Stupid Malware...

1356

Comments

  • Jstas
    Jstas Posts: 14,842
    edited October 2009
    You should download HijackThis! (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html) and run it. There are two things you need to do with it.

    First, run the system scan and save a logfile, you're gonna need the output.

    Second, open the Miscellaneous Tools section and run the process manager.

    Find stuff that is not owned by SYSTEM in the task list in Windows. Then, in the process manager in HijackThis, in the upper right corner click on the "show dll" check box. Then, find the process from the task list in the process manager in HijackThis and look for the directory path where that process is originating from in the process manager. Also take note of all the DDL files associated.

    Find the problem spots associated with the running processes in the scan file you saved. Have HijackThis run the scan again and fix the problems you select by checking the check boxes next to the offending entries.

    Once that is done, reboot.

    When it restarts, go and remove the actual executables from the file system. If you cannot remove them, you may need to boot in to safe mode and remove them that way.

    Once that is done, reboot again.

    If that doesn't fix your problem, your problem is likely beyond your capabilities and you need a pro to handle it. Depending on the pro they will either fix your system or reload. Since they want to make as much money while spending as little time as possible, they will likely reload and that's a shame.
    Expert Moron Extraordinaire

    You're just jealous 'cause the voices don't talk to you!
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    John30_30 wrote: »
    I saw you had Instant Messenger installed. Try uninstalling that, it's not malware per se, just very **** software. AOL, capeesh?

    If that was the issue, look around for an older version to install.

    Gone. Any other programs from the list that I should get rid of?

    (See posts # 6 and 11)
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    I don't understand why people make such a big deal about wiping a system. Assuming you partition things correctly (IE have non-program data on a separate partition that will not get wiped), it is almost always a quicker and more effective endeavor than debugging a very difficult problem. YOu can say it's "lazy" or "easy" but the fact remains that your time is valuable, and spending 3 days debugging and cleaning a system is a waste of time when you can have it completely re-isntalled in a matter of 4 hours at the outside, with the bonus being that the reinstall is MUCH more likely to be effective. Even the most talented computer folk can easily miss something when removing malware or viruses.

    It's not something that should be done on a whim, for sure, but it's not a horrible option as far as not wasting your time goes.
    If you will it, dude, it is no dream.
  • KrazyMofo24
    KrazyMofo24 Posts: 1,210
    edited October 2009
    bobman1235 wrote: »
    I don't understand why people make such a big deal about wiping a system. Assuming you partition things correctly (IE have non-program data on a separate partition that will not get wiped), it is almost always a quicker and more effective endeavor than debugging a very difficult problem. YOu can say it's "lazy" or "easy" but the fact remains that your time is valuable, and spending 3 days debugging and cleaning a system is a waste of time when you can have it completely re-isntalled in a matter of 4 hours at the outside, with the bonus being that the reinstall is MUCH more likely to be effective. Even the most talented computer folk can easily miss something when removing malware or viruses.

    It's not something that should be done on a whim, for sure, but it's not a horrible option as far as not wasting your time goes.

    That's true that option is always there. Unless the user has everything backed up or have a good imaging software. The process of backing up everything, which I agree should be done anyways, and reinstalling all your programs can be time consuming too.


    http://www.somelifeblog.com/2007/05/fixed-windows-xp-explorerexe-100-cpu.html

    This site shows to have some possible solutions. I would also check out some of the comments too.
    Setup:

    2 Channel: Vienna Acoustics Mozart Grand, T+A P 1230R, Primare SPA21, Oppo BDP-105
    PC: Vienna Acoustics Haydn Grand, Cambridge Azure 650A v2 , Peachtree iDAC, Denon DVD-3800BDCI

