Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC Very Slow possibly Riddled With Trojans.. Please Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 14th, 2008, 5:18 am

  • Download mbr.exe to your desktop.
  • Doubleclick mbr.exe and follow prompts.
  • When mbr.exe is ready, it will create a log. Copy and paste contents of that file to your next reply, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 14th, 2008, 5:42 pm

Hi Shaba,

Here's the mbr log:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Thanks,
Regie
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 15th, 2008, 5:51 am

Follow these instructions to install hosts file and post back if it helped.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 16th, 2008, 8:20 am

Hi Shaba,

I updated the host file successfully but it didn't seem to help.
PC froze once when I restarted it.

Thanks
Regie
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 16th, 2008, 8:48 am

We need to run a system scan with Dr. Web CureIt
  1. Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  2. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer bep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  3. Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  4. Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  5. Once the short scan has finished, Click Options > Change settings
  6. Choose the "Scan tab" and UNcheck "Heuristic analysis"
  7. Back at the main window, click "Complete Scan"
  8. Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  9. When done, a message will be displayed at the bottom advising if any viruses were found.
  10. Click "Yes to all" if it asks if you want to cure/move the file.
  11. When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  12. Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  13. Save the DrWeb.csv report to your desktop.
  14. Exit Dr.Web Cureit when done.
  15. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  16. After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
  • Dr.Web's Log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 17th, 2008, 8:19 pm

Hi Shaba,

I downloaded Dr Web from the link you've given but the interface and buttons seems to be different from what you are saying on your instructions.
But I still manage to follow it as close as possible as to what you intended me to do.

Here's the log, not very long;

psexec.cfexe;C:\ComboFix;Program.PsExec.171;Incurable.Moved.;


Thanks,
Regie

Also, when I restarted my computer this morning, my Antivirus found this trojan;

trojan.win32.autoit.qs

But it says that it can't be disinfected so it renamed it but did not say what name it renamed with.
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 18th, 2008, 9:13 am

"Also, when I restarted my computer this morning, my Antivirus found this trojan;

trojan.win32.autoit.qs"

That is likely RSIT and false positive.

Make a Bootlog
A bootlog is a file where windows writes down which drivers are loaded and which not during startup.
Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
  • Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
  • Click on the boot.ini tab and check the box that says /BOOTLOG
  • Click Apply & Ok and reboot the PC (may take a bit longer to boot)
  • After it reboots, you will get a message that msconfig has been used to change your start settings.
  • In msconfig, Check Normal Startup on the GENERAL tab, and on the BOOT.INI tab, Uncheck /BOOTLOG. Click Apply, OK.
  • When a message asks if you want to Reboot now, Click Exit Without Reboot. You don't need to.
  • Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 18th, 2008, 7:52 pm

Hi Shaba,

Here's the bootlog

Microsoft (R) Windows (R) Version 6.0 (Build 6000)
11 18 2008 18:43:29.375
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\iastor.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\DRVMCDB.SYS
Loaded driver \SystemRoot\System32\Drivers\PxHelp20.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\msrpc.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\ecache.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\igdkmd32.sys
Loaded driver \SystemRoot\system32\DRIVERS\e1e6032.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\atinavrr.sys
Loaded driver \SystemRoot\system32\DRIVERS\ohci1394.sys
Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\dfmirage.sys
Loaded driver \SystemRoot\system32\DRIVERS\wacomvhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\WacomVKHid.sys
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\circlass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\wacommousefilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
Loaded driver \SystemRoot\system32\drivers\modem.sys
Loaded driver \SystemRoot\system32\drivers\stwrt.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\DLARTL_M.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\SCDEmu.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \??\C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsvista.sys
Loaded driver \SystemRoot\System32\drivers\fsdfw.sys
Loaded driver \SystemRoot\System32\drivers\fses.sys
Loaded driver \??\C:\Program Files\COGECO Security Services\HIPS\fshs.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\System32\Drivers\fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS
Loaded driver \SystemRoot\System32\DLA\DLADResM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS
Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABMFSM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\drivers\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\system32\DRIVERS\xaudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\WUDFRd.sys
Loaded driver \??\C:\Program Files\COGECO Security Services\Anti-Virus\minifilter\fsgk.sys
Loaded driver \SystemRoot\system32\drivers\tdtcp.sys
Loaded driver \SystemRoot\System32\DRIVERS\tssecsrv.sys
Loaded driver \SystemRoot\System32\Drivers\RDPWD.SYS
Loaded driver \??\C:\Program Files\COGECO Security Services\Anti-Virus\fsbldrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Loaded driver \SystemRoot\system32\drivers\MSPQM.sys


Thanks,
Regie
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 19th, 2008, 5:46 am

Do you get those popups on every website or just in some certain websites?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 19th, 2008, 8:03 pm

Hi Shaba,

Just on some websites. I don't get a lot of pop ups lately, in fact, I didn't get anything at all this week so that's really a good thing.

However my pc still slow opening programs, such as firefox, photoshop, and specially skype.

Do I have a virus?

Thanks,
Shaba
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 20th, 2008, 4:57 am

For general slowness, see here and post back if it helped :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 23rd, 2008, 10:49 pm

Hi Shaba,

Sorry for late response, I was only able to do one process a day of PC Slowness since I was so busy. But finally I was able to do all of them and it did help a bit. Skype is still very slow though, so i'm just going to delete the program and maybe reinstall it since I don't seem to have a virus.

One thing that reminded me is that before we started, Otto is in my list of programs which I tried to uninstall but just keeps coming back. And I read somewhere that its some kind of trojan virus. But when I checked the list of the programs the other day, its gone. So maybe we did something that got rid of it.

Thanks a lot Shaba for all your help.
Regie
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 24th, 2008, 3:28 am

Glad to hear that :)

Still some issues left?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby onuel » November 24th, 2008, 9:00 pm

My Pc seems to be working a bit better now.

Thanks Shaba for all the help :)
onuel
Regular Member
 
Posts: 30
Joined: April 30th, 2008, 8:44 pm

Re: PC Very Slow possibly Riddled With Trojans.. Please Help

Unread postby Shaba » November 25th, 2008, 3:59 am

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

You can delete rsit, c:\rsit.txt and c:\windows\ntbtlog.txt

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware