Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter #1 (Edited)
Hello there!

Yeah, my computer is not being as fast as I would like it to be at Startup, eventhough I tried, and think was successful at disabling all the Startup programs on my Windows XP computer. In fact, I think using CCleaner back then actually even deleted some Startup files that helped (including one that displayed the volume increase and decrease by keyboard buttons) but yeah, they're somewhere.

Anyway, the Startup's slow. CPU Usage is high, around 20s or so when idle, which is probably not so good. It used to be higher, but I used CCleaner to clear caches (or something like that) about a month ago, so it's slightly better.

The laptop was bought around the start of 2007, so I figure it's uh, quite advanced in age and not at it's prime anymore, but I'd like to know if there's anything I can do to make it work well again. At least not take forever to start both the computer and programs (like Firefox), you know?

C: Drive has 2.39GB out of 37.3GB left, and D: Drive has 538MB out of 37.2GB left. (I use the D: Drive for torrents, so when I'm done with the shows I usually delete them, they're taking about 7.36GB now).

Also, AVG Free has stopped making noise and generally being annoying, so I don't know if it died and I have to update or something. It's not coming up at Startup, that's for sure. I am seeing avgcsrvx.exe, avgnsx.exe, avgrsx.exe and avgwdsvc.exe running in the Windows Task Manager though, so idk.

Paying for a new computer or an anti-virus program is quite definitely out of the question (for now at least), so... where do I start to get my beloved bucket of bolts working again?

Thanks in advance! C:
 

·
Registered
Joined
·
4 Posts
Discussion Starter #3
D: Okay, ran malwarebytes, clicked the Clear Malware button and got this log:

Malwarebytes' Anti-Malware 1.43
Database version: 3459
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/31/2009 12:17:15 PM
mbam-log-2009-12-31 (12-17-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278075
Time elapsed: 4 hour(s), 13 minute(s), 54 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\WINDOWS\Help\svchost.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\AppPatch\smss.exe (Worm.AutoRun) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\windows recycled services (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_RECYCLED_Services (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.AutoRun) -> Data: c:\windows\apppatch\lsass.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Worm.AutoRun) -> Data: c:\windows\apppatch\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (Userinit.exe,C:\WINDOWS\AppPatch\smss.exe,C:\WINDOWS\AppPatch\lsass.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5A9D0384-09D0-4E0B-96DE-C5462B0674BF}\RP669\A0130242.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5A9D0384-09D0-4E0B-96DE-C5462B0674BF}\RP669\A0130257.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Help\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\AppPatch\lsass.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\AppPatch\smss.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Microsoft shared\MSInfo\Recycled.scr (Worm.AutoRun) -> Delete on reboot.
C:\Recycled.scr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\_Recycled.scr (Worm.AutoRun) -> Delete on reboot.

Will run AVG right after this restart.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #4
AVG turned up with 2 warnings of Warcraft III's Noobpack (which I don't think I use anymore so I deleted it).

Okay, so I'm done. What next do I attempt? xD
 

·
Registered
Joined
·
4 Posts
Discussion Starter #5
Hi again!

Since the last time, I ran AVG, MalwareBytes and Spybot, and thought that I was more or less done with the virus issues. The computer also wasn't running as slow, so I figured it was fine... recently though AVG has been alerting me to a virus-thing called "recycled.scr" but not giving me the option to get rid of it.

I tried to google "recycled.scr" for solutions, and guess what, this exact thread appeared in Page 2 of the google search; turns out I had it since last time eh?

I'm rescanning MBAM and AVG as I type this, and will post the updated logs later. But uh, just in case, can someone confirm how I can get rid of this Recycled.scr thing for good? Since you know, it didn't die the first time I made this thread.

Also I have a pretty good idea of where the virus came from, since I saw it in my thumbdrive that I used in university. Apparently it also names itself by "mydocuments.scr" and "photo.scr" (which incidentally I deleted from the thumbdrive just on account of it sounding suspicious, but I left recycled.scr just in case it was necessary or something, bad judgment on my part).

Some help or assistance please? Thanks in advance!
 

·
Registered
Joined
·
14,581 Posts
Hi:

First thing you need to do is free up some space on your C Drive, it is to full.
Need to keep 15-20% of free space or performance will suffer. Of course you doing torrents will get you into trouble.

No need posting any more logs here, this forum is not for working on malware problems.

It appears that you are still infected.

Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


BG
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top