Stupid Malware...

Jstas

You should download HijackThis! (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html) and run it. There are two things you need to do with it.

First, run the system scan and save a logfile, you're gonna need the output.

Second, open the Miscellaneous Tools section and run the process manager.

Find stuff that is not owned by SYSTEM in the task list in Windows. Then, in the process manager in HijackThis, in the upper right corner click on the "show dll" check box. Then, find the process from the task list in the process manager in HijackThis and look for the directory path where that process is originating from in the process manager. Also take note of all the DDL files associated.

Find the problem spots associated with the running processes in the scan file you saved. Have HijackThis run the scan again and fix the problems you select by checking the check boxes next to the offending entries.

Once that is done, reboot.

When it restarts, go and remove the actual executables from the file system. If you cannot remove them, you may need to boot in to safe mode and remove them that way.

Once that is done, reboot again.

If that doesn't fix your problem, your problem is likely beyond your capabilities and you need a pro to handle it. Depending on the pro they will either fix your system or reload. Since they want to make as much money while spending as little time as possible, they will likely reload and that's a shame.

Serendipity

John30_30 wrote: »

I saw you had Instant Messenger installed. Try uninstalling that, it's not malware per se, just very **** software. AOL, capeesh?

If that was the issue, look around for an older version to install.

Gone. Any other programs from the list that I should get rid of?

(See posts # 6 and 11)

bobman1235

I don't understand why people make such a big deal about wiping a system. Assuming you partition things correctly (IE have non-program data on a separate partition that will not get wiped), it is almost always a quicker and more effective endeavor than debugging a very difficult problem. YOu can say it's "lazy" or "easy" but the fact remains that your time is valuable, and spending 3 days debugging and cleaning a system is a waste of time when you can have it completely re-isntalled in a matter of 4 hours at the outside, with the bonus being that the reinstall is MUCH more likely to be effective. Even the most talented computer folk can easily miss something when removing malware or viruses.

It's not something that should be done on a whim, for sure, but it's not a horrible option as far as not wasting your time goes.

KrazyMofo24

bobman1235 wrote: »

I don't understand why people make such a big deal about wiping a system. Assuming you partition things correctly (IE have non-program data on a separate partition that will not get wiped), it is almost always a quicker and more effective endeavor than debugging a very difficult problem. YOu can say it's "lazy" or "easy" but the fact remains that your time is valuable, and spending 3 days debugging and cleaning a system is a waste of time when you can have it completely re-isntalled in a matter of 4 hours at the outside, with the bonus being that the reinstall is MUCH more likely to be effective. Even the most talented computer folk can easily miss something when removing malware or viruses.

It's not something that should be done on a whim, for sure, but it's not a horrible option as far as not wasting your time goes.

That's true that option is always there. Unless the user has everything backed up or have a good imaging software. The process of backing up everything, which I agree should be done anyways, and reinstalling all your programs can be time consuming too.


http://www.somelifeblog.com/2007/05/fixed-windows-xp-explorerexe-100-cpu.html

This site shows to have some possible solutions. I would also check out some of the comments too.

bigaudiofanatic

I do not see why he keeps asking what to do. He has had numerous reply half saying malware bytes which he says does not work than hijack this which he has not installed, and numerous people have said wipe it out and you say you do not want to do that. Even though it take like 45 minutes tops. Just wipe it out and start fresh I saw by your defrag scan that you have literally nothing on the hard drive and what you do have can probably put on a thumb drive. Start fresh wipe it out

nguyendot

Run Sophos Anti-rootkit

http://www.softpedia.com/get/Antivirus/Sophos-Anti-Rootkit.shtml

WilliamM2

appadv wrote: »

Here you go:

This is what I had before switching antivirus programs... basically without Kaspersky installed yet.

Nothing really strange there. But I do wonder why TINTSETP is running twice. Uncheck both of those and reboot (you don't need it), doubt it will make any difference though.