  • bigaudiofanatic
    bigaudiofanatic Posts: 4,415
    edited October 2009
    I do not see why he keeps asking what to do. He has had numerous reply half saying malware bytes which he says does not work than hijack this which he has not installed, and numerous people have said wipe it out and you say you do not want to do that. Even though it take like 45 minutes tops. Just wipe it out and start fresh I saw by your defrag scan that you have literally nothing on the hard drive and what you do have can probably put on a thumb drive. Start fresh wipe it out
    HT setup
    Panasonic 50" TH-50PZ80U
    Denon DBP-1610
    Monster HTS 1650
    Carver A400X :cool:
    MIT Exp 3 Speaker Wire
    Kef 104/2
    URC MX-780 Remote
    Sonos Play 1

    Living Room
    63 inch Samsung PN63C800YF
    Polk Surroundbar 3000
    Samsung BD-C7900
  • nguyendot
    nguyendot Posts: 3,594
    edited October 2009
    Main Surround -
    Epson 8350 Projector/ Elite Screens 120" / Pioneer Elite SC-35 / Sunfire Signature / Focal Chorus 716s / Focal Chorus CC / Polk MC80 / Polk PSW150 sub

    Bedroom - Sharp Aquos 70" 650 / Pioneer SC-1222k / Polk RT-55 / Polk CS-250

    Den - Rotel RSP-1068 / Threshold CAS-2 / Boston VR-M60 / BDP-05FD
  • WilliamM2
    WilliamM2 Posts: 4,780
    edited October 2009
    appadv wrote: »
    Here you go:

    This is what I had before switching antivirus programs... basically without Kaspersky installed yet.

    Nothing really strange there. But I do wonder why TINTSETP is running twice. Uncheck both of those and reboot (you don't need it), doubt it will make any difference though.
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    I do not see why he keeps asking what to do. He has had numerous reply half saying malware bytes which he says does not work than hijack this which he has not installed, and numerous people have said wipe it out and you say you do not want to do that. Even though it take like 45 minutes tops. Just wipe it out and start fresh I saw by your defrag scan that you have literally nothing on the hard drive and what you do have can probably put on a thumb drive. Start fresh wipe it out

    First of all, I installed HijackThis. I didn't remove anything with HijackThis because it picked up software that I used (Kaspersky, AVG, for example).

    Second, how am I supposed to reinstall the system if I don't have ANY of the restore disks with me? I didn't bring any of my restore disks when I moved out of my parents' house.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    Have them mail them to you? Download new ones? Give up on computers altogether?
    If you will it, dude, it is no dream.
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    bobman1235 wrote: »
    Have them mail them to you? Download new ones? Give up on computers altogether?

    I don't even know where they are. Better option would be to buy the recovery disks from HP, since this machine doesn't have the recovery partition on the hard drive.

    Jstas says it's not necessary though.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    Jstas is absolutely right, it's most likely not necessary, but you could spend weeks trying to track this problem down, I'm just trying to save you some time and headache (assuming this PC is important to you, rather than just some extra you're playing with)
    If you will it, dude, it is no dream.
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    This is my main machine for work, so it's important to me.

    I have an HP Digital Entertainment Center z560 connected to the Epson projector at home, and a Dell desktop hooked up to the Sony KD-34XBR960 for games. Then a Lenovo laptop w/ an InFocus projector for presentations. Those are the "extra" machines laying around but I don't have any of them with me.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Unrelated to the PC problem, but also I have an HP LaserJet which tends to jam in Tray 2 when auto duplexing:
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Systems
    Systems Posts: 14,873
    edited October 2009
    Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

    http://www.eset.com/smartsecurity/

    And see what it picks up for outbound traffic....
    Testing
    Testing
    Testing
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Lorthos wrote: »
    Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

    http://www.eset.com/smartsecurity/

    I think I am going to buy this. My subscription for Kaspersky ends the end of this year, so I'll switch to ESET.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Systems
    Systems Posts: 14,873
    edited October 2009
    appadv wrote: »
    I think I am going to buy this. My subscription for Kaspersky ends the end of this year, so I'll switch to ESET.

