Unresponsive script

Script is running wild on my computer, and it is causing it to freeze up.
I am using Windows XP
Firefox 33.0
All plugins are shut off. Even when some run, script still runs wild.
As I sit here and type this, I can hear…tatatatatatatatatatataatatatatat…
Before I have had “Warning: Unresponsive script” messages pop up - that is
why I am assuming it is script gone wild.
Any ideas to help me?

how to recive help instructions https://forum.avast.com/index.php?topic=53253.0
attach requested logs

Here are the scan logs.

Is this the latest beta ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2012-07-06]
CMD: netsh advfirewall reset 
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog 
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release 
CMD: ipconfig /renew

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Here is the log.
You asked if this is the lastest Beta?
Have no idea what your talking about.

OK in that case you are not using the FF beta

Are you still getting unresponsive script errors

I’m not getting the script errors…but…something is running (like script), and it slows my computer, sometimes to a freeze.
As I am typing now, I hear it … sounds like it is downloading something, ya know? It is continuous, and won’t go away until I close out the browser.

This is firefox only is it ?

OK I need to check out the counter service as it is locked and shouldn’t be

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I ran ComboFix and a message popped up:
You are infected with RootKit.ZeroAcess! It has inserted itself… (the window disappeared before I could finish writing everything down).
The machine rebooted. Log saved.
I ran ComboFix a second time and same message popped up:
You are infected with RootKit.ZeroAcess!
Computer rebooted and got second log saved.
I am posting both; first just says “Log” and the second says “Log_2”.
I still here the computer script (whatever it is - sounds like it is downloading) running as I type this.
In fact, computer froze while first log was uploading…I hit the Esc key…few seconds upload finished.

Hmm I can see no sign of that lets double check

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

Scan results would not let me copy and paste.
I have typed out what scan results read on a notepad.

Found the log :slight_smile:

Hmm it was a new version of TDSS how is the computer behaving now ?

Sounds like it is downloading something (continuous), and I’m not downloading anything.
As soon as I close out the browser (firefox), it stops.

I believe it has something to do with script.
I ran Internet Explorer just to see if it did the same, and it hung up on me. A message popped up asking if I wanted to stop running script.

It sounds like script is running continuously…

When you ran TDSSKiller and the following popped up did you select cure

  1. \Device\Harddisk0\DR0\TDLFS\config.ini
  2. \Device\Harddisk0\DR0\TDLFS\tdl
  3. \Device\Harddisk0\DR0\TDLFS\rsrc.dat
  4. \Device\Harddisk0\DR0\TDLFS\bckfg.tmp

the word “cure” wasn’t offered. It only offered, “copy to quarantine.”
I just now ran the program again and the 3 threats were still there.
I clicked “copy to quarantine” again.

Could you open the TDSSKiller log please and then select save as… and set the encoding to ANSI, save it and then attach it to your next post

here it is

Run TDSSKiller again and for the TDSS File System select delete

Did as you said, deleted them. Then rebooted.
Run tdsskiller again, and it showed no threats.
posting the log in ans

As I sit here, quietly, without typing that “downloading” noise is just carrying on, nonstop (I’m assuming script). And I’m not downloading anything. But as soon as I close this browser, it will shut up. It only makes noise when a browser is open…just to let you know that. If it carries on for too long, I’m afraid it will burn up my computer. I just don’t get it.

Can I turn off script?