MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: I'm sure I have a virus or a trojan, but I can't get rid of it.
July 17, 2019, 01:27:20 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 17, 2019, 01:27:20 PM

Login with username, password and session length
 
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: I'm sure I have a virus or a trojan, but I can't get rid of it.  (Read 3181 times)
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« on: August 29, 2012, 09:55:40 PM »

My computer has been running slow.  It takes several minutes to complete it's boot process after it gets to the windows main screen.  Programs hang all the time and a few week's back my hotmail account was hacked.

I've got anti-virus on my comp, but it doesn't seem to be catching things.  I've run spybot, and it also gives me the all clear.  I tried downloading malwarebytes and running it, and while it looks like it's running, anytime I try to open the program to run a scan it just says "Malwarebytes Anti-malware is already running".

I ran OTL and have attached the two files for you to review.  OTL took over 2 hours to scan.  I tried to run MBR, but the computer crashed halfway through the scan and I got the fabulous blue screen.  However, before it crashed I saw at least 2 entries that were yellow and one that was red.

Any help would be greatly appreciated!

I am running Windows XP.  I've been avoiding updating to Win7 until I can get the computer to run efficiently.

Thanks!




Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: August 29, 2012, 10:26:44 PM »

Looks as if you do have malware...







 
Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:
 
http://malwarebytes.org/mbam-download-exe-random.php



=============================================


Download Combofix from any of the links below, and save it to your desktop.

Link 1

Link 2

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:




Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:





As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.





Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.





Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #2 on: August 31, 2012, 06:42:21 AM »

ok, so I had to run malwarebytes anti-malware in safe mode as i couldn't get it to run otherwise.  It found one item and had it remove what it found, but it didn't require a restart.  I've attached the log.

I restarted the computer and ran combo fix since I couldn't run it in safe mode.  It apparently found something because it restarted the comp.  I've also attached the log.

It seems as though the issue has been fixed based on the restart and removal of items, but the comp is still slow to load and slow to do anything really.  So I think there is still something wrong.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: August 31, 2012, 10:12:36 PM »

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================


Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #4 on: August 31, 2012, 11:23:53 PM »

Ok, thank you for the help.  but my problem is that the computer is still quite slow and hangs despite my barely using a third of the memory or RAM.  What else can I do to improve the speed if it isn't a virus or malware holding me back?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: September 02, 2012, 11:15:30 PM »

Lets do an online scan.






I'd like you to scan your machine with ESET OnlineScan
 


  • Scan your system with Online Scanner

  • Place a check mark in the box YES, I accept the Terms Of Use.

  • Click the button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check

  • Click the button.

  • Accept any security warnings from your browser.
  • Check

  • Make sure that the option to "Remove Found Threats" is UN checked.

  • Push the "Start" button.

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push

  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Push the button.

  • Push
Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #6 on: October 02, 2012, 12:38:20 AM »

Here is the ESETS scan.  It found 5 viruses!

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: October 04, 2012, 10:02:12 PM »

Thats fine.They are not malware.
Logged

An Australian Member of

EDDY
Sandour
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 55


Bookmark and Share

View Profile
« Reply #8 on: October 05, 2012, 08:10:53 PM »

Thank you.  But my computer is still very slow.  If there isn't a virus then what else could it be?  I haven't even used 1/10th of my CPU memory.  What else would make it hang the way that it does?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: October 05, 2012, 10:27:13 PM »

Try this cleaner.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 08, 2018, 09:49:42 AM