Virus help needed!

system · January 7, 2009, 8:52pm

I ran a virus scan last night, because I noticed my computer was a lot slower than normal. It picked up a two Trojan’s. I moved both the files into the chest. So here’s where the questions start. The chest is a save place correct? Also, should I keep the files stored in there, or delete them?

On another topic, my computer is still slow even after I moved them into the folder. I ran a defrag, and a disk clean up. Do you guys have any advice of how I can restore it to it’s original speed?
Here is the file pathway for each.

1.)Virus Description: Win32:Trojan-gen {Other}
Original file name: C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ajrltomw.default\Cache\87D579FFd01 New folder: C:\DOCUME~1\User\LOCALS~1\Temp_avast4_\unp133250079.tmp\10
2.)Virus Description: Win32:Trojan-gen {Other}
Original file name: C:\System Volume Information_restore{66A778E1-5717-4206-9B5A-8C211C6549C3}\RP24\A0012389.exe New folder: C:\DOCUME~1\User\LOCALS~1\Temp_avast4_\unp43972715.tmp\11.exe

(I’m only 14 years old. So excuse my lack of knowledge.)

essexboy · January 7, 2009, 9:40pm

There may still be some residue on your system, I can look at it for you if you wish

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the OTScanit folder and double-click on OTScanit.exe to start the program.
[*]Check the box that says Scan All Users
[*]Check the Radio button for Rootkit check YES
[*]Under Additional Scans check the following:
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EventViewer Errors/Warnings (last 10)
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

system · January 7, 2009, 9:56pm

http://www.mediafire.com/?sharekey=eb5db0ea9cc3294ed2db6fb9a8902bda

That is the link to the MediaFile upload, there one with wordwrap on, and one with it off.

Upon scanning with your program. It seems to have found a Trojan Horse. Here is the info on this aswell.

Virus Description: Win32:Inject-EV [trj]
Original file name: C:\DOCUME~1\User\LOCALS~1\Temp\qpsplexk.dll New folder: C:\DOCUME~1\User\LOCALS~1\Temp_avast4_\unp26593035.tmp\12.dll

system · January 7, 2009, 10:18pm

Where’s the RootKit radio button?

system · January 7, 2009, 10:24pm

To the right of registery. Under Drivers.

system · January 7, 2009, 10:42pm

Got it, thanks.

system · January 8, 2009, 2:49am

My problem is still present.
Anymore suggestions?

system · January 8, 2009, 3:14am

After scanning the computer several times, there is one virus that keeps popping up. I moved it to the chest 3 times, yet it still shows up.

Here is the file name and pathway:
Virus Description: Win32:Inject-EV [trj]
Original file name: C:\DOCUME~1\User\LOCALS~1\Temp\qpsplexk.dll New folder: C:\DOCUME~1\User\LOCALS~1\Temp_avast4_\unp26593035.tmp\12.dll

system · January 8, 2009, 3:34am

Download and run MBAM (Quarantine if the infection is found). Post the log when MBAM is finished scanning.

system · January 8, 2009, 8:45pm

Malwarebytes’ Anti-Malware 1.32
Database version: 1630
Windows 5.1.2600 Service Pack 3

1/8/2009 2:43:15 PM
mbam-log-2009-01-08 (14-43-15).txt

Scan type: Full Scan (C:|)
Objects scanned: 80308
Time elapsed: 28 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It says nothing is found. I found out what is making my computer to lag, but not the reason why. When I pressed CTRL + ALT+ Delete, and looked at the CPU usage, it randomly spikes to 100%. It never did that before.

system · January 8, 2009, 9:04pm

Download and rename ComboFix.

Note: Close all windows before running ComboFix.

Double click on ComboFix
When the security warning comes up click Run.
When the Disclaimer of Warranty pops up, Click Yes to continue.
Click Yes to allow the Windows Recovery Console to be installed. Once the Recovery Console is installed click Yes to Continue.
When ComboFix is finished scanning, a ComboFix log will appear and the program will close. Post the log.

system · January 8, 2009, 9:06pm

I’m currently running a scan with Stopzilla. After that scan is complete, I’ll run the one you recommended

system · January 8, 2009, 9:40pm

The file is too big to post here. I uploaded it to MediaFire.
Here is the link to the folder. It is names ‘Log.txt’.

http://www.mediafire.com/file/lzujxwndwtz/log.txt

system · January 8, 2009, 11:15pm

I looked more into it, and my System Idle Processes has been 99%. But thats never happened before. Could that be the reason of the slowdown?

DavidR · January 8, 2009, 11:52pm

You can also attach .log or .txt files to your posts.

When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).

Totally unrelated in fact it is a good thin as that is the Percentage of CPU power available to the system. If however it was at 1% then something is using all processing power and that would slow things.

system · January 9, 2009, 1:18am

Oh, alright. Here’s the log then. I ran Hijackthis and other various anti virus/spy ware programs. All are showing malware free. If I were to do a System Restore, would that solve my speed problem?

system · January 9, 2009, 4:11am

You know your problem correct?
If you can move it to chect move it
If you can’t David will come soon and bring in the big stuff right now all I can say if it’s still around try to use some other scaners such as Sbybot S&d ,malware’s bytes, superanti

DavidR · January 9, 2009, 2:25pm

Well it is accepted that the person asking for the running of combofix would be the one to analyse the log. I don’t use combofix very often so I don’t class myself as experienced enough. I suggested attaching it in the forums as it is easier to access.

system · January 10, 2009, 1:07am

I understand. My question to you was, would a system restore clear up the problem. If you needed to analyze the log for that, then I understand if you wouldn’t know.

system · January 10, 2009, 1:10am

The only thing I know is that my CPU useage randomly spikes to 100%. This only happened 1-2 hours before I ran the scan, and it still continued after I removed the viruses. That is all the information I know/have. Besides the log’s and virus pathway’s I previously posted.

Virus help needed!

Announcements