleted. In regards the computers behaviour, I was running the Kaspersky scan one evening and it was going to take hours, so I let the comp run overnight, I switched off the monitor and went to bed. The following morning I could not switch on the monitor, and the processor light was on continuously and steady. I had to reset the computer, and when it restarted the monitor was ok. I thought I had a dead monitor for a while. The comp must have locked up and had affected the monitor. Thanks, Kevin

[CatByte]

HI,

Go ahead and delete that file then


Please delete the DDS and GMER folders from your desktop.

NEXT

Clean up with OTM:

• Double-click OTM.exe to start the program.
• Close all other programs apart from OTM as this step will require a reboot
• On the OTM main screen, press the button
• Say Yes to the prompt and then allow the program to reboot your computer.

NEXT

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:

Click Start > Run > copy and paste the following into the run box:

cleanmgr

At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them
  Then consider a password keeper, to keep all your passwords safe.
  
• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

[kayaref]

Hi CatByte, Where do I get OTM? Thanks, Kevin

[CatByte]

My apologies, you don't need that part....I meant to take that out, sorry

[kayaref]

Hi CatByte, Thank you for all you time and effort it is much appreciated. I have carried out all but install alternative browser at this time. Can you please tell me what it was that caused the problem, as I suspected I may have had a hardware issue such as hard drive or motherboard breakdown. Many Thanks, Kevin

[CatByte]

ESET quarantined a trojan downloader, and one of your files was infected with a trojan clicker.

That can be enough to disrupt the smooth working of your computer.

Keep an eye on it.

It should be fine now, but if it acts up again it may be hardware related, in which case post in out hardware forum to see if the techs can assist.

Try a defrag to see if that will help a little also.

Download and run Auslogics Disc Defragmenter

[kayaref]

Hi CatByte, Thank you once again. Can I safely delete quarantined items from my Eset antivirus? Regards, Kevin

[CatByte]

Yes, but leaving them there causes no harm either.

[kayaref]

Hi CatByte, The computer seems to be running ok now - no more lockups. However I am getting continuous alert messages from WinPatrol for a new startup service that it is asking me to accept called "Servises.exe". (it is not a spelling error). I have attached a screenshot in Word format for you to inspect. I cannot minimise the popup and when I close it it keeps coming back a couple of times after I click NO. I have tried to disable it in WinPatrol but it keeps coming back - very irritating. Your help would be much again appreciated. Many thanks, Kevin

Attached Files

•  winpatrol_message.doc   93.5KB   5 downloads