Tech Support Forum - View Single Post - Crash/Slow system

**Angelfire777** · 06-20-2008, 08:10 PM

Hi,

two programs that I recommend you to uninstall:

Download Accelerator Plus - this one delivers popup/popunder ads, and tracks your internet usage, also causes a slowdown of your browser

I see you have P2P software ( BitComet 0.74 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall those, however that choice is up to you. If you choose to remove those programs, you can do so via Control Panel >> add/remove programs

If you decided to uninstall Bitcomet or DAP, also delete these Folders if they still exist:

C:\Arquivos de programas\BitComet
C:\Arquivos de programas\DAP
_________

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.

*Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.

Do not remove the flashdrive until you finish the combofix scan.

*Open notepad.
Copy and paste the text inside the code box below to notepad

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/260495-crash-slow-system-trojan-win32-monder-gen.html
File::
C:\WINDOWS\BM2bc421cf.xml
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winsys2.exe
C:\WINDOWS\pss\winsys2.exe
H:\NTsys.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6552f18-9ef9-4bc9-9cee-eb4c51c18b1d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"28f71253"=-
"BM2bc421cf"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winsys2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28f71253]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2bc421cf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f32b014-83db-11dc-8fb0-0013d4afa7b9}]
Collect::
C:\WINDOWS\system32\njgodlks.dll
C:\WINDOWS\system32\rkubljsv.dll
C:\WINDOWS\system32\ypjdkuym.dll

Save and Name it as "CFScript"
Drag and drop CFScript.txt to your copy of combofix.
You can take a look at the image below if you're unsure on how to do it.
Combofix wil restart your machine then it will produce a log afterwards.
Additonally, please follow all of combofix's instructions regarding the submission of some malware for analysing and make sure that you don't leave that part out.
Please post the contents of that log along with a fresh HijackThis log.

__________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u6, and install it to your computer.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

__________

Please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a

Fresh HijackThis log.
kaspersky scan log
combofix log

06-20-2008, 08:10 PM	#7 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 2,841 OS: XP	Re: Crash/Slow system - Trojan.Win32.Monder.gen Hi, two programs that I recommend you to uninstall: Download Accelerator Plus - this one delivers popup/popunder ads, and tracks your internet usage, also causes a slowdown of your browser I see you have P2P software ( BitComet 0.74 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here, and here. I would strongly recommend that you uninstall those, however that choice is up to you. If you choose to remove those programs, you can do so via Control Panel >> add/remove programs If you decided to uninstall Bitcomet or DAP, also delete these Folders if they still exist: C:\Arquivos de programas\BitComet C:\Arquivos de programas\DAP _________ Open HijackThis > choose Scan Only > Place a checkmark* in the boxes beside these entries in bold. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis. Download Flash_Disinfector* from here and save it to your desktop. Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program. The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone. Please do so and allow the utility to clean up those drives as well. Do not remove the flashdrive until you finish the combofix scan. Open notepad. Copy and paste the text inside the code box below to notepad* Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/260495-crash-slow-system-trojan-win32-monder-gen.html File:: C:\WINDOWS\BM2bc421cf.xml C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winsys2.exe C:\WINDOWS\pss\winsys2.exe H:\NTsys.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6552f18-9ef9-4bc9-9cee-eb4c51c18b1d}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "28f71253"=- "BM2bc421cf"=- [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winsys2.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28f71253] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2bc421cf] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f32b014-83db-11dc-8fb0-0013d4afa7b9}] Collect:: C:\WINDOWS\system32\njgodlks.dll C:\WINDOWS\system32\rkubljsv.dll C:\WINDOWS\system32\ypjdkuym.dll Save and Name it as "CFScript" Drag and drop CFScript.txt to your copy of combofix. You can take a look at the image below if you're unsure on how to do it. Combofix wil restart your machine then it will produce a log afterwards. Additonally, please follow all of combofix's instructions regarding the submission of some malware for analysing and make sure that you don't leave that part out. Please post the contents of that log along with a fresh HijackThis log. __________ Your Java is out of date.... Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components. Click Start > Control Panel Click Add/Remove Programs Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove button. Repeat as many times as necessary to remove all versions of Java. Reboot your computer once all Java components are removed. Then download Java Runtime Environment 6u6, and install it to your computer. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. __________ Please do an online scan with Kaspersky WebScanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. On your next reply, please include a Fresh HijackThis log. kaspersky scan log combofix log __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. Last edited by Angelfire777 : 06-20-2008 at 08:12 PM.