Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on October 17, 2014, 04:26:28 PM
-
Hello,
I have a computer that about a month ago started to be really slow and strange things were occurring (music and voices heard, strange webpages flashing, freezing, fan running constantly). MBAM was run and AVG and both found items and "fixed" the issue. The computer was fine for a day but then some of the same symptoms returned and the computer was VERY slow.
I have found that iexplorer.exe is a running process in the Task Manager even though I have not opened IE. I can kill the process but it keeps opening back up on its own in the Task Manager. When iexplorer.exe is open the size in memory of this shoot up and the CPU shoots up as well. I have found that if I turn off the wireless and am not connected to a network that iexplorer.exe does not show back up in the processes.
I have attached my MBAM report from 2 days ago, a jpeg of the AVG items found, and the MBAM report from today. Whatever it is it seems like it "reinstalls" itself and cause the computer to be unusable because it is so slow. I appreciate any suggestions you are able to offer. Thanks in advance!
-
https://forum.avast.com/index.php?topic=53253.0
-
Initially run these two programmes please
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(https://dl.dropbox.com/u/73555776/tdss%20start.JPG)
- Then click on Change parameters.
(https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG)
- Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(https://dl.dropbox.com/u/73555776/tdss%20threat.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(https://dl.dropbox.com/u/73555776/tdss%20report.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.
THEN
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.
-
Attached are the logs from the Farbar Recovery Scan Tool.
I did run aswMBR.exe but I forgot to move the log to my jumpdrive before Avast free! antivirus software picked something up and asked for me to restart and run a boot scan. That is running now and I have chosen to have it fix anything it finds.
I will upload the log for aswMBR.exe once I am able to access the computer again after the scan.
-
Now attached is the TDDS Report and the aswMBR log.
Please let me know what further action to take.
-
Could you let me know of any problems after this run please
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xwizard.lnk
ShortcutTarget: xwizard.lnk -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe (No File)
2014-10-16 22:44 - 2014-10-16 22:49 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-16 22:26 - 2014-10-16 22:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Joe\Downloads\4272.tmp
Task: {084C9654-7EB5-4902-89F3-EFB924675CC1} - \Security Center Update - 1343972925 No Task File <==== ATTENTION
Task: {F2668891-E13D-4024-BD3B-CD0C54FAB2B3} - \Security Center Update - 3791862601 No Task File <==== ATTENTION
Task: {F9BBB582-A0DF-47FB-A221-89F63460C93D} - \Security Center Update - 3490729426 No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
-
The last 2 logs you have requested are attached. I left the computer on and connected to the internet for a few hours and no virus pop-ups showed up. Everything appears to be running better. Still a bit slow but better than it was.
Should I take any further action or should I use it for a few days and see how it is?
-
As we removed 1.6Gb of temp files could you now defragment the drive and see if that improves the speed