I had an XP Home Security trojan a while ago and I managed to get rid of it (ostensibly) but now my system seems to freeze every few minutes. I’m wondering if it’s from what’s left over.

I don’t think there’s an awful lot I can tell you about this problem. I first notice it when my hdd light goes dark. Then apps stop responding, then the task bar stops responding. The last thing I notice is that the mouse pointer freezes. CTRL-ALT-DEL does nothing. The only thing that does anything is a hard reset. When I restart, I don’t see anything telling in the event viewer.

I’ve been running Linux for a while now, and there aren’t any freezes, so I guess it’s a problem w/my Windows box and not h/w. What should I do?

I’m running WinXPHESP3.

if not already done, try this

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

just to add if i may
if the rogue program block installing & running malwarebytes then just rename mbamsetup.exe in iexplore.exe

also before installing malwarebytes run this program…

Download RogueKiller to your desktop

[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

this should solve the problem

Well, I just ran Malwarebytes and all it found was the notification disabled for the firewall, virus scanner and updates in the registry. I guess if there was something to be found, that program would have found it. I guess this means I’ll have to do a clean install. I hate that

why not let Essexboy have a look inside first ?

follow the guide here and post an OTS log
http://forum.avast.com/index.php?topic=53253.0

This is bullshit. I keep trying to post the file and it keeps coming up w/new excuses for why it can’t. I’m just going to keep trying to post the report.

Here’s an attempt to post part 1…

and now I’m going to try 2

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\] > -> 
YN -> HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\: URLSearchHooks\\"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\] > -> HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{00000000-0000-0000-0000-000000000000}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{855F3B16-6D32-4FE6-8A56-BBB695989046}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> [Button: Yahoo! Messenger]
YN -> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> [Menu: Yahoo! Messenger]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\] > -> HKEY_USERS\S-1-5-21-682003330-1645522239-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{6224f700-cba3-4071-b251-47cb894244cd}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{B863453A-26C3-4e1f-A54D-A2CD196348E9}" [HKLM] -> [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server]
YN -> "C:\temp\Software release 4.3.2.6\UpgradeWizard\upgradeST.exe" -> [C:\temp\Software release 4.3.2.6\UpgradeWizard\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> Bwubor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> P17Helper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
YN -> SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY ->  sync.exe -> C:\Program Files\sync.exe
NY ->  handle.exe -> C:\Program Files\handle.exe
NY ->  du.exe -> C:\Program Files\du.exe
[Files/Folders - Modified Within 30 Days]
NY ->  i4m7488cx068t8smn2yvovc217y31a8h10x -> C:\Documents and Settings\Angus\Local Settings\Application Data\i4m7488cx068t8smn2yvovc217y31a8h10x
NY ->  i4m7488cx068t8smn2yvovc217y31a8h10x -> C:\Documents and Settings\All Users\Application Data\i4m7488cx068t8smn2yvovc217y31a8h10x
NY ->  Hpukin.dat -> C:\WINDOWS\Hpukin.dat
NY ->  Lzuhup.bin -> C:\WINDOWS\Lzuhup.bin
[Files - No Company Name]
NY ->  i4m7488cx068t8smn2yvovc217y31a8h10x -> C:\Documents and Settings\Angus\Local Settings\Application Data\i4m7488cx068t8smn2yvovc217y31a8h10x
NY ->  i4m7488cx068t8smn2yvovc217y31a8h10x -> C:\Documents and Settings\All Users\Application Data\i4m7488cx068t8smn2yvovc217y31a8h10x
NY ->  Hpukin.dat -> C:\WINDOWS\Hpukin.dat
NY ->  Lzuhup.bin -> C:\WINDOWS\Lzuhup.bin
NY ->  fcrackzip.exe -> C:\Program Files\fcrackzip.exe
NY ->  u6edit.xml -> C:\Program Files\u6edit.xml
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
I will review the information when it comes back in.

In case the process takes more than 15 to 20 minutes: hit CTRL+ALT+DEL and stop OTS via task-manager and reboot

Ok, I followed and here’s what it gave me back. I’ll let you know if I get another freeze.

No, it crashed very shortly after. This might have been permanent damage left by a trojan, but at this point, I think it’s nothing that can be fixed by anything short of a clean install. Thanks anyway.

Unfortunately sometimes that happens and the damage is where I cannot see. If you need assistance just shout

For posterity…

It looks like it wasn’t even a software problem. I did a clean install and it was fine for a while, but it’s started freezing again. I can’t find the h/w responsible, but if it isn’t hardware at all, it’s some broken software I keep installing. Interestingly, I have yet to have a freeze under Linux.

I’ve had problems like that recently with a customer’s computer. It was a homebuilt PC and the wireless PCI card ended up being the culprit. They purchased a new router and the computer started freezing / BSOD / restarting because of it.

If Linux isn’t doing it, then it’s probably a driver of some kind. Or, some software as you mentioned. It would have to be software that needed hooks into the OS though probably. Like Avast’s firewall or something (not that I’m blaming Avast!).

Yeah, well, I jinxed it by saying that. I had a freeze a couple of hours ago. Looks like I’ve gotta kick this 7-year-old turkey to the curb.

Well, at least you know it’s hardware now.

I’d clean the computer out for starters, heat is the usual culprit.

If not, give your memory a check with one of the many memory check programs: http://www.memtest.org/
http://oca.microsoft.com/en/windiag.asp

Or, your Linux CD should have a memory tester built-in on the menu when you boot from the CD (depending on what linux flavor you have).

Give those a shot if you want to fix it, but it sounds like you’re giving up on it in favor of a new system. That might be a better bet if you can afford one. 7 year old computers are like 91 in human years.