Serendipity

bigaudiofanatic wrote: »

I do not see why he keeps asking what to do. He has had numerous reply half saying malware bytes which he says does not work than hijack this which he has not installed, and numerous people have said wipe it out and you say you do not want to do that. Even though it take like 45 minutes tops. Just wipe it out and start fresh I saw by your defrag scan that you have literally nothing on the hard drive and what you do have can probably put on a thumb drive. Start fresh wipe it out

First of all, I installed HijackThis. I didn't remove anything with HijackThis because it picked up software that I used (Kaspersky, AVG, for example).

Second, how am I supposed to reinstall the system if I don't have ANY of the restore disks with me? I didn't bring any of my restore disks when I moved out of my parents' house.

bobman1235

Have them mail them to you? Download new ones? Give up on computers altogether?

Serendipity

bobman1235 wrote: »

Have them mail them to you? Download new ones? Give up on computers altogether?

I don't even know where they are. Better option would be to buy the recovery disks from HP, since this machine doesn't have the recovery partition on the hard drive.

Jstas says it's not necessary though.

bobman1235

Jstas is absolutely right, it's most likely not necessary, but you could spend weeks trying to track this problem down, I'm just trying to save you some time and headache (assuming this PC is important to you, rather than just some extra you're playing with)

Serendipity

This is my main machine for work, so it's important to me.

I have an HP Digital Entertainment Center z560 connected to the Epson projector at home, and a Dell desktop hooked up to the Sony KD-34XBR960 for games. Then a Lenovo laptop w/ an InFocus projector for presentations. Those are the "extra" machines laying around but I don't have any of them with me.

Serendipity

Unrelated to the PC problem, but also I have an HP LaserJet which tends to jam in Tray 2 when auto duplexing:

Systems

Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

http://www.eset.com/smartsecurity/

And see what it picks up for outbound traffic....

Serendipity

Lorthos wrote: »

Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

http://www.eset.com/smartsecurity/

I think I am going to buy this. My subscription for Kaspersky ends the end of this year, so I'll switch to ESET.

Systems

appadv wrote: »

I think I am going to buy this. My subscription for Kaspersky ends the end of this year, so I'll switch to ESET.

Don't buy it, just do the trial, I'm just interested to see if you can get something to find whats doing that outbound traffic....

Face

Jstas wrote: »

I haven't reloaded a machine due to malware, viruses, spyware or trojans since Windows '95, when I didn't know any better.

I've never either, seems like the easy way out.

Jstas

Lorthos wrote: »

Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

http://www.eset.com/smartsecurity/

And see what it picks up for outbound traffic....

HijackThis comes with TrendMicro's ADS Spy utility for scanning for hidden datastreams. It's in the miscellaneous tools section. Output should be similar to what ESET gives you too.

bobman1235

Face wrote: »

I've never either, seems like the easy way out.

Heaven forbid! I much prefer the hard way of doing things.

Jstas

Face wrote: »

I've never either, seems like the easy way out.

It's effective and sometimes, when things really are that bad, it's necessary.

But I've always seen it as trying to kill a cockroach with a 12 pound sledgehammer.

Besides, wiping out a system nowadays is devastating to most users because they don't back up regularly and they put their entire record of their lives on the systems. When you wipe out the hard drive and reinstall it shows a complete lack of concern for the user and data integrity. If it's not necessary, no need for such extensive collateral damage.

If I had to wipe out the hard drive, I'd throw in ERD Commander, partition off a chunk of free space and backup irreplaceable files to that partition and then do a repair to the OS. It'll kill program associations and shared drives but it won't overwrite non-system files. If it does, the emergency partition is there with the backup. Another option is a USB hard drive. Just make sure you scan it for viruses on a machine configured to scan the USB drive before mounting.

nms

sucks2beme wrote: »

At 256 you're just about crawling. 1g is just about minimum for running XP and
some protection programs without killing your hard drive with all the diskswapping that will occur.

The computer was a 486 processor with 256 MB of RAM. XP installed and ran fine. Disk activity was not excessive. I installed XP as an experiment, eventually I loaded Win2k on it that ran a teeny bit faster.

