Avast WEBforum
Other => Viruses and worms => Topic started by: Synco on May 08, 2011, 01:41:18 PM
-
Hello, I've got a problem I can't solve and I need your help. I'm writing from my iPad so there could be autocorrect mistakes in the text below.
My pc is running windows 7, no anti viruses or firewalls. I haven't been using any av software since 2000 and it was fine till now, unfortunately.
When I started my pc this morning is was like superslow. To load all the icons it took about 15 minutes. In safe mode I've got the same problem. I barely can open a window or run task manager. So when I open the task manager it shows processes with 00 or 01% processor time. Mayb task manager sometimes is about 40%. But the task manager shows 100% CPU load. I can't install an antivirus or even open my browser. I downloaded drweb live cd but, booted from it but it didn't help so far.
Yesterday I was getting task scheduler error message during the day, but I didn't reboot my pc.
What virus could this be and what can I do about it? Thanks in advance.
- synco
-
as long as you don't tell which process shows the 100% CPU load, there's not much to add...
also:
My pc is running windows 7, no anti viruses or firewalls. I haven't been using any av software since 2000 and it was fine till now, unfortunately.
... what do you expect ::)
-
yep, it wasn't very clever of me to not use av software...
There is the thing that there is no ruining processes using 100 % cpu. But cpu load is 100 % according to the performance bookmark in the task manager.
-
Hi there first off we need to determine if it is malware causing the problem
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
THEN
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
-
The Main Problem is that I can't open browser, or it probably ail take few days justto open it. Is it possible to run it from a bootable disk somehow?
-
One bootable disc coming up - this will allow internet access and it has a browser, either chrome or FF not sure which
Please print these instruction out so that you know what you are doing
Latest version: v3.1.46.0
OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB
- Download the attached scan.txt to a USB drive
- Download OTLPENet.exe (http://oldtimer.geekstogo.com/OTLPENet.exe) to your desktop
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
- Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Double click the Custom scans and fixes box
- In the dialogue locate the scan.txt you have on the USB
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system.
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
-
I just returned home, looks like the process is wininit.exe. I googled that it looks pretty much like the cause of the nuisance. But still I can't just end the process or download anything to this machine. If I found the alleged cause, I don't think I need to run the bootable thigy since it just checks the processes, right?
-
No the bootable disc will allow me to check for any malware on the system and then remove it.. If it is wininit, it may be infected, in which case I could replace it
-
here it is
-
I have had a look and I see that you have qip installed - are you aware of this and did you install it ?
-
Yep, it's an IM .never had problems with it.
There are 3 processes which load cow most. Wininit.exe, services.exe and explorer exe. I managed to lower the priority of these processes but CPU load remains the same. I tried to use online scanners to check these files (using firefox from the Ilive cd from your link in. This topic), they seem clear. I deleted all the tasks from windows/tasks folder. I even borrowed an avast Bart cd with the up to date virus bases, still nothing.
When I boot from the live cd, the task manager shows adequate CPU load which is 00-02% idle.
I tried to install malwarebytes' software but I can't run it. The process starts, loads 60kb into memory(according to the task manager) and remains the same with no signs of progress.
I'm quite desperate about this :(
-
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
- Insert your USB drive with fix.txt on it
- Start OTLPE
- Drag and drop fix.txt into the Custom scans and fixes box
- If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done to normal mode if possible
- Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
-
Thanks for help, essexboy. I just couldn`t wait anymore and formatted c: :) so the problem can be considered solved. Thank you once again. Now the first app I installed on my new system was avast.
-
Is your machine working normally now? Is Avast working? I would recommend updating the Avast definitions and running a Full and boot-time scans as well as updating and running a Quick MBAM scan and report back.
-
Yep, everything is working fine. Avast is working, just updated the definitions a minute ago. I will do the MBAM scan and will post it there as soon as I get my system fully checked.