Looks like following the Elite steps solved the problem. Thanks a million, Bearcat.
Any suggestions on programs to cut out and help improve performance? |
Piriform has just updated CCleaner and Defraggler to 3.0
http://www.piriform.com/ |
I ran into a strange virus/trojan last night called Windows Defender*. It installed on my computer (not sure how) and it looked like a virus-scan or spyware-removal dashboard. I tried to close it so that I could uninstall it, but it just went into the system tray. Right-clicking the system tray icon didn't show an 'Exit' or 'Shut Down' option, so I went to Task Manager to kill the process. Task Manager would open for a second, then close. I tried it over and over thinking "oh crap". I rebooted, and the 'Defender' app started up immediately and proceeded to end other processes. I tried Task Manager again, and it closed after a second. I opened up Firefox to try and look it up, and Firefox closed after a second. Everything I tried to open would close almost immediately (even running 'cmd' and 'msconfig.exe').
During one of the times Task Manager flashed open, I saw that one of the processes was 'defender.exe'. I opened Windows Explorer, which luckily stayed open, and searched for it. Sure enough, defender.exe was sitting in the Users directory (I'm running Vista). I tried to delete, but couldn't because the process was running. So I renamed it and rebooted. This time, it didn't run on startup, so I quickly went in and deleted defender.exe and went into msconfig.exe and removed it from startup. I also went into the registry and removed all entries that contained 'defender.exe'. It was 1:30am by the time I got rid of it, so I shut down my machine and went to bed. Tonight, I plan on doing a full system scan: AVG, Ad-Aware, and a few of the programs mentioned in this thread. From what I gathered, it was just a bogus app that tries to get people to buy "full version" to get rid of whatever virus it says you have. I think everything is ok now, but just want to make sure. Any thing else I should be doing or looking for? ========== * Not THE Windows Defender, just trying to disguise itself as legit. |
Bastard rogues.
Run CCleaner to check your registry. Rogues **** up file extensions. |
Quote:
|
Quote:
At least it was just the defender.exe... the really nasty ones will have a DLL that gives a random name to the .exe each time you start Windows. :# |
Quote:
|
Quote:
|
I'm definitely anal about cutting down my startup time and services running (especially since it's a 4 year old laptop). Use Soluto primarily, but I'll make sone suggested changes.
Thanks again! |
Soooo.....
My wife got one of those pop-ups that says you have a virus and you need to run the scan. In all her infinite wisdom, she clicked to run the scan. Now it's got her computer 13 different kinds of FUBAR. I downloaded the rouge removal to a jump drive and copied it to her hard drive. I tried to run the components and every time I start the components up and the "Security Tool" gives me an error and closes the program. The instructions say to run it in normal mode. Any suggestions? Should I try it in safe mode? Thermonuke the whole ****ing thing? What say you? |
Quote:
|
Quote:
Well, DaFace helped me out (He's the man). I managed to get into safe mode and do a system restore. I think it worked. I'm currently running MBAM in Normal Mode. Hopefully that will be the end of it. |
All of the sudden my internet is taking 3x as long to do things, I havent really tried to do anything else on my computer other than go on the internet, so I don't know if its just the internet or if I have a virus, BUT...
I downloaded HijackThis and MalwareBytes. MalwareBytes says I have 3 infected files when I ran a quick scan (I just ran a quick scan with Avast the other day and nothing popped up). Here is the Malwarebytes log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5050 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/5/2010 3:30:48 AM mbam-log-2010-11-05 (03-30-48).txt Scan type: Quick scan Objects scanned: 149673 Time elapsed: 6 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysinfo (Trojan.Downloader) -> No action taken. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Users\matt\AppData\Local\Temp\94162957Wsy.dll (Trojan.Downloader) -> No action taken. Here is the HijackThis Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:17:50 AM, on 11/5/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\matt\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 O4 - HKCU\..\Run: [Google Update] "C:\Users\matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Comodo EasyVPN] "C:\Program Files\COMODO\EasyVPN\EasyVPN.exe" /background O4 - HKCU\..\Run: [sysinfo] C:\Windows\system32\rundll32.exe C:\Users\matt\AppData\Local\Temp\94162957Wsy.dll,Sets O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: MLB.TV NexDef Plug-in.lnk = matt\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - C:\Program Files\COMODO\EasyVPN\crdphService.exe O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8260 bytes If anyone has an idea of whats going on, I'd appreciate any help. |
Quote:
And is there a reason you have a Comodo VPN client running on your system? If you're not actively using that, I'd remove it. I'm also a little concerned about all the missing system files that HijackThis is listing. It looks like you upgraded from Vista to Win7, and it left a bunch of dead links in your registry. If you're familiar with editing the registry, I'd remove those. |
Quote:
Also, I'm not familiar with editing the registry, I don't want to screw that up. |
All times are GMT -6. The time now is 01:33 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.