Tech Support Forum - View Single Post

alba · 06-26-2007, 05:02 PM

Hi Niazcro,

ComboFix did a good job just a bit of tidying to do

I see you kept NOD good choice it is the one I use myself

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

========================

Open Notepad and copy/paste the text in the code box below into it:

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\"winjvd32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2awtsrpp2=-

Save this as ComboFix-Do.txt, in the same location as ComboFix.exe

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===============================================

From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :

Advanced Uninstaller PRO 2005 - version 7
J2SE Runtime Environment 5.0 Update 9

=================

Run a scan with Teka.exe (located in C:\Program Files\HijackThis) & select/tick the following & click "Fix checked" :

O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\

Please remember to close all other windows, including browsers then click Fix checked.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

Tick - Show hidden files and folder
Untick - Hide file extensions for known types
Untick - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following folders, if present:

C:\Program Files\Advanced Uninstaller
C:\Program Files\Alwil Software
C:\PROGRA~1\Grisoft

If you have any problems reboot into safe mode to do the deletions
=======================

Please empty your Microsoft AntiSpyware Quarantine

====================================

Open Mozilla Firefox and go to

Click on Tools
Click on Options
Click on Privacy
Click on Clear Now for Cookies and Cache

======================

Please reboot your computer

From your desktop double-click on jre-6-windowsi586-p.exe to install the newest version

=============================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

===================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:

Kaspersky Online scan
main.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

06-26-2007, 05:02 PM	#9 (permalink)
alba Analyst, Security Team Join Date: Feb 2005 Location: Eire Posts: 2,006 OS: Vista, Ubuntu 8.04	Re: CPU Usage 100% when online Hi Niazcro, ComboFix did a good job just a bit of tidying to do I see you kept NOD good choice it is the one I use myself Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. =============================== Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. ======================== Open Notepad and copy/paste the text in the code box below into it: Code: Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\"winjvd32"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2awtsrpp2=- Save this as ComboFix-Do.txt, in the same location as ComboFix.exe Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall =============================================== From Control Panel->Add/Remove Programs, uninstall the following programs, if present, : Advanced Uninstaller PRO 2005 - version 7 J2SE Runtime Environment 5.0 Update 9 ================= Run a scan with Teka.exe (located in C:\Program Files\HijackThis) & select/tick the following & click "Fix checked" : O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\ O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\ *Please remember to close all other windows, including browsers then click Fix checked.* =============================================== If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Tick - Show hidden files and folder Untick - Hide file extensions for known types Untick - Hide protected operating system files Click Yes to confirm & then click OK Locate and delete the following folders, if present: C:\Program Files\Advanced Uninstaller C:\Program Files\Alwil Software C:\PROGRA~1\Grisoft If you have any problems reboot into safe mode to do the deletions ======================= Please empty your Microsoft AntiSpyware Quarantine ==================================== Open Mozilla Firefox and go to Click on Tools Click on Options Click on Privacy Click on Clear Now for Cookies and Cache ====================== Please reboot your computer From your desktop double-click on jre-6-windowsi586-p.exe to install the newest version ============================= Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. =================== Please Run a scan with Deckard's System Scanner and save the log =============================================== In your next post, please include fresh logs from: Kaspersky Online scan main.txt Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Member of UNITE If I have helped you in anyway, please DONATE to TSF Go raibh maith agat