Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Fast moving Virus: Now affecting permissions, services, network connec


  • This topic is locked This topic is locked
2 replies to this topic

#1 alottlessbs

alottlessbs

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 30 August 2014 - 06:04 AM

Hi, and HELP!
I'm  really needing some guideance here.   Im running XPsp3, and I suppose that's enough said.
I'm pretty much a self taught computer illiterate, so bear with me and forgive me if Ive posted this  incorrectly...

    -First I noticed the slow down and excessive network activity.
    -Then files being created that I didnt create;  named with a long series of random numbers, letters, or both - or just a single letter or number. 
    - Most folders have a 1003 sub folder in them.       
    -In the "all users" file, there was a "network user" and a "local user". they are gone now.
    -One time I woke up to a "desktop configuration" icon in EVERY file and folder.
    -There are numerous programs with 0 byte folders.
    -Some would be 0 bytes then would populate upon opening the properties of the folder.  (One went so high as several gigs).
    - I have Avast Pro that kept getting removed from the system tray and turned off until i reinstalled it today.
    -Many of the programs and services deny me access.
    - At one point, every time I tried to open the C:/ drive,  it would thell me that explorer has encountered a fatal error and must close.  
    -No windows on the taskbar
    -Just yesterday, I opened the "connect to" folder and it says its empty.  (It used to have the realtek lan connection, then a 1394 connection showed up.) For awhile the icon has been missing from the sys tray even though its still checked to display when connected in the properties.  NTM, before the they dissappeared from the connections folder, they showed as connected and firewalled, but when I tried to disable them, they still showed they were connected.  
     -The firewall has been disabled and says it cant be turned on because the service is stopped. but I cant see the service in the administrative tools, same with the avast til I reinstalled it.
     - Ive been using Avast, MB, SAS, CCleaner, Tweaking.com Windows repair to try to stay on top of this but about a month ago it was to the point that when i clicked on their icons, they would become a different icon and the hard drive would start to go nuts.  
     - I use firefox as my default and only browser, and have IE disabled in the "add and remove programs" folder - even though it still getting plenty of action as per CCleaner.  
     -Thats just a few of the things. Also, I remember the right click menu having "Shared folder Sync" and "Share Point".  It seemed to have started when my son downloaded  2010 Office from the web.  I still cant remove it.

And upon trying to copy and paste the txt to OTL, I find I cant. Even using the keyboard shortcuts. 
 
Any help you can offer is truly appreciated!
 
------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:02 PM, on 8/29/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\prey\platform\windows\cronsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HiJackThis.exe

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin
O4 - HKUS\S-1-5-21-1078081533-2000478354-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1078081533-2000478354-839522115-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (User '?')
O4 - HKUS\S-1-5-21-1078081533-2000478354-839522115-1003\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe -update plugin (User '?')
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Program Files\prey\platform\windows\cronsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4002 bytes


    Advertisements

Register to Remove


#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 31 August 2014 - 08:52 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, alottlessbs

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Could you attach the OTL log?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 04 September 2014 - 06:15 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users