Except for the processor, I was ABOVE XP's minimum requirements (taken directly from Microsoft's website):

The minimum hardware requirements for Windows XP Home Edition are:

* Pentium 233-megahertz (MHz) processor or faster (300 MHz is recommended)
* At least 64 megabytes (MB) of RAM (128 MB is recommended)
* At least 1.5 gigabytes (GB) of available space on the hard disk
* CD-ROM or DVD-ROM drive
* Keyboard and a Microsoft Mouse or some other compatible pointing device
* Video adapter and monitor with Super VGA (800 x 600)or higher resolution
* Sound card
* Speakers or headphones

OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.

KrazyMofo24

nms wrote: »

The computer was a 486 processor with 256 MB of RAM. XP installed and ran fine. Disk activity was not excessive. I installed XP as an experiment, eventually I loaded Win2k on it that ran a teeny bit faster.

Except for the processor, I was ABOVE XP's minimum requirements (taken directly from Microsoft's website):


OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.

256MB is slow as soon you install an internet security suite, and just load up some basic applications such as outlook, office, or a browser. Sure it'll run just slow. With the prices of RAM these days you can get a 1gb stick for pretty cheap.

KrazyMofo24

bobman1235 wrote: »

Heaven forbid! I much prefer the hard way of doing things.

This just really depends on the user. For me it would be easier to spend a couple hours on the internet researching the issue, and fixing it. It would take me more time and hassle backing up everything, formatting, and reinstalling everything.

Someone who doesn't use very many programs, and doesn't have that much information to backup then restoring the PC would be the easier option. In this case he does not have the restore disks, depending on the age of the PC most manufactures will charge a couple hundred to ship the discs if it's out of warranty.

Appadv you should check your programs most computers will have a program to allow you to burn a copy of the restore disks, you can also check the BIOS screen and see if there is an option to hit an Fn key to run the restore a lot of pc's also have a partition with the restore software.

Anyways bottom line is since you haven't figured out how to fix this issue by now, Bobman is right you should just backup and do a system restore.

If you can't find the restore disks, then get a copy of Windows 7 when it comes out if you have a newer PC. You can also buy an OEM Windows XP disk from Fry's or Newegg.

http://www.newegg.com/Product/Product.aspx?Item=N82E16832116511

If you go this route download the drivers from your OEM's Website.

inspiredsports

Sorry for the delay in getting back; a nice day and 7.5 acres of lawn were calling.

It sounds like explorer has been compromised and there are many rootkits that are able to hide themselves and cause the problems you are experiencing.

There is a simple built in Windows Operating System scanner called System File Checker (sfc.exe) that I would run (I lost track if you have it or not, but you MUST have a valid Windows CD in the drive).

Go to Start/Run
In the Open: box, type: cmd
At the end of the C:\ prompt, type: sfc.exe /scannow

A box will pop up and run the comparison, checking for non-Microsoft signed files and sfc will replace bad files.

You should run Windows Update or Microsoft Update after any files have been replaced.

######################

Also, if you do not have OS discs, but have kept current on Windows Updates, try:

Start/Run
cmd
mrt.exe

(this is the Microsoft "Malicious Removal Tool" that works to remove many common malware programs. Run it in "Full Scan" mode; it will take a while depending upon how many files are on your hard drive.)

Serendipity

Thanks for all your help guys.

Why does this have to happen right in the middle of Midterm week?

Argh...

Serendipity

nms wrote: »

OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.

The HP restoration CD's are around $25, I know it's not the best option but it's cheap so I am going to order them.

Serendipity

KrazyMofo24 wrote: »

Anyways bottom line is since you haven't figured out how to fix this issue by now, Bobman is right you should just backup and do a system restore.

Yes, I'm going to do a full system restore from HP's recovery CD set.

audiobliss

I would imagine you can by XP Pro from you school for certainly no more than that, and I'd definitely rather go that route than using the HP recovery CD's. Not to mention you wouldn't have to wait for shipping.

inspiredsports

appadv wrote: »

Thanks for all your help guys.

Why does this have to happen right in the middle of Midterm week?

Argh...

Murphy's Law . . .

Serendipity

audiobliss wrote: »

I would imagine you can by XP Pro from you school for certainly no more than that, and I'd definitely rather go that route than using the HP recovery CD's. Not to mention you wouldn't have to wait for shipping.

I can buy Vista from my school for something like $17, but they don't have XP anymore.