    Don't buy it, just do the trial, I'm just interested to see if you can get something to find whats doing that outbound traffic....
    Testing
    Testing
    Testing
  • Face
    Face Posts: 14,340
    edited October 2009
    Jstas wrote: »
    I haven't reloaded a machine due to malware, viruses, spyware or trojans since Windows '95, when I didn't know any better.
    I've never either, seems like the easy way out.
    "He who fights with monsters should look to it that he himself does not become a monster. And when you gaze long into an abyss the abyss also gazes into you." Friedrich Nietzsche
  • Jstas
    Jstas Posts: 14,842
    edited October 2009
    Lorthos wrote: »
    Okay, I have one last suggestion. It doesn't look like your running a stand alone firewall. Why don't you download a trial version of ESET:

    http://www.eset.com/smartsecurity/

    And see what it picks up for outbound traffic....

    HijackThis comes with TrendMicro's ADS Spy utility for scanning for hidden datastreams. It's in the miscellaneous tools section. Output should be similar to what ESET gives you too.
    Expert Moron Extraordinaire

    You're just jealous 'cause the voices don't talk to you!
  • bobman1235
    bobman1235 Posts: 10,822
    edited October 2009
    Face wrote: »
    I've never either, seems like the easy way out.

    Heaven forbid! I much prefer the hard way of doing things.
    If you will it, dude, it is no dream.
  • Jstas
    Jstas Posts: 14,842
    edited October 2009
    Face wrote: »
    I've never either, seems like the easy way out.

    It's effective and sometimes, when things really are that bad, it's necessary.

    But I've always seen it as trying to kill a cockroach with a 12 pound sledgehammer.

    Besides, wiping out a system nowadays is devastating to most users because they don't back up regularly and they put their entire record of their lives on the systems. When you wipe out the hard drive and reinstall it shows a complete lack of concern for the user and data integrity. If it's not necessary, no need for such extensive collateral damage.

    If I had to wipe out the hard drive, I'd throw in ERD Commander, partition off a chunk of free space and backup irreplaceable files to that partition and then do a repair to the OS. It'll kill program associations and shared drives but it won't overwrite non-system files. If it does, the emergency partition is there with the backup. Another option is a USB hard drive. Just make sure you scan it for viruses on a machine configured to scan the USB drive before mounting.
    Expert Moron Extraordinaire

    You're just jealous 'cause the voices don't talk to you!
  • nms
    nms Posts: 671
    edited October 2009
    sucks2beme wrote: »
    At 256 you're just about crawling. 1g is just about minimum for running XP and
    some protection programs without killing your hard drive with all the diskswapping that will occur.

    The computer was a 486 processor with 256 MB of RAM. XP installed and ran fine. Disk activity was not excessive. I installed XP as an experiment, eventually I loaded Win2k on it that ran a teeny bit faster.

    Except for the processor, I was ABOVE XP's minimum requirements (taken directly from Microsoft's website):
    The minimum hardware requirements for Windows XP Home Edition are:

    * Pentium 233-megahertz (MHz) processor or faster (300 MHz is recommended)
    * At least 64 megabytes (MB) of RAM (128 MB is recommended)
    * At least 1.5 gigabytes (GB) of available space on the hard disk
    * CD-ROM or DVD-ROM drive
    * Keyboard and a Microsoft Mouse or some other compatible pointing device
    * Video adapter and monitor with Super VGA (800 x 600)or higher resolution
    * Sound card
    * Speakers or headphones

    OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.
    My system

    "The world is an ever evolving clusterf*ck." --treitz3
  • KrazyMofo24
    KrazyMofo24 Posts: 1,210
    edited October 2009
    nms wrote: »
    The computer was a 486 processor with 256 MB of RAM. XP installed and ran fine. Disk activity was not excessive. I installed XP as an experiment, eventually I loaded Win2k on it that ran a teeny bit faster.

    Except for the processor, I was ABOVE XP's minimum requirements (taken directly from Microsoft's website):


    OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.

    256MB is slow as soon you install an internet security suite, and just load up some basic applications such as outlook, office, or a browser. Sure it'll run just slow. With the prices of RAM these days you can get a 1gb stick for pretty cheap.
    Setup:

    2 Channel: Vienna Acoustics Mozart Grand, T+A P 1230R, Primare SPA21, Oppo BDP-105
    PC: Vienna Acoustics Haydn Grand, Cambridge Azure 650A v2 , Peachtree iDAC, Denon DVD-3800BDCI

  • KrazyMofo24
    KrazyMofo24 Posts: 1,210
    edited October 2009
    bobman1235 wrote: »
    Heaven forbid! I much prefer the hard way of doing things.

    This just really depends on the user. For me it would be easier to spend a couple hours on the internet researching the issue, and fixing it. It would take me more time and hassle backing up everything, formatting, and reinstalling everything.

    Someone who doesn't use very many programs, and doesn't have that much information to backup then restoring the PC would be the easier option. In this case he does not have the restore disks, depending on the age of the PC most manufactures will charge a couple hundred to ship the discs if it's out of warranty.

    Appadv you should check your programs most computers will have a program to allow you to burn a copy of the restore disks, you can also check the BIOS screen and see if there is an option to hit an Fn key to run the restore a lot of pc's also have a partition with the restore software.

    Anyways bottom line is since you haven't figured out how to fix this issue by now, Bobman is right you should just backup and do a system restore.

    If you can't find the restore disks, then get a copy of Windows 7 when it comes out if you have a newer PC. You can also buy an OEM Windows XP disk from Fry's or Newegg.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16832116511

    If you go this route download the drivers from your OEM's Website.
    Setup:

    2 Channel: Vienna Acoustics Mozart Grand, T+A P 1230R, Primare SPA21, Oppo BDP-105
    PC: Vienna Acoustics Haydn Grand, Cambridge Azure 650A v2 , Peachtree iDAC, Denon DVD-3800BDCI

  • inspiredsports
    inspiredsports Posts: 5,501
    edited October 2009
    Sorry for the delay in getting back; a nice day and 7.5 acres of lawn were calling.

    It sounds like explorer has been compromised and there are many rootkits that are able to hide themselves and cause the problems you are experiencing.

    There is a simple built in Windows Operating System scanner called System File Checker (sfc.exe) that I would run (I lost track if you have it or not, but you MUST have a valid Windows CD in the drive).

    Go to Start/Run
    In the Open: box, type: cmd
    At the end of the C:\ prompt, type: sfc.exe /scannow

    A box will pop up and run the comparison, checking for non-Microsoft signed files and sfc will replace bad files.

    You should run Windows Update or Microsoft Update after any files have been replaced.

    ######################

    Also, if you do not have OS discs, but have kept current on Windows Updates, try:

    Start/Run
    cmd
    mrt.exe

    (this is the Microsoft "Malicious Removal Tool" that works to remove many common malware programs. Run it in "Full Scan" mode; it will take a while depending upon how many files are on your hard drive.)
    VTL ST50 w/mods / RCA6L6GC / TlfnknECC801S
    Conrad Johnson PV-5 w/mods
    TT Conrad Johnson Sonographe SG3 Oak / Sumiko LMT / Grado Woodbody Platinum / Sumiko PIB2 / The Clamp
    Musical Fidelity A1 CDPro/ Bada DD-22 Tube CDP / Conrad Johnson SD-22 CDP
    Tuners w/mods Kenwood KT5020 / Fisher KM60
    MF x-DAC V8, HAInfo NG27
    Herbies Ti-9 / Vibrapods / MIT Shotgun AC1 IEC's / MIT Shotgun 2 IC's / MIT Shotgun 2 Speaker Cables
    PS Audio Cryo / PowerPort Premium Outlets / Exact Power EP15A Conditioner
    Walnut SDA 2B TL /Oak SDA SRS II TL (Sonicaps/Mills/Cardas/Custom SDA ICs / Dynamat Extreme / Larry's Rings/ FSB-2 Spikes
    NAD SS rigs w/mods
    GIK panels
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Thanks for all your help guys.

    Why does this have to happen right in the middle of Midterm week?

    Argh...
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    nms wrote: »
    OP: sounds like your computer is part of a bot-net. If you have to re-install, DON'T use HP's restoration CDs unless you have to - they have a bunch of crap on them you don't really need to have installed. If your computer is 3 or 4 years old or older, XP will probably have all the necessary drivers for your hardware included, so re-loading the OS from a standard installation disk will give you a cleaner and faster installation.

    The HP restoration CD's are around $25, I know it's not the best option but it's cheap so I am going to order them.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    Anyways bottom line is since you haven't figured out how to fix this issue by now, Bobman is right you should just backup and do a system restore.

    Yes, I'm going to do a full system restore from HP's recovery CD set.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!
  • audiobliss
    audiobliss Posts: 12,518
    edited October 2009
    I would imagine you can by XP Pro from you school for certainly no more than that, and I'd definitely rather go that route than using the HP recovery CD's. Not to mention you wouldn't have to wait for shipping.
    Jstas wrote: »
    Simple question. If you had a cool million bucks, what would you do with it?
    Wonder WTF happened to the rest of my money.
    In Use
    PS3, Yamaha CDR-HD1300, Plex, Amazon Fire TV Gen 2
    Pioneer Elite VSX-52, Parasound HCA-1000A
    Klipsch RF-82ii, RC-62ii, RS-42ii, RW-10d
    Epson 8700UB

    In Storage
    [Home Audio]
    Rotel RCD-02, Yamaha KX-W900U, Sony ST-S500ES, Denon DP-7F
    Pro-Ject Phono Box MKII, Parasound P/HP-850, ASL Wave 20 monoblocks
    Klipsch RF-35, RB-51ii

    [Car Audio]
    Pioneer Premier DEH-P860MP, Memphis 16-MCA3004, Boston Acoustic RC520
  • inspiredsports
    inspiredsports Posts: 5,501
    edited October 2009
    appadv wrote: »
    Thanks for all your help guys.

    Why does this have to happen right in the middle of Midterm week?

    Argh...

    Murphy's Law . . . :D
    VTL ST50 w/mods / RCA6L6GC / TlfnknECC801S
    Conrad Johnson PV-5 w/mods
    TT Conrad Johnson Sonographe SG3 Oak / Sumiko LMT / Grado Woodbody Platinum / Sumiko PIB2 / The Clamp
    Musical Fidelity A1 CDPro/ Bada DD-22 Tube CDP / Conrad Johnson SD-22 CDP
    Tuners w/mods Kenwood KT5020 / Fisher KM60
    MF x-DAC V8, HAInfo NG27
    Herbies Ti-9 / Vibrapods / MIT Shotgun AC1 IEC's / MIT Shotgun 2 IC's / MIT Shotgun 2 Speaker Cables
    PS Audio Cryo / PowerPort Premium Outlets / Exact Power EP15A Conditioner
    Walnut SDA 2B TL /Oak SDA SRS II TL (Sonicaps/Mills/Cardas/Custom SDA ICs / Dynamat Extreme / Larry's Rings/ FSB-2 Spikes
    NAD SS rigs w/mods
    GIK panels
  • Serendipity
    Serendipity Posts: 6,975
    edited October 2009
    audiobliss wrote: »
    I would imagine you can by XP Pro from you school for certainly no more than that, and I'd definitely rather go that route than using the HP recovery CD's. Not to mention you wouldn't have to wait for shipping.

    I can buy Vista from my school for something like $17, but they don't have XP anymore.
    polkaudio RT35 Bookshelves
    polkaudio 255c-RT Inwalls
    polkaudio DSWPro550WI
    polkaudio XRT12 XM Tuner
    polkaudio RM6750 5.1

    Front projection, 2 channel, car audio... life is good!