Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lzeppelinrocks on December 06, 2010, 02:07:03 AM

Title: My school computer is screwing up please help
Post by: lzeppelinrocks on December 06, 2010, 02:07:03 AM

I got a virus called antimal software a week ago and my computer hasnt been the same since. The instruction at "0x7c923845" referenced memory at "0x00000000". The memory could not be "read".
Click on OK to terminate the program
Click on CANCEL to debug the program
I keep getting this error everytime i start my computer up or switch users. My computer freezes up about once every 2 hours, and i have to manually shut my computer down. i have run mbam, avast, symantec, all the virus scans countless times and cant find anything else. Please help, I think what is wrong is my system files are ****** up but i dont have my computers disc to run the sytem file repair program. My internet also freezes about every half an hour and my computer has to be manually shit down. Also, my wireless sometimes disconnects randomly and says the wireless has been configured to not connect here or something and the wireless does not connect.

Title: Re: My school computer is screwing up please help
Post by: rdmaloyjr on December 06, 2010, 02:12:16 AM

Download Malwarebytes Anti-Malware and update it before running a full scan.

http://www.filehippo.com/download_malwarebytes_anti_malware/

Please report back here with the results of the scan.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 06, 2010, 02:28:17 AM

I have run malware bytes anti malware countless time, updated it, and done the full scan it comes up with nothing.

Quote from: rdmaloyjr on December 06, 2010, 02:12:16 AM

Download Malwarebytes Anti-Malware and update it before running a full scan.

http://www.filehippo.com/download_malwarebytes_anti_malware/

Please report back here with the results of the scan.

Title: Re: My school computer is screwing up please help
Post by: CharleyO on December 06, 2010, 03:12:39 AM

***

If you have a 32-bit OS, you can try a boot time scan with Avast.


***

Title: Re: My school computer is screwing up please help
Post by: SpeedyPC on December 06, 2010, 03:14:00 AM

Quote from: CharleyO on December 06, 2010, 03:12:39 AM

***

If you have a 32-bit OS, you can try a boot time scan with Avast.


***

+1 I agree too ;)

Title: Re: My school computer is screwing up please help
Post by: mikaelrask on December 06, 2010, 10:02:09 AM

is it this one you have been hit with?

http://www.removevirus.org/antimalware-doctor.html

Title: Re: My school computer is screwing up please help
Post by: SafeSurf on December 06, 2010, 10:48:47 AM

Quote from: lzeppelinrocks on December 06, 2010, 02:07:03 AM

i have run mbam, avast, symantec, all the virus scans countless times and cant find anything else.

Do you have both Avast and Symantec on your machine?  You cannot have more than one resident antivirus running on your machine at the same time or it will cause conflicts.  If you do have both, here is the uninstaller for Symantec: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN (http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN)...then reboot.

Reset the router to its default configuration.  This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.  Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0). 

Follow the directions for obtaining the OTL logs (save them as ANSI and not Unicode).  Post the MBAM log here and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  We will review your logs and refer to our Certified Malware Expert (Essexboy) if needed. 

***Please do not make any further changes to your machine after you have provided the logs.***

Let me know if you have any additional questions.  Thank you.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 07, 2010, 12:30:12 AM

I ran avast last night just to check for the last time, because i had run avast, mbam, and symantec a few hours before and avast found around 60,000 infected files, all in the symantec foler named "xfer". WTF! I couldnt actually do anything to any of the files because it said it could not found the file specified. My computer isnt really showing any signs of malware though, and around half of the day it works totally fine and runs smoothly. But, at a random time the "The instruction at "0x7c923845" referenced memory at "0x00000000". The memory could not be "read".
Click on OK to terminate the program
Click on CANCEL to debug the program"
message comes up, and basically my computer just starts fucking up. The wireless doesnt work, my computer constantly freezes and i have to do a hard shutdown, programs take sometimes over 5 minutes to start to run. Only after that message comes up. So i am thinking whatever that instruction is, is the problem.
Also, this is my school computer and i cant uninstall symantec, so i guess ill have to uninstall avast.

Title: Re: My school computer is screwing up please help
Post by: SafeSurf on December 07, 2010, 08:46:22 AM

Quote from: lzeppelinrocks on December 07, 2010, 12:30:12 AM

Also, this is my school computer and i cant uninstall symantec, so i guess ill have to uninstall avast.

Does this machine belong to the school or you?  If it belongs to the school and they put symantec on it, then you have no choice but to uninstall avast since you cannot have more than one AV on your machine.  If it belongs to you, you can uninstall symantec.

You are getting the error codes because of the 2 AV's and/or the malware and the combination of the two.

