Need help Big Time!

I am new to the forum and avast! and i´m totally clueless whem it comes to computers(apologies if this thread is in the wrong place)but i really need help

my laptop is in very bad shape concerning the internet,its quite old but had been working fine up until recently,everything is either going very slow or not opening at all,i can get the google page up but it wont search anything,yahoo and hotmail pages wont open,along with most sites i try. i have had to come to an internet cafe to do this.

i recently downloaded avast and did some scans which picked up a few viruses so i just moved them to the chest,too afraid to delete them because i really dont know what affect it would have on the computer as the location of the viruses are always in system files eg C:\WINNT\system32, so i presume deleting these would be bad,but honestly im just guessing here!

anyway,the internet pages i tried to open started to go really slow last night,so frustrating! i did a scan today and i now have over 50 viruses in my chest,trojans,adware,malware etc.

can anyone help me or is my laptop just ruined?(for using the net that is,the rest of the computer seems to be working)

Which was your previous antivirus?

You’ve done the right thing. Chest is safer and allow further investigation.
Are you using Windows 2000?

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

i am not sure what the previous anti virus was,i will get back to you on that,its actually my girlfriends laptop,i will have to leave this internet cafe and go home and try everything you said,thanks for the help so far. :slight_smile:

when the computer comes on it just says windows professional(1999 maybe?)

what exactly must i do to do the 1st 3 steps? sorry i this is a hassle for you,i really dont understand much :frowning:

sorry i´m not sure i have system restore as i don´t have windows Me or XP

also i´m using firefox,is cleaning temporary files the same in it as IE?

:slight_smile: Hi Steafan :

It would be helpful to know what programs are on your girlfriend’s computer !?

IF you know how to “copy and paste”, I recommend you download the
“HijackThis” program from www.filehippo.com/download_hijackthis . After
Installation, click the “Open the Misc Tools section” button, then click the
“Open Process Manager” button . A “List” should appear; “copy and paste”
that “List” here .

Hi guys,thanks again for the help so far,sorry for the delay but I can´t access the forum on the laptop so i´ve had to come out to the net cafe again.

I am using Windows 2000 Professional and my old anti virus was call NOD32 if that helps.

I completed a boot time scan with archive scanning turned on using avast! and I now have around 70 various viruses in the chest,I also did a thorough scan with SUPERantispyware and have 92 viruses now in quarintine.

Here is the list you asked for Spiritsongs,hope it helps,

Process list saved on 07:07:40, on 2008-04-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
168 C:\WINNT\System32\smss.exe 5.0.2195.6601 Microsoft Corporation
212 C:\WINNT\system32\winlogon.exe 5.0.2195.6714 Microsoft Corporation
240 C:\WINNT\system32\services.exe 5.0.2195.6700 Microsoft Corporation
252 C:\WINNT\system32\lsass.exe 5.0.2195.6695 Microsoft Corporation
408 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
464 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
516 C:\WINNT\system32\spoolsv.exe 5.0.2195.6659 Microsoft Corporation
588 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 4.7.1098.0 ALWIL Software
604 C:\Program Files\Alwil Software\Avast4\ashServ.exe 4.7.1098.0 ALWIL Software
660 C:\Program Files\Eset\nod32krn.exe 2.50.25.0 Eset
328 C:\WINNT\system32\MSTask.exe 4.71.2195.6704 Microsoft Corporation
764 C:\WINNT\System32\WBEM\WinMgmt.exe 1.50.1085.100 Microsoft Corporation
936 C:\WINNT\Explorer.EXE 5.0.3700.6690 Microsoft Corporation
1132 C:\WINNT\system32\tp4mon.exe 5.0.2134.1 IBM
1188 C:\Program Files\Eset\nod32kui.exe 2.50.25.0 Eset
1216 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 4.7.1098.0 ALWIL Software
1224 C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe 1.2.3000.1001 Microsoft Corporation
1232 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.0.4043 RealNetworks, Inc.
1136 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 4.7.1098.0 ALWIL Software
1252 C:\WINNT\system32\Rundll32.exe 5.0.2134.1 Microsoft Corporation
1272 C:\WINNT\system32\internat.exe 5.0.2920.0 Microsoft Corporation
1240 C:\Program Files\Gadu-Gadu\gg.exe 7.7.0.3725 Gadu-Gadu S.A.
1332 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 4.7.1098.0 ALWIL Software
1376 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 4.0.0.1154 SUPERAntiSpyware.com
1400 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 7.0.5.172 Adobe Systems Incorporated
1544 C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE 9.0.98.105 Microsoft Corporation
1556 C:\HijackThis.exe 2.0.0.2 Trend Micro Inc.

Really again big thanks for the help so far :wink:

You still have nod32 running. Uninstall it and see if Eset (nod32) has any other instructions for removal.

NOD32 has now been removed,silly I guess I should have removed it long ago.

So I have now done everything here as best as I could,apart from part 8,when I go to secunia to start the check for insecure applications it looks like its doing something but my status says “there may be a problem loading the Java Applet in your browser”. What should I do here? and what do I do next? everything is still loading very slow and too much just won´t open at all!

Thanks again everyone for your continued help,I really really appreciate it. :slight_smile:

:slight_smile: Hi :

I see in your log a program I never saw before, namely “Gadu-Gadu” ; Info
from http://en.wikipedia.org/wiki/Gadu-Gadu indicates this is a suspect
“Instant Mesenger”, mainly because I see “over 150 smiley icons” mentioned.
It clearly says this is adware ; very undesirable . Would recommend it be
uninstalled and IF an "Instant Messenger’ is wanted, would recommend using
the much safer Yahoo Instant Messenger.

In addition, the log shows an extremely outdated Adobe Reader, a serious
security risk . Since Adobe is under increasing malware “attack”, I recommend
you uninstall it and “replace” it with the much safer "Foxit Reader, with
Info at www.foxitsoftware.com/pdf/rd_intro.php .

And there is no indication your girlfriend’s computer has “Java” ; IF you want
to have this program, should go to
http://java.sun.com/javase/downloads/index_jdk5.jsp and click
“Download” next to "Java Runtime Environment (JRE) 5.0 Update 15 ".

Also, the log shows “msnappau.exe”, which reliable Info says is the
MSN Toolbar Updater; IF this “toolbar” is NOT on the computer, this
should be uninstalled. ALL “toolbars” will “slow” down a computer, so IF
this “toolbar” IS ON the computer, seriously consider uninstalling it .

Also, the log indicates “Real Player” is likely on the computer; there are
problems with this program and recommend it be uninstalled IF presence .
We usually recommend its “alternative”, called “Real Alternative” .

Lastly, how recently were Microsoft Updates downloaded to this computer ?

hi Spiritsongs,my girlfriend is Polish,Gadu-Gadu is a Polish instant messanger,every Polish person I know uses this so I´m a little confused that it is adware, what should I do with this as we use it very often for keeping in touch with alot of friends? ???

I will have to ask my girlfriend but I´m guessing it´s been a long time,where should I download them from?

Again thanks a million for all the help so far,really really appreciate it :slight_smile:

:slight_smile: Hi :

Most likely, the easiest way to download Microsoft Operating System
Updates is to go to http://windowsupdate.microsoft.com and THEIR Site
will “take over” from there . Do a “Custom” Install, NOT an “Express” Install
and read the description of each one, getting primarily ALL the “Security”
Ones and avoiding any that say “Genuine Advantage NOTIFICATION Tool” .

Regarding “Gadu-Gadu” : As I already indicated, I do NOT recommend using
an Adware program DIRECTLY ( hard for me to believe so many Polish persons
would do that ) ; would encourage you and/or your girlfriend look into using
an Instant Messaging “CLIENT”, that would be a “middleman” between her
computer and Gadu-Gadu . Look into using “Pidgin” ; there is Info on this
program at www.pidgin.im .
At a minimum, you should make sure that Avast’s “Instant Messaging” Shield
has been configured to “screen” messages from Gadu-Gadu ; so
LEFT-click on the Avast “a” Icon in the System Tray, select “Instant
Messaging” on the left column, click the “Customize” button, then go down
the “List” and put a checkmark in the box next to “Gadu-Gadu”, then click
the “OK” button at the bottom .

Note : I suspect that “Gadu-Gadu” MAY be the “Source” of the Trojans,
etc, that your security programs are detecting, but have no firm proof .

hi again spiritsongs,so I have done everything now and things are starting to work faster,well with IE anyway,firefox doesn’t seem to want to work at all! so thank you so much,my only problem now is the windows updates,I can’t seem to access the microsoft site at all,any ideas?

:slight_smile: Hi :

SPECIFICALLY, WHAT do you mean you cannot “access” the Microsoft Site ?
Are you getting an “Error Message” of some type, and IF Yes, SPECIFICALLY,
WHAT does “it” say ?
Perhaps your girlfriend’s computer does NOT have a “legitimate” or “genuine”
Microsoft Operating System !? From WHERE did she buy it ? Was it “new” or
“used” when she got it ? Has it ever gone in to be “repaired” ? IF Yes, details
please . According to the time in your Avast “profile”, you appear to be in
Europe somewhere, and wonder WHY her Gadu-Gadu Version is from
South America ( “S.A.” ) !?

Eventually, you should give the “major” Name of the “viruses” in the Avast
Chest ; do any have “Vundo” or “Virtumonde” in their Name ?

A polish friend of mine ( and her friends ) use Gadu Gadu, lots.Her computer is clean,thats not to say that you cannot get infected using an instant messenger.But I think the actual program is kosher.I may be wrong,but I do not think the S.A ( Gadu Gadu .S.A ) has anything to do with South America. :slight_smile:

Hi, the computer came from a company which belongs to my girlfriend’s brother in law, she’s 100% sure they use genuine programs as they are a controlled company. I am in Berlin Germany, S. A. stand for Spółka Akcyjna, which mean joint-stock company. When I try to open the windows update page it says the page cannot be displayed. The page you’re trying to open is not available at the moment. The computer was used when she got it, she never has never had it repaired herself.

Regarding the viruses in the chest,one of them is called “virtumonde”!! Is this bad?

This should answer your question about virtumonde:
http://www.f-secure.com/sw-desc/virtumonde.shtml

:slight_smile: Hi :

Would like you to try the following Recommendation of a Microsoft Most
Valuable Professional and let us know what you experience :

"# Test your Internet connection to Windows Update.

A simple solution but one that works in many circumstances!

Test to determine if your Internet connection is preventing you from reaching the Windows Update Web site. To do this, visit the following Microsoft Windows Update Web site to determine if you can download the Iuident.cab file:

http://windowsupdate.microsoft.com/v4/iuident.cab

If a file download dialog box appears, the problem is not with your Internet connection. Click Cancel. If you cannot connect to this link, and you receive a “Page Cannot Be Displayed” error message, your Internet connection is preventing you from reaching the Windows Update site. "

Try Spiritsongs suggestion for testing your connection. It may also be a hosts file entry blocking you.

Ok guys,I did the test and am getting “page cannot be displayed” message,so my internet connection is preventing me from reaching the site,what happens now?

Concerning virtumonde,should I follow the disinfection instructions in the link posted?

Also,avast just detected a second “virtumonde” , is there anything else I can do to the computer to keep these viruses etc away? Should I install a firewall or something? forgive my cluelessness…

Big thanks for continued help!! ;D