Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on November 09, 2014, 04:16:18 PM
-
Seems like I have multiple issues going on... including multiple instances of dllhost.exe open and several other processes as well as wyvideo.com and mlka.com continuously popping up as being blocked by avast
Hopefully someone can help cause it's making my comp SUPER slow and I'm guessing is pushing it past it's heat allowance and causing the comp to bluescreen and reboot...
I'm new to the forum and never done this before so hopefully I'm attaching everything needed properly...
Thanks in advance for your help
-
Could you let me know how the computer is after this run
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-1925243780-269018604-1424767618-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: No Name -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> No File
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - No File
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - No File
2014-10-31 15:53 - 2014-10-31 15:53 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-10-13 15:42 - 2014-10-15 17:01 - 00000000 ____D () C:\ProgramData\BitRaider
2014-10-13 15:42 - 2014-10-13 15:42 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-11-01 02:17 - 2014-10-02 12:03 - 00000000 ____D () C:\Users\Home\AppData\Roaming\foobar2000
2014-10-31 18:29 - 2009-07-24 14:22 - 00000000 ____D () C:\Windows\Panther
CustomCLSID: HKU\S-1-5-21-1925243780-269018604-1424767618-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
FINALLY
Download and run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)
(https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG)
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
-
First of all, thanks very much for your assistance. My computer seems to be running faster and no instances of dllhost.exe *32 up and running. The only thing I see that is suspicious is 4 iexpore.exe processes still running but... I don't see any performance issues as of right now.
Farbar Service Scanner Version: 21-07-2014
Ran by Home (administrator) on 09-11-2014 at
11:37:05
Running from "C:\Users\Home\Downloads\FSS"
Microsoft Windows 7 Home Premium Service Pack 1
(X64)
Boot Mode: Normal
**************************************************
**************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is
digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File
is digitally signed
C:\Windows\System32\dhcpcore.dll => File is
digitally signed
C:\Windows\System32\drivers\afd.sys => File is
digitally signed
C:\Windows\System32\drivers\tdx.sys => File is
digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is
digitally signed
C:\Windows\System32\dnsrslvr.dll => File is
digitally signed
C:\Windows\System32\mpssvc.dll => File is
digitally signed
C:\Windows\System32\bfe.dll => File is digitally
signed
C:\Windows\System32\drivers\mpsdrv.sys => File is
digitally signed
C:\Windows\System32\SDRSVC.dll => File is
digitally signed
C:\Windows\System32\vssvc.exe => File is digitally
signed
C:\Windows\System32\wscsvc.dll => File is
digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is
digitally signed
C:\Windows\System32\wuaueng.dll => File is
digitally signed
C:\Windows\System32\qmgr.dll => File is digitally
signed
C:\Windows\System32\es.dll => File is digitally
signed
C:\Windows\System32\cryptsvc.dll => File is
digitally signed
C:\Program Files\Windows Defender\MpSvc.dll =>
File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is
digitally signed
C:\Windows\System32\iphlpsvc.dll => File is
digitally signed
C:\Windows\System32\svchost.exe => File is
digitally signed
C:\Windows\System32\rpcss.dll => File is digitally
signed
**** End of log ***
-
Dependant on how you use IE each tab will use its own process for each tab so if it crashes you just lose one page
It looks good now, take it for a test run for a while and when you are happy let me know and I will tidy up
-
Hey Essex I hope you can help me out.
This issue started occurring a few days after you assisted me. I'm hoping that it was something done here because otherwise I can't seem to figure it out. Whatever you did fixed the virus and got rid of whatever the problem was.
However, now when my computer sits idle and the screensaver pops up and then sits a little bit longer and goes into sleep mode (I guess that's what it's called), I can't just move my mouse to start the computer back up. I actually have to hold down the power button for about 5 seconds, release it and press the power button again... it will then turn on like it's booting back up from a shutdown... but when it gets to the "Starting Windows" screen it's not "Starting Windows", it's "Resuming Windows", I don't have to put in a password and my windows comes up. But when it comes up it takes literally 10 - 15 minutes until it's usable because it's exceedingly laggy.
Once it stops lagging it seems to work fine again until the computer sits idle for too long and then it starts over again.
Hopefully you can help, if not I'll try to figure something else out.
-
Go to control panel > power options
If it is a desktop then ensure it is set to balanced
Click on change settings and then select restore defaults
-
Nah I thought it worked, but it didn't.
Continues to do the same thing.
So I restored the comp to the earliest point I could which brought me back to right before you gave me the fixlist and I still had the virus.
But it didn't seem to do it then. I let it sit and it would hibernate but it would come right back on, albeit slow because of the virus but it wasn't having the same issue where I had to power it off and back on.
So I used the fix you gave me from the original post again and it fixed the virus again but once I finished the last step (running adwcleaner) and let it hibernate again it did the same thing.
Any help would be appreciated. Thanks for your time.
-
Could you run the Norton removal tool and let me know the result, does it change anything ?
https://support.norton.com/sp/en/uk/home/current/solutions/v60392881_EndUserProfile_en_us