Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computers running amuck

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computers running amuck

Unread postby Mymania » August 27th, 2010, 9:39 am

I have three computers at home that I have no control of. All are running different versions of Windows. I have re-installed operating system multiple times, on two of them because after two three weeks of use the computers slow down to the point I can not use them until I start over again. I get locked out from changing setting even as administrator. System processes and network processes seem to restart on their own after being stopped and disabled. This is without connecting them to the internet any more. My firewall gets turned off, and I have increasing CPU usage with no programs being started by me. Also when I do connect to internet, I get tons of inbound and outbound activity, before my first page loads up, and microsoft update is turned off. And no software updates have been initiated by me.

Thank you in Advance for your assistance

I'll start with My Dell using XP Pro. Which I recently re installed OS.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:40:17 PM, on 8/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-21-1214440339-484763869-725345543-1003\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan (User '?')
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 3824 bytes


Uninstall List Dell

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Internet Security
Dell Media Experience
High Definition Audio Driver Package - KB835221
HiJackThis
Intel(R) PRO Network Connections Drivers
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
SigmaTel Audio
User Profile Hive Cleanup Service
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Mymania
Active Member
 
Posts: 6
Joined: August 25th, 2010, 9:18 am
Advertisement
Register to Remove

Re: Computers running amuck

Unread postby askey127 » August 30th, 2010, 3:09 pm

Mymania,
There is a lot here.
Please read this whole thing VERY CAREFULLY FIRST, BEFORE DOING ANYTHING. <--sorry about the caps
If I have any misconceptions about your setup, tell me first, before doing anything.

In this kind of a situation, just fixing one machine while all are on the network (router) is a futile task.
The infected ones will just instantly re-infect the good ones.
These three machines need to each be on the network ONE AT A TIME, until they are cleaned.
When a machine is cleaned it has to be set aside until each of the others are cleaned in turn also.
A clean one should NEVER be reconnected to the router while infected ones are present on the same router.

If you want to attack this problem, each machine can possibly be cleaned, but they have to be done one at a time, and cannot be connected together safely until ALL of them are clean.
Connecting a clean and an infected computer to the same wireless or wired router can put the clean one right back where it started in less than 30 seconds.

If you want to pursue this, I will help, but there are limits to what online malware removal can do.
You would have to be very disciplined, and not perform any tasks not authorized by the helper.

You may decide this is too complex or difficult to do online.

If you have read this, and you think I understand your system, and you want to proceed:
----------------------------------------------------
First Unhook the Other Two machines
  • If the network you have is a wireless one, you will need to shut off the wireless networking on the other two machines while we work on this one.
    To shut off a networking connection:
    Go to Start, Control Panel, Network Connections
    Right click on the item that is your network and choose Disable
  • If you have a wired network, just unplugging the Ethernet cable will disconnect the machine.
----------------------------------------------------
Re-Install the Router Settings and Password
For starters, I want you to find the Users guide for your network router.
I want you to go thru the routine of setting it up and making sure there are no extra addresses in your setup, only the ones for your Internet provider.

Then you need to change the password for the administrator account on the router.
In the setup there is always a tab where you can change the router administrator password.

They actually publish the list of the original, default passwords for each router on the Internet.
You can look it up for your make and model.
Router Passwords Default List : http://www.phenoelit-us.org/dpl/dpl.html

If you don't change it, a ZLOB or other infection can use the default password and change your router settings, so as to intercept every communication by passing it through a spyware server.
It will definitely produce redirects and infections.
The router will likely have to be re-installed so the malware server address can be removed. (Then you can change your own password)
If you can find the instructions that came with the router, it may save a bit of work.
If you need help with setting the Router again, let me know.
This is only the preliminary part (to fix the router so it won't be hacked)
----------------------------------------------------
Tell me if this is too much, or if I have incorrectly assumed something.
Also tell me which items are not clear, or which you need help on.

After we understand each other, and are sure the router is safe, we can get going on machine #1.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computers running amuck

Unread postby Mymania » August 30th, 2010, 5:05 pm

I am a novice, but I follow direction pretty well...The only computer I have that has been connected to my Two wire gateway is my toshiba AMD 64 laptop, which was new at the time, it does connect via wireless adapter. I do not have any other computer connected to the gateway at this time. .. It is running windows 7...Should we start with this one since it is my primary connection currently? If so I need to submit logs for it...I'm only using the 2wire gateway,(I have ATT U-Verse) and I can change the password on it. I may need some assistance with checking the addresses however to make sure ther are no malwae addresses. If necessary I do have a seperate router, but it is not connected(and has not been)since my new service started.
Mymania
Active Member
 
Posts: 6
Joined: August 25th, 2010, 9:18 am

Re: Computers running amuck

Unread postby askey127 » August 31st, 2010, 7:12 am

Mymania,
Is the Windows 7 system on the Toshiba laptop 32 bit or 64 bit ?
We are not yet disinfecting 64 bit systems on the forum here, due to limitations in the online tools we have.

I am not sure what you mean by a two wire gateway.
Your Internet cable should be connected directly to a modem.
The modem is then connected to any wireless router you have.
The router setup should be checked and the password changed.
Does this make sense?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computers running amuck

Unread postby Mymania » August 31st, 2010, 8:40 am

Can you tell me how to determine if it is 32 bit or 64 bit?

The 2 wire gateway is a combination modem and router.
Mymania
Active Member
 
Posts: 6
Joined: August 25th, 2010, 9:18 am

Re: Computers running amuck

Unread postby askey127 » August 31st, 2010, 1:41 pm

Click Start, Computer.
Right click on an open space and choose Properties.
See what the window says next to "System Type".
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computers running amuck

Unread postby Mymania » September 1st, 2010, 9:02 am

64 Bit
Mymania
Active Member
 
Posts: 6
Joined: August 25th, 2010, 9:18 am

Re: Computers running amuck

Unread postby askey127 » September 1st, 2010, 10:40 am

Sorry, we cannot yet do fixes online for 64 bit machines on this forum.
viewtopic.php?f=11&t=47959

You should do the modem/router checks, however.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computers running amuck

Unread postby Mymania » September 1st, 2010, 3:12 pm

Thank you
Mymania
Active Member
 
Posts: 6
Joined: August 25th, 2010, 9:18 am

Re: Computers running amuck

Unread postby askey127 » September 2nd, 2010, 1:42 pm

This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware