very slow connection...malware?

View previous topic View next topic Go down

very slow connection...malware?

Post by raif on 15th December 2008, 4:03 pm

I noticed that my home page was changed and after a restart, the PC is running extremely slow, 10 mins to connect to internet...do you see anything funky here?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:07 AM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Symantec\Backup Exec\beserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 3179 bytes

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Belahzur on 15th December 2008, 5:07 pm

Hello.
How did that happen. Sad tearing



  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 15th December 2008, 6:20 pm

I"ve run combo fix three times now and it is not creating a log...

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Nazzgull on 15th December 2008, 6:29 pm

I can't even run it Sad tearing



Nazzgull
Top Dog
Top Dog

Posts Posts : 2330
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : Windows 7 Professional
Points Points : 40505
# Likes # Likes : 1

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 15th December 2008, 6:36 pm

should I try to download it from the 2nd links?

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Belahzur on 15th December 2008, 6:39 pm

No.
It there a C:\combofix.txt? or C:\combofix\combofix.txt present?
Incomplete logs are saved in the combofix folder normally.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 15th December 2008, 6:40 pm

there is no log in C:\ and the folder is empty. I'll download the new one now

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Belahzur on 15th December 2008, 6:44 pm

Run MBAM instead and we'll see what we can find.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 15th December 2008, 10:14 pm

MBAM had been scanning for 2 hours and 49 minutes and found three infections before timing out and going to "not responding"...I guess I'm going to run it again.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 16th December 2008, 12:20 am

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/15/2008 7:11:16 PM
mbam-log-2008-12-15 (19-11-16).txt

Scan type: Quick Scan
Objects scanned: 63968
Time elapsed: 1 hour(s), 48 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a48fe9ac-dd02-4ff7-9211-b7ba9a2c8bf2} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\gotomypc_370.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


I ran this, saw the infections, restarted and it's moving very slow still...not wanting to connect

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by raif on 16th December 2008, 1:08 am

it's connecting but taking about 25-30 minutes and still not completely finished

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29540
# Likes # Likes : 0

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Belahzur on 16th December 2008, 1:59 am

Sad tearing
I still have no idea what's causing this then, give me till tomorrow afternoon UK time and i'll see if I come up with anything.

But my guess right now, either your drivers are corrupt and need a new installation.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: very slow connection...malware?

Post by Doctor Inferno on 17th January 2009, 10:38 am

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104650
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum