Sick Laptop

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Sick Laptop

Post by racafrustrated on Mon 25 Nov 2013, 6:05 am

First topic message reminder :

Hi again. Love this site.... I have not needed to use it for a few years. But I now have a sick laptop. It is running Windows Vista. The problem that I am having is it locks up every few minutes and forces me to restart it. I have not been able to download and run "AdwCleaner.exe" yet. I will keep working on that and post the results if I can keep it running long enough. Any tips before then would be great. Thanks!

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down


Re: Sick Laptop

Post by Superdave on Sat 30 Nov 2013, 1:49 pm

racafrustrated wrote:it shows up under..

c:\adwcleaner\quarantine\C\Wajam....


should I delete it?
Uninstall adwcleaner and all those quarantined items will disappear. Check in your programs and see is there's a program called Wajam. If it's there, uninstall it.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Sat 30 Nov 2013, 1:58 pm

Ho do I uninstall it?

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Sat 30 Nov 2013, 1:59 pm

It does not show up in the windows .. control panel - programs...

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Sat 30 Nov 2013, 6:01 pm

OK.... I got it removed now.

Whats next?


racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Sun 01 Dec 2013, 7:00 am

racafrustrated wrote:OK....  I got it removed now.

Whats next?

Please run MBAM again just to make sure it's gone.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Sun 01 Dec 2013, 3:17 pm

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.11.30.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Candi :: CANDI-BLUEJR [administrator]

Protection: Enabled

11/30/2013 4:02:05 PM
mbam-log-2013-11-30 (16-02-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 500194
Time elapsed: 1 hour(s), 55 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Sun 01 Dec 2013, 4:18 pm

Its still hanging up using google chrome or fire fox....

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Mon 02 Dec 2013, 7:30 am

Download Process Explorer: [You must be registered and logged in to see this link.]
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 10:07 am

Here is the file. Thanks

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 10:08 am

Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 86.15 0 K 24 K 0
System 0.77 0 K 22,120 K 4
Interrupts 2.31 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 476 K 1,036 K 500
avgchsva.exe 54,816 K 32,376 K 532
csrss.exe 2,720 K 7,380 K 736
wininit.exe 1,792 K 5,304 K 780
services.exe 3,404 K 8,524 K 836
svchost.exe 3,492 K 7,756 K 384 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 4,392 K 8,340 K 568 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 17,500 K 16,896 K 756 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 13,636 K 16,560 K 1112
svchost.exe 0.77 143,380 K 152,088 K 1008 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 3.08 36,492 K 47,900 K 1504 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 371,664 K 366,952 K 1028 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2,724 K 7,620 K 3216
taskeng.exe 2,208 K 6,000 K 3504
taskeng.exe < 0.01 10,448 K 13,032 K 3664 Task Scheduler Engine Microsoft Corporation taskeng.exe {31EFCE84-ADEE-4629-9532-35F6C0BE150E}
svchost.exe 2,496 K 6,064 K 1136 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe 8,544 K 13,608 K 1152 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
svchost.exe 11,008 K 17,732 K 1180 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 19,948 K 22,092 K 1328 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe 8,400 K 15,000 K 1752 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 46,428 K 52,384 K 1776 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
avgwdsvc.exe 9,716 K 19,672 K 1872 AVG Watchdog Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"
avgnsa.exe 5,344 K 828 K 2672
avgemca.exe 3,892 K 7,760 K 2688
SeaPort.EXE 5,384 K 9,752 K 1896 "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
svchost.exe 2,672 K 4,312 K 1924 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
svchost.exe 3,904 K 8,032 K 2008 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k hpdevmgmt
mbamscheduler.exe 2,572 K 6,840 K 1048 Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
mbamservice.exe 5.38 137,304 K 65,932 K 2108 Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
mbamgui.exe < 0.01 3,564 K 8,772 K 2232 Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
svchost.exe 1,344 K 3,964 K 2120 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k HPZ12
svchost.exe 1,284 K 3,636 K 2156 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k HPZ12
svchost.exe 3,024 K 7,040 K 2180 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 5,440 K 8,480 K 2240 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1,208 K 3,156 K 2272 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
WLIDSVC.EXE 7,584 K 12,540 K 2292 "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 1,556 K 3,696 K 2500
SearchIndexer.exe 110,600 K 23,624 K 2336 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 6,604 K 13,084 K 3928
SearchFilterHost.exe 3,456 K 5,964 K 3296
AVGIDSAgent.exe 18,840 K 14,772 K 2472 AVG Identity Protection Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"
svchost.exe 4,772 K 7,748 K 3208 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HPService
svchost.exe 2,148 K 5,200 K 2352 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
wmpnetwk.exe 6,096 K 12,412 K 684 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
TrustedInstaller.exe 13,392 K 17,864 K 2284 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
lsass.exe 4,208 K 11,052 K 848 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,908 K 5,260 K 860
csrss.exe 0.77 5,652 K 10,692 K 800
winlogon.exe 2,772 K 7,372 K 908
upeksvr.exe 4,736 K 9,720 K 1512
explorer.exe < 0.01 49,608 K 84,440 K 1096 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
wmpnscfg.exe 2,348 K 6,856 K 2940 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
procexp.exe 4,092 K 8,080 K 608 Sysinternals Process Explorer Sysinternals - [You must be registered and logged in to see this link.] "C:\Users\Candi\Desktop\fix-2\ProcessExplorer\procexp.exe"
procexp64.exe 0.77 20,496 K 36,760 K 3356 Sysinternals Process Explorer Sysinternals - [You must be registered and logged in to see this link.] "C:\Users\Candi\Desktop\fix-2\ProcessExplorer\procexp.exe"
avgrsa.exe 1,356 K 1,988 K 4044
avgcsrva.exe 11,476 K 45,072 K 2324

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Mon 02 Dec 2013, 12:43 pm

I'm afraid that I have some bad news. See here.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 1:42 pm


Great..... A couple of questions...