I already gave you the symantec uninstaller tool.  Here is the Avast Unintaller Tool if you need it:
1. Download the Avast Uninstall Utility, aswClear5.exe http://www.avast.com/uninstall-utility (http://www.avast.com/uninstall-utility) and save it to your desktop.
2. Disconnect from the Internet at this time.
3. Go to Control Panel and uninstall Avast through Add/Remove Programs if possible and reboot.
4. If Step 4 fails, boot into Safe Mode (http://Safe Mode) (hit F8 repeatedly) and run the Avast Uninstall Tool.
5. Reboot.

Let me know if you have any additional questions.  Thank you.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 10, 2010, 04:51:00 AM

Alright im pretty sure i have some type of virus. I uninstalled avast, and literally nothing changed about my computer. That svchost.exe message still comes up and my computer still goes to shit when i exit out of it. Do i click debug or terminate the process though? I usually debug it but to be honest have no idea what that means. Idk what to do, i have run avast, symantec, and mbam several hundred thousand times and nothing changes. I think i got the virus on my dsadmin though, becuz if i try to log onto my dsadmin, well i cant. All that loads to my dsadmin is the desktop picture no taskbar, no icons, you can do ctrl - alt - del but that does nothing. Am i just like screwed and have to pay 2,500 dollars for a new school computer?

Title: Re: My school computer is screwing up please help
Post by: Coolmario88 on December 10, 2010, 05:18:22 AM

Hello, Try Scanning your computer with SAS(SuperAntiSpyware) http://www.superantispyware.com/  If you Decide to Download it and scan be sure to check for updates on the program than scan. I hope this helps :)

Title: Re: My school computer is screwing up please help
Post by: SafeSurf on December 10, 2010, 09:38:30 AM

This is information based on the first post that you stated you had a virus called antimal software: http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor (http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor).  Please read it.

Have you tried updating and running MBAM in Safe Mode? 

What AV do you currently have on your machine now?

Please answer the above questions and do not make any further changes to your machine and I will have a Certified Malware Expert, named Essexboy, try to help you.  He is on UK time zone and comes to the forum late UK time.  Check this thread daily and he will give you instructions on what to do.  Only take instructions from him or an Evang. at this time.  Do you have any questions?

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 10, 2010, 08:23:06 PM

Hi - could you run this progamme please

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 13, 2010, 02:41:13 AM

Hello everyone. I just wanted to thank everyone for replying first off. Essexboy, i would do what you aid i should but my computer cant connect to the internet anymore... There is no wireless thing in the taskbar anymore. There is nothing in the network connections folder and even if you plug the computer directly into a router or something it will not connect. Also half the time i log onto my computer, just the desktop loads and ther is no taskbar or desktop icons so the only way you can do anything is to do ctrl alt del and start a new task. My whole life centers around this piece of shit computer and this sucks s much. I will do exactly what you said to do essexboy once, and if i am able to connect to the internet.

Title: Re: My school computer is screwing up please help
Post by: DavidR on December 13, 2010, 03:22:00 AM

See if you can get a friend to download them for you, copy to a CD, safer than a USB and copy them to your system.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 13, 2010, 03:35:23 AM

i will try that, but does anyone know how to get my internet to work? and also my taskbar and windows just looks weird... Like i usually had a black taskbar and black bar things on the top of browsers, but all of a sudden they all turned white and look like windows classic. Also, it usually took about 5 minutes to log on now it takes like half a second. This all started happening today and i had not used my computer in a day or two.

Title: Re: My school computer is screwing up please help
Post by: DavidR on December 13, 2010, 04:34:45 AM

Before you can get that to work or attempt to get it to work you need to clean your system as the malware an be hooking your connection. Removal of the malware could inadvertently take that down, so you could be fighting that battle many times over.

So essexboy is the one to help with that and to do so he needs the logs.

Unfortunately he is in the UK, like I am and he works, so will be in bed now as it is a little after 3.30am in the UK right now.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 13, 2010, 05:00:08 AM

My wireless randomly started working and i ran the scan that essexboy said to run. Do you guys want the logs? Is my computer fixed now? What did that scan do? Sorry if i seem a little bit weird but i have an essay due... and this is not good.

Title: Re: My school computer is screwing up please help
Post by: SafeSurf on December 13, 2010, 10:09:32 AM

Yes, we will need the logs.  Make sure the OTL logs are saved as ANSI and not Unicode.  Post two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  Thank you.

The scans are a diagnostic tool that will give us information as to what might be causing your problems.  We can't tell you if your machine is fixed now or not until we review your logs.

***Please do not make any further changes to your machine now that you have provided the logs.***

Let me know if you have any questions.  Thank you.

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 13, 2010, 10:00:29 PM

If you are able to use another computer to burn a CD - then we can try this, I will give you the network version as it does have a lot of drivers installed and may enable you to get on the net from the live cd

Please print these instruction out so that you know what you are doing

OTLPENet.exe
MD5=C2629B6D6FA189EA92FF6FD1FFA2A81D
127,353,979bytes / 121.4MB

• Download OTLPENet.exe  (http://oldtimer.geekstogo.com/OTLPENet.exe) to your desktop
  
• Download the attached scan.txt
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
  
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :) 
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Double-click on the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
• Double click the Custom scans and fixes box
  
• In the dialogue locate the scan.txt you have on the USB
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\OTL.txt
  
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive. 
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.
  

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 14, 2010, 04:45:24 AM

Here are the logs. My computer seems to be working better and i havent had many problems in the past few days. Btw though, i randomly will get redirected to a random website sometimes. Usually when i click on a link, or try to search a link. Its pretty annoying but no that big of a deal though.

Title: Re: My school computer is screwing up please help
Post by: Coolmario88 on December 14, 2010, 04:50:05 AM

Quote from: lzeppelinrocks on December 14, 2010, 04:45:24 AM

Here are the logs. My computer seems to be working better and i havent had many problems in the past few days. Btw though, i randomly will get redirected to a random website sometimes. Usually when i click on a link, or try to search a link. Its pretty annoying but no that big of a deal though.

Hey you may want to hide your e-mail. just sayin to prevent your e-mail from getting spammed. there is a lot of people that likes to spam on the forums.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 14, 2010, 05:22:42 AM

i dont rlly use that email unless i know something is being sent there, but thanks for telling me that

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 14, 2010, 09:57:19 PM

Hi there did you have a date problem when you installed the system ?

Quote

[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\app-t12\users13\mstreuber2\My Pictures

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Quote

  :OTL
  [2010/11/30 12:41:17 | 000,008,155 | ---- | M] () -- C:\Documents and Settings\mstreuber2\Local Settings\Application Data\Wsufaloqe.dat
  [2010/11/30 00:18:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\mstreuber2\Local Settings\Application Data\Rfazukijadu.bin
  [2010/11/29 13:08:23 | 000,008,155 | ---- | M] () -- C:\WINDOWS\anapeyamoledu.dll
  [2010/11/29 13:08:05 | 000,008,155 | ---- | M] () -- C:\WINDOWS\Wsufaloqe.dat
  [2010/11/29 00:31:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rfazukijadu.bin
  [2010/11/28 23:46:28 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\CALC.job
  [2010/11/28 23:46:14 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\EHSUN.job
  [2010/11/28 23:46:10 | 000,121,856 | RHS- | C] () -- C:\WINDOWS\System32\adsmsext1.dll
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

.
THEN

Download ComboFix from one of these locations:


Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 15, 2010, 07:03:37 AM

Hey, I ran OTL again and did what you said and here is the log. There was other log that came up and idk what it is so ill post that too. But combofix didnt work. I would start it and everything and then randomly a message that says CFscript is spelled wrong and that i should check the spelling. Then i click ok on that message  and combofix closes. Also, there is no possible i can turn off symantec antivirus because its the school virus scan or something. And it said Avast was still running and im pretty sure i uninstalled it.

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 15, 2010, 09:16:03 PM

That is weird for combofix - as that would only come up if you dragged a text file onto it

Could you try Combofix again please, just double click the icon

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 16, 2010, 05:59:44 AM

Alright i tried Combofix 4 more times, none of them working. Also, whenever my computer starts messing up it randomly tuns to windows classic style bars.. it wont let me change it when  it does that too. Not a big deal i just dont know if that cld be something

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 16, 2010, 07:41:01 PM

OK lets run a different programme to see if I can locate the miscreant

Download avz4.zip from here (http://z-oleg.com/avz4.zip)

• Unzip it to your desktop to a folder named avz4
  
• Double click on AVZ.exe to run it.
  
• Run an update by clicking the Auto Update button on the Right of the Log window: (http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-update-button.png)
  
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with Malware removal mode enabled " check box.

(http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png)

• Click on the “Execute selected scripts”.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  
• It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis " check box.

(http://i768.photobucket.com/albums/xx326/perplexus13/malware/avz-standardscripts.png)

• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Upload both virusinfo_syscure.zip and virusinfo_syscheck.zip to  Mediafire (http://www.mediafire.com/) and post the sharing link.

Title: Re: My school computer is screwing up please help
Post by: lzeppelinrocks on December 17, 2010, 06:07:41 AM

Yeah the link on the word here, doesnt work. It says
Not Found.

The requested resource was not found.
httpd

Soooooo i couldnt do what you asked, sorry

Title: Re: My school computer is screwing up please help
Post by: DavidR on December 17, 2010, 02:41:28 PM

Try right clicking on that word 'here' and select save file as or save as or save link as, depending on your browser. the avz4.zip file is there, I just confirmed that in firefox using the save link as action in firefox, see image.

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 19, 2010, 01:17:26 PM

http://cid-32d8666f4048075b.office.live.com/self.aspx/Malware%20files/avz4.zip  download a copy from my site

Title: Re: My school computer is screwing up please help
Post by: ICAngels on December 28, 2010, 02:36:12 AM

I'm jumping into this topic because I'm having the same problem... ("Svchost.exe Application Error" The instruction at "0x7c923845" etc.). No matter what you do when this pops up, your computer freezes and you're forced to reboot to get it going again.  The only reason I'm on here now is because I didn't choose either of the options (ok to terminate OR cancel to debug), I simply dragged the error down to the bottom of my screen for now...

I do know this.  Whatever caused this began when I clicked on a link to play hidden objects 4, on Facebook...  I knew immediately that it was not a good link because my computer (or the link) started a malware scan. (I turned my computer off in the middle of the chaos and the scan never completed). I noticed a couple files that seemed suspicious in my WINNT\TEMP and deleted them (4225859.exe and another file with a different extension).  I also disabled this in msconfig's startup... (not sure if I should have done any of that, but since I couldn't determine what 4225859.exe was, I took my chances and deleted it)...

I used your OTL and scanned as you directed.  The two .txt files are on my desktop, but I didnt have the program make any changes because I just wasn't sure what would happen there... If you give me the ok, I'll post the results here.  (I figured out how to attach them and here they are.

Thanks so much,


ICAngels



-----------------------------------

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 28, 2010, 09:25:05 PM

That was a good move - that file was the main initiator.  I can see no sign of an Antivirus programme on your system - not a good move really 

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Quote

  :OTL
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 8888
  FF - prefs.js..network.proxy.no_proxies_on: ""
  FF - prefs.js..network.proxy.ssl: "127.0.0.1"
  FF - prefs.js..network.proxy.ssl_port: 8888
  FF - prefs.js..network.proxy.type: 4
  [2010/10/12 07:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MRSystem\Application Data\Mozilla\Firefox\Profiles\31q0z3et.default\extensions\searchtoolbar@zugo.com
  O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
  O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
  O3 - HKU\S-1-5-21-1482476501-838170752-839522115-1006\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
  [2010/12/13 11:19:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
  [2010/12/15 13:09:42 | 000,000,120 | ---- | M] () -- C:\WINNT\Tlujetakobi.dat
  [2010/12/15 07:03:58 | 000,000,000 | ---- | M] () -- C:\WINNT\Kyufohapu.bin
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

.
THEN

Download ComboFix from one of these locations:


Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Title: Re: My school computer is screwing up please help
Post by: ICAngels on December 29, 2010, 05:33:21 AM

Followed your instructions.  The svchost error came up just before I did the fix and my computer wouldn't reboot when the program tried to.  So, I manually shut it down and did the fix a second time.  I reinstalled the microsoft security, so you'll notice it in the new log I'm attaching.  

Before I did all this, I received an email from my bank's security dept notifying me that their rapport (spyware) caught & stopped 4 trojans when I accessed my account this morning... Ugh...  (TDL4 (severity: High);  Zeus 2 (severity: High); TDSS (severity: High); Hiloti (severity: High).  My Microsoft Security Antispyware scanned and only found two instances of Hiloti and deleted them.  It didn't seem to recognize the other three.  I also don't know if combofix took care of the other three viruses.  


Thank you so much for your help here...  

L

**UPDATE:  No problems for a while then a new one is popping up now...
AXWINFRAME Windows: svchost.exe - Application Error (instruction at "0x16cda24e" referenced memory at "0x16cda24e" The memory could not be written...

12/29 - Ugh...  The original svchost.exe - Application Error just popped back up...

Title: Re: My school computer is screwing up please help
Post by: essexboy on December 29, 2010, 09:59:18 PM

Combofix confirms the TDL4 infection so lets kill that now - Whilst you are doing this I will read the rest of the logs  ;D

Please read carefully and follow these steps. 

• Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png)
   
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png)
   
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png)
   
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png)
   
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.