PDA

View Full Version : Supsav.Smss32 - 2nd time I've gotten this (problem with computer not starting up)



dmcindc
2010-02-26, 18:51
Hi,

In early January I had a bad level five trojan on my computer that came through IE (I have been using Firefox since then). I used avast to clean off the virus and also ran spybot which caught and removed 9 items, part of which were listed under Supsav.Smss32 (7 TrojansC). Then when I went to restart my computer, it would not start up. It would just immediately log me off. One of my tech friends used my windows disk to recover/restore my computer back and then everything worked fine again and all scans came back clean. Everything was fine until last night.

Yesterday night my computer showed a low disk space alert icon, was extremely slow and sluggish, and seemed to freeze up when I tried to do anything. So I powered it off and then back on again (using power switch) and it was still extremely slow, but I managed to run a spybot scan and saw I had Supsav.Smss32 again and removed it. I ran a full avast scan which came back clean.

My fear right now is... if I turn off my computer or try to restart, that it won't start up again as last time when I removed this same malware package. Can anyone help me fix whatever needs to be fixed so that this won't happen? Overall I believe my computer is clean now, but that maybe some necessary file has been removed or corrupted, or that maybe there is some hidden file I need to remove. Can anyone assist? I just hate to have to ask my friend to travel all the way to my home and fix my computer again and I want to try to learn how to do this on my own.

If you still need a hijack this scan, please let me know and I will post.

- Donna

katana
2010-03-04, 00:41
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



GMER Rootkit Detector

Please download GMER Rootkit Scanner from Here (http://www.gmer.net/gmer.zip) or Here (http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307)

***Please close any open programs ***
Extract the contents of the zip file to your desktop.
Disable your onboard Anti Virus and any other Active protection programs you have installed.
Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
Now use the following settings for a more complete scan..

http://i51.photobucket.com/albums/f387/Katana_1970/th_Gmer_initScan-1.gif (http://i51.photobucket.com/albums/f387/Katana_1970/Gmer_initScanfull.gif)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.

Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

RSIT Logs
GMER Log

katana
2010-03-14, 10:49
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.