Strange behavior

[silvo]

Hello everyone, this is my first post. I have a fairly new HP laptop running Vista.

I had AVG installed (paid version) but it would not update, and the laptop began running slower and slower. In addition, when on line, if you clicked a web site in Google, the PC would jump to a totally different site, other strange things were also happening. Windows also failed to update, roughly from the time I installed AVG.

I took off AVG last night and installed Avast. Installation went OK, and it also updated OK. It went to a "DOS" type screen and started to virus check. I did not have the time to wait and cancelled the test. I then checked the Icon on the desktop, to see what was in the programme.

I started a virus check from the desktop, and was informed that a virus had been found in my memory? and avast needed to carry out a full scan.

This I agreed to, and it went back to the "DOS" screen again. I retired to bed, as the scan was taking ages. next morning the computer was dead, but the blue lights along the back by the on switch were still lit. I pressed the on button, and up came a screen saying the computer was unable to start, and needed to recover to an earlier date, which I did, but avast had disappeared, all other programmes and data were intact.


Has anyone out there any suggestions as to what I should do? I am considering buying a copy of Vista and re-installing from the start.

Regards

silvo

[Spiritsongs]

   Hi :

 IF possible, I recommend you try to install 1 or 2 antiSPYWARE/antiTROJAN
 program(s), namely : 1) the FREE Version of "SUPERAntiSpyware" from
 www.superantispyware.com ; 2) the "FREE" Version of MalwareBytes'
 Anti-Malware from www.malwarebytes.org/mbam.php . I would run them in an
 attempt to "remove" what is causing problems !?

 I assume the unwanted AVG is back on your computer ?

[Happy-Dude]

Hm, I'm not sure what happened, but it probably looks like your PC has been hijacked (i.e. explains why your browser page redirects).

Now I don't know why you would uninstall AVG Paid (since you pay good money for it), but what do you mean you've been restored to an earlier date?

When you say earlier date, I assume last good configuration or system restore. If that's the case, you most likely still have the virus on your system.

Since we don't know what exactly is wrong, I suggest running HiJackThis, saving the log file, and posting it on the forums. I dunno how to read the logs myself, so I hope that other forum members will help you .

Get HiJackThis (latest version) here: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download . To make it easier for you, download the executable and run it (so it doesn't need to install anything).

Post you logfile here for people to analyze it. Also, try using these sites http://www.hijackthis.de/ + http://hjt.networktechs.com/ for a self check (NOTE: use this as a second opinion, people's analysis is always better).

Good luck, and post back.

[silvo]

Happy-Dude and Spiritsongs.

Thanks for the quick response, always good to know there is someone out there, still with a kind thought and help to others.

Will take your advice and report back a.s.a.p.

Silvo

[micky77]

Hello everyone, this is my first post. I have a fairly new HP laptop running Vista.

I had AVG installed (paid version) but it would not update, and the laptop began running slower and slower. In addition, when on line, if you clicked a web site in Google, the PC would jump to a totally different site, other strange things were also happening. Windows also failed to update, roughly from the time I installed AVG.

I took off AVG last night and installed Avast. Installation went OK, and it also updated OK. It went to a "DOS" type screen and started to virus check. I did not have the time to wait and cancelled the test. I then checked the Icon on the desktop, to see what was in the programme.

I started a virus check from the desktop, and was informed that a virus had been found in my memory? and avast needed to carry out a full scan.

This I agreed to, and it went back to the "DOS" screen again. I retired to bed, as the scan was taking ages. next morning the computer was dead, but the blue lights along the back by the on switch were still lit. I pressed the on button, and up came a screen saying the computer was unable to start, and needed to recover to an earlier date, which I did, but avast had disappeared, all other programmes and data were intact.


Has anyone out there any suggestions as to what I should do? I am considering buying a copy of Vista and re-installing from the start.

Regards

silvo

Surely your computer has a recovery partition,buying another copy of Vista will be very expensive.Was your AVG ' paid ' a crack copy ??

[silvo]

Happy Dude, I am in my sixties and not that good with software, so I was not quite sure, without bothering you more, exactly hope to carry out your directions, thank you so much for responding anyway.

 However I could follow what Spiritsongs said and I tried Superantispy first, but it would not stay on the download site long enough to download!!

So I went for Malwarebytes first, and it found 31 Trojans, (now quarantined) and following a reboot, for the first time in several months, I did not get a "ding" on boot up, and a window saying there was a missing DLL file in windows, brilliant!!

I then downloaded superantispy, and that found 12 tracking cookies.and following another reboot, Vista updated for the first time in 6 months!!! (36MB of data!) I have my old laptop back!!

My main problem now is-

1) Do I resort to AVG again, I was never happy with it, and why would it never update, or indeed pick up the Trojans?

2) I am tempted to download Avast again, but why did it lock up my PC?

Thanks again for your help, Micky77, thanks also to you, but I am not quite sure I could carry out a reinstatement using the partition, the AVG was a genuine paid for version, but I had alsorts of problems, and there response time to problems was sometimes in excess of a week!

Thanks again

Silvo

[micky77]

Maybe the infections on your computer were interfering with Avg,Avast and your windows updates.Did you contact Avg ( is that what you meant about slow response )http://www.avg.co.uk/ww.support-technical-form-direct?ver=8
I would still try to post a Hijackthis log,for one of the experienced helpers.to view.If you use the link given by Happydude, download HijackThis' .When you have installed HT,opened the progam,and choose 'do a system scan and save a log file'.When the scan is finished,it should show the results in notepad,which will appear on the screen,right click and choose 'select all ' then right click and choose 'copy'.When you are logged onto the forum,start a reply,then right click and choose 'paste'Your log should then appear in your reply.
Regards recovering your pc to its factory settings,I have never done this,but here is a link
http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&cc=uk&docname=c00809678&dlc=en

[Happy-Dude]

silvo, please skim through this page: http://www.bleepingcomputer.com/tutorials/tutorial42.html and use HiJackThis. Even though your computer seems clean, it might not be (there can still be stuff left behind after a delete).

Most important things you need to do (follow the screenshots from http://www.bleepingcomputer.com/tutorials/tutorial42.html ):

-Download the .exe file (unzip from the zip folder).
-Start up HiJackThis, and click "Do a system scan and save a logfile"
NOTE: That logfile is what we need. Post the file here with copy and paste or attach it to your post.
-After, click "Config..." to your right and then click Misc Tools at your top right.
-Click on "Generate StartupList log" WITH both checkboxes marked.
-Post that file too.

Hope we can help you. Post back ASAP !!

[Spiritsongs]

   Hi Silvo :

 I am in my 60's, so there is "Hope" for our Generation . As to an antiVIRUS
 program, I recommend you COMPLETELY REMOVE  AVG, even going to the
 extent of following the "Guidelines" at www.pchell.com/virus/uninstallavg.shtml .
 Then with all those Trojans "quarantined" by the MalwareBytes program,
 Avast should properly install and function .
 To see IF any other "malware" might still be on your computer, I recommend
 you go back to the malwarebytes Site and ask in THEIR Support Forums that
 are staffed by experienced, trained, CERTIFIED, Volunteer "Malware-Fighters"
 and have them look at the "Log" of THEIR program to see IF they can spot
 any potential "Trouble Makers" that MAY need further Help in "removing" !?
 You would Start by "Registering" there, then going to
 http://www.malwarebytes.org/forums/index.php?s=3386965994a741fa7cb6dbe95fb81577&showforum=7 .

[silvo]

Happy Dude,

Tried, ran the programme, exactly as requested, got the log files, pasted to a reply post, up came too many characters to post reply. I removed the second file I had pasted, and still too many characters.

Not sure what to do now?

Silvo

[DavidR]

You use copy and paste to break it into two or more posts so it will fit or you can attach the file.

[Happy-Dude]

I second to what David said.

So, split the file(s) into different parts that you can post.

Best idea would be to ATTACH the file onto your post.

To attach a file:
-Alright, hit "post reply" on the forum.
-Now, you see the basic reply page, with the white text box for your reply.
-Under that, you see "ADDITIONAL OPTIONS". Hit the "+" sign please.
-And there we go, a way to attach files.

And that's how HiJackThis experts on this forum would be able to tell you whats up (or whats left) with your system. They are able to tell you what seems off, what is malware, and what to delete.

Good luck !!

[silvo]

Happy Dude,

herewith attached files.................I HOPE!!!

Silvo

[silvo]

Happy Dude

No. 2 file.

Thanks

Silvo

[Happy-Dude]

Alright, here is my (amateur) opinion after using the sites: http://www.hijackthis.de/#anl + http://hjt.networktechs.com/parse.php to check your logfile (I didn't check your startuplist). NOTE: Please use these two sites and paste your logfile there to see if there is anything you may not be familiar with.

Yes, you do have remnants of malware on your system.

Delete, or ask about, these entries with HiJackThis (the program has a delete entry option; use it). DO NOT do it now, wait for a second opinion. I am not a HiJackThis expert.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.


O2 - BHO: cpmsky browser optimizer - {d43f8f01-1d81-fed6-25ef-3abd807d07c6} - C:\Windows\system32\{b4b62942-d91e-d09f-b2dc-1fe7fd3091d9}.dll (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\Windows\system32\mysidesearch_sidebar.dll (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Launcher
Spyware component related to DownloadWare and found in Program FilesKFH


O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
Sidebar
"Searchcentrix hijacker"

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
Sidebar
"Searchcentrix hijacker"

O13 - Gopher Prefix:
IE DefaultPrefix hijack
This is always bad.

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.