1) I have two other desktop computers on a home network, both appear to be working fine. Should I be concerned about them? We also have a varrity of wireless apple devices on the same network, ipad, ipod, iphone etc. Will these be ok?


"...your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted."

2) if I reformat the hard drive and reload the OS can I trust it then?

I think I will take your advise and reformat the hard drive....

Thanks for your help!

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 1:44 pm

Another question....

1) Do you have any idea how i got the Trojan? Or how I can avoid them?

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Mon 02 Dec 2013, 1:58 pm

I have two other desktop computers on a home network, both appear to be working fine. Should I be concerned about them? We also have a varrity of wireless apple devices on the same network, ipad, ipod, iphone etc. Will these be ok?
They should be ok if they're not showing any signs of infection. If you wish we can run some scans on them later.
if I reformat the hard drive and reload the OS can I trust it then?
Yes, if you do a reformat and re-install.

To wipe the drive clean, re-format and reinstall the OS.

Do you have any idea how i got the Trojan? Or how I can avoid them?.
It's almost impossible to tell how it was infected.

Question
How does a computer get infected with a virus or spyware?

Answer
There are literally dozens of different ways a computer can become infected with spyware, viruses, and other malware. Below is a list of the most common ways a computer can contract these infections listed in the order we believe are most commonly done.

Tip: All people who use the computer should be aware of how to properly use the computer and protect it from malicious software.

Accepting without reading

By far one of the most common ways a computer becomes infected is the user accepts what he or she sees on the screen without reading the prompt or understand what it's asking.

Some common examples:

1.While browsing the Internet, an Internet advertisement or window appears that says your computer is infected or that a unique plug-in is required. Without fully understanding what it is you're getting, you accept the prompt.
2.When installing or updating a program, you're prompted (often checkboxes already checked) if it's ok to install additional programs that you may not want or are designed to monitor your usage of the program.
Opening e-mail attachments

Another very common way people become infected with viruses and other spyware is by opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail addresses can be faked and even when not faked your acquaintance may unsuspectingly be forwarding you an infected file.

When receiving an e-mail with an attachment, if the e-mail was not expected or from someone you don't know delete it. If the e-mail is from someone you know, be cautious when opening the attachment.

Not running the latest updates

Many of the updates, especially those associated with Microsoft Windows and other operating systems and programs, are security updates. Running a program or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.

How to update a Microsoft Windows computer.
In addition to running operating system updates, the plugins associated with your browser can often contain security vulnerabilities. Make sure you have the latest versions of plugins. Click here to view installed plugins and their versions.

Pirating software, music, or movies

If you or someone on your computer is participating in underground places on the Internet where you're downloading copyrighted music, movies, software, etc. for free, often many of the files can contain viruses, spyware or malicious software.

No antivirus spyware scanner

If you're running a computer with Microsoft Windows it's highly recommended you have some form of antivirus and spyware protection on that computer to help clean it from any infections currently on the computer and to help prevent any future infections.

What are the current available antivirus programs?
My web browser has been hijacked.
Downloading infected software

Finally, downloading any other software from the Internet can also contain viruses and other malware. When downloading any software (programs, utilities, games, updates, demos, etc.), make sure you're downloading the software from a reliable source and while installing it you're reading all prompts about what the program is putting on your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 2:19 pm

":Though the Trojan has been identified and can be killed,"


Should we kill the Trojan before I format the hard drive?

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 5:20 pm

I finished reformatting the drive and now I am loading the drivers and programs etc.

What should I use for virus protection. I had been using AVG. Is this still a good option?

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Mon 02 Dec 2013, 5:37 pm

What do you recommend for a web broser....

microsoft?
chrome?
fire fox?


racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Tue 03 Dec 2013, 6:46 am

What should I use for virus protection. I had been using AVG. Is this still a good option?.
I prefer MicroSoft Security Essentials.

MicroSoft Security Essentials All versions and all languages.
What do you recommend for a web broser....
I prefer Internet Explorer but some say FireFox is a safer browser.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Tue 03 Dec 2013, 7:54 am

Thanks! Are there security problems with google chrome?

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Tue 03 Dec 2013, 11:48 am

racafrustrated wrote:Thanks!  Are there security problems with google chrome?
None that I know off. Of course, it all depends on which sites you visit which I why I advise using WOT to tell you sites are dangerous.

WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Wed 04 Dec 2013, 3:13 pm

The laptop is up and running with no problems!!!!! Thanks for your help.

Now on to the other desktop to make sure it is clean. Should I post here or start a new post?


racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Thu 05 Dec 2013, 6:47 am

racafrustrated wrote:The laptop is up and running with no problems!!!!!  Thanks for your help.

Now on to the other desktop to make sure it is clean.  Should I post here or start a new post?

Please start a new thread.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by racafrustrated on Thu 05 Dec 2013, 3:52 pm

Thanks I will.

racafrustrated

Rookie Surfer
Rookie Surfer

Posts : 124
Joined : 2009-03-16
Operating System : windows xp

View user profile

Back to top Go down

Re: Sick Laptop

Post by Superdave on Fri 06 Dec 2013, 4:10 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Sick Laptop

Post by Sponsored content Today at 1:15 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum