View Full Version : My PC has problems
stoney99
2011-04-13, 20:20
Hi. I've a malware/spyware problem with my computer.
(To access the forum I'm using my wife's laptop.)
Things started to get sluggish a few weks ago, but otherwise appeared to be OK, although, occasionally at startup no taskbar or icons would appear, but would after a restart.
Similarly, the PC won't always shut down automatically either.
I then couldn't load web pages, but would be re-directed to a new web page, which I new was a surefire indicator of problems.
Laterly, I've not been able to access the internet at all on my PC.
A friend suggested using you as you'd helped him out in the past.
He suggested firstly running "Spybot Search & Destroy" and "Malware Bites" before posted a thread.
I tried to run Spybot S&D, but it wouldn't run as I could not access a server.
Malware Bites worked. I have attached two logs. One after running a "quick scan" and the second after running a "full scan".
I removed all of the threats that Malware Bites found.
In the meantime, I will get and run ERUNT and backup all of my files.
Thanks in anticipation.
Dakeyras
2011-04-15, 21:23
Hi,
I have bad news I'm afraid. :sad:
One or more of the identified infections is a Backdoor Trojan.
OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.
Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.
Should you have any questions, please feel free to ask.
Please let myself know what you have decided to do in your next post.
stoney99
2011-04-16, 12:52
Hi Dakeyras,
Many thanks for the prompt reply, but I'm gutted about the solution involved!
I'll obviously follow your guidance and reformat my hard disk and reload everything again. What a pain!
Will there be a danger that the virus files may be on my back-up hard drive already or that I may copy them across when doing a back-up before reformatting?
I have a limited amount of sensitive data on the PC, but will change passwords, as advised by you, and inform the only bank that I deal with via the PC of my problem too.
Did the logs indicate just when the trojan got into my PC?
Thanks again for your help.
Dakeyras
2011-04-16, 13:49
Hi. :)
Many thanks for the prompt reply, but I'm gutted about the solution involved!
I'll obviously follow your guidance and reformat my hard disk and reload everything again. What a pain!
You're welcome and aye indeed not good news but I would never post such advice lightly unless I deem the situation warrants it I assure you.
Will there be a danger that the virus files may be on my back-up hard drive already or that I may copy them across when doing a back-up before reformatting?
In my experience they should not be but to err on the side of caution we can check as follows...
Now if your backup drive is a external one as in uses a USB connection, download the following and plug your drive in when prompted:-
Please download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Double click to run it.
You will be prompted to plug in your flash drive. Plug it in. <-- This will be your external Hard-Drive
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection
Next:
Now if your backup drive is either a external or internal one the following still applies...
Check for updates with both the installed Anti-Virus software and Malwarebytes' Anti-Malware. Then right click on the drive icon for the backup drive and scan with each of the aforementioned in turn.
Did the logs indicate just when the trojan got into my PC?
Unfortunately I am unable to determine such at this time, as to how your machine became infected could be due to a myriad of reasons and speculating about such would not be professional of myself to be perfectly honest. Just bare in mind for the future keep your machine updated via:-
Microsoft releases patches for Windows and other products regularly:
I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
And this forum topic (http://forums.spybot.info/showthread.php?t=279) has a wealth of very good advise...
The following advice of my own is worth baring in mind also. I recommend one of the following freeware Anti-Virus applications to use/install:-
AntiVir Free. (http://www.free-av.com/)
Avast Home Edition. (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?tag=mncol)
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/).
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
hpHosts (http://hosts-file.net/?s=Download)
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Only use one of the above!
Install WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here (http://www.winpatrol.com/download.html).
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).
Next:
This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/security/default.aspx)
Any further questions? Feel free to ask, if not stay safe!
Dakeyras
2011-04-18, 13:10
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.