Hello there!

I’ve been a user of avast for some time now, but a while ago I had been trying out Microsoft Security Essentials. Long story short, a virus got past it. At the time, it was slowing down my computer by launching several instances of iexplore.exe, and occasionally it would also produce a pop-up asking “Are you shure?” That isn’t a typo by the way, that’s the exact text is produced. After about 10 clicks of Cancel it went away. So I installed avast to see if perhaps it could do something about it. My computer froze at the end of the installation and I restarted. Then my Lucid Virtu drivers were giving me errors, as well as OMSI Addon Manager (An add-on to a game I had). A couple of suspicious files were found by both MSE and avast, but removing them did not remedy the issue.

Later on, I was able to fix the issue by uninstalling Internet Explorer (Which I don’t use much anyways, I had been using Nightly at the time), running a scan with avast and MalwareBytes, and reinstalling any affected drivers.

However, the slowdowns returned not too long after. So I tried to reinstall Windows… which didn’t end well. I’m not sure if this had anything to do with the virus but it would not install (Or run after installing) with all of my hard drives plugged in. I have three hard drives, one SSD for my OS and two drives for general files, it would only work with the SSD. After trying several solutions to make it work, I gave up and switched from Windows 7 to Ubuntu 12.04, where none of these issues occurred.

But I got tired of Ubuntu’s gaming support, and switched back to Windows 7 very recently, in hopes that the issue wouldn’t return. How did I get it to install? Well it turns out Windows didn’t like only one of my harddrives. So I moved its contents to the other drive, wiped it, and installed. The installation went smoothly, then I moved the files back and all was well. First thing’s first I installed avast, and removed Internet Explorer just in case.

However, recently it seems that the virus is back. The latest symptoms are the computer running very slowly (Especially during web browsing, which I usually conduct with Firefox now). It also seems that RAM usage is unusually high when it’s doing this, as much as 50% (And I have 8GB of RAM). Sometimes, Windows Firewall will also disable itself out of the blue. A restart, however, seems to fix everything, temporarily at least.

I have tried all sorts of virus scans with damn nearly every anti-virus you can think of, and absolutely nothing has helped. I have also tried to remove any needless files just in case they might have malicious contents, to no avail. Anyone have any idea how I might be able to get rid of this? Wiping my hard drives is not likely to be an option, certainly not in the near future. I have a whole lot of important data on them and no external hard drive to do a backup with at the moment.

In case it helps, my specs:

-Intel i7 2600K @ 4GHz
-8GB RAM
-eVGA GTX 560 Ti 1GB
-OCZ Vertex 3 120GB SSD
-Western Digital Caviar Black 2TB hard drive
-Some old Seagate 500GB hard drive
-Windows 7 Home Premium 64-bit
-Mozilla Firefox 13 and Google Chrome browsers

I have also attached logs from MBAM, OTL, and aswMBR.exe. Thanks.

Hi nothing jumps out at me… Lets try a small experiment.

Disable spybots tea timer
Uninstall Spybot
Reboot

Any change

Tried that, also tried Sophos Virus Removal Tool as per a friend’s recommendation, which found something and removed it. I forgot to mention though that the virus usually takes time to kick in, in that the computer only slows down after I use it for some time, so it’s hard to say at the moment if it’s gone or not. I’ll report back if it slows down again.

Are you cleaning the temporary files regularly ?

Absolutely. I clear them out pretty often, sometimes manually and sometimes with CCleaner.

Are the temps OK on the system when it has been running a while ?

They do seem to get fairly full after a while, though I don’t have any exact numbers.

Download Speedfan and install it.

Once it’s installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.

http://artellos.geekstogo.com/speedfan.png
(this is a screenshot from a vista machine)

Oh temperatures, my bad I thought you meant the temporary files. I haven’t monitored those in a while however, but here’s what SpeedFan reported:

http://img507.imageshack.us/img507/2712/capturetr.png

HD1 temperature seems way too high to be true, especially since that’s my SSD.

Your hard drive is burning… You will need to clear all vents and remove dust from inside the casing

HD1 is not far from failing

There’s no way that temperature reading is accurate. I just touched HD1 with my own hands and it is very, very cool. SSDs have no moving parts, there’s no way it could generate that much heat, especially since it’s sitting right in front of a massive fan which I clean once a month.

Edit: A quick search reveals that my SSD, the OCZ Vertex 3, doesn’t have a temperature sensor, hence the ridiculously high reading.

Ah right I didn’t realise it was an SSD - in which case I would not have used speedfan

Checking it out you have all the programmes on the SSD and there is plenty of space…

I will run the next programme as a sort of fishing expedition, but to be honest I do not expect it to find anything

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

I’ve attached the ComboFix log. My computer actually started bogging down shortly before I started it up, so it clearly wasn’t fixed before that. Hard to say whether or not ComboFix managed to fix anything because of how long it can take for the virus to kick in. Will report if it slows down again.

Next time it starts to bog down could you open task manage please and let me know which procees is using the most RAM and which using the most CPU

Just happened again. It seems that firefox.exe is using the most RAM (Over 500,000 K) as well as CPU, although CPU usage is really minor (No more than 5% at a time) but still greater than any other process.

OK the next logical step would be to fully uninstall Firefox and then reinstall fresh

Do you get the same problem with IE

I just did that, now waiting to see if anything’s changed. And as I mentioned in the first post, IE was uninstalled shortly after I installed Windows.

I do have Chrome however, and I’ll be trying that out to see if it gets the same issue.

Edit: I just got the slowdown again, in Windows Explorer at least (Not IE, but the file browser). Firefox doesn’t seem to be affected at the moment, nor does Chrome.

The thing to bear in mind is that IE is an integral part of windows, removing it can lead to unforseen problems

I don’t think they would let you remove it so easily (untick it) if it was that important.

Indeed, I didn’t remove it manually, I used the “Turn Windows features on or off” function in Control Panel.