|
|
#1
October 29th, 2006, 06:14 PM
|
|||
|
|||
Problem
Hey all, new to the forums and I have a problem.
I'm pretty sure that my computer has been infected with some kind of virus/worn/trojan, but im not sure what it is. I think it started when i opened an e-mail that said 'mandatory update' (heh kinda stupid of me) i was using yahoo, and it didnt say that there was an attached file, so i opened it, the page did not load, so i just exited my browser (no the browser did not freeze, the page just didn't load) Information: I have a custom computer. Windows XP Norton AV Zone Alarms Security Suite Ad-Aware Spybot Search and Destroy A2 (A Squared) Wormguard (need more info? ask please  )Symptoms: (all kinds of symptoms...) 1. Random startup/login errors. Sometimes, when i login, i get random messages like 'Windows cannot find user profile, logging into temporary profile' (or something like that, this was just from memory, so i dont remember the exact words, but thats all there was to it, and when it logged me in with that 'temporary profile' it was like i just reformatted. When i would restart, it would log me back into my old profile. Odd, huh? 2. System Restore Error - well, when i tried to run System Restore to try to fix this problem, worm guard blocked it. Of course i didn't run it the first time, but as I got frustrated with this, i let it run anyway... the System Restore ran... in 5 minutes it was over, i thought 'wow that was fast' and when windows started up, it said that the restore failed, and of course i was frustrated at that time. Obviously something wrong there. 3. In the 'My Computer' folder under files stored on this computer i HAD two files, Documents and Anthony's Documents, now i only have one in there... Documents. the folder 'Anthony's Documents' still exists on my computer, i know because i checked, but it just doesn't show up in the 'My Computer' folder anymore. Strange.... 4. I use diskeeper to defragment my computer, and whenever i defragment they have sections called: Blue - high performing files and folders Red - Low performing files and folders Pink - low performing system files White - unused space Green/White - Reserved System Space. Hard to explain without an image but here it goes.... When my computer was clean, the Defragmenter would do its job and it would never touch or move the System files/space. When i got infected, the Reserved System Space (Green/White ) moved.... to the middle row (it was originally near the bottom) and it seems like the Reserved System Space was cut in half, of course another sign that my computer is in trouble. those are the major problems, I've had minor problems too, but i bet they are just the effects of the virus/worm/trojan. I've done research and stumbled upon this page: http://www.wilderssecurity.com/showthread.php?t=8548 I've read it and i think i might have the same problem as him, can anyone post steps on how to clear all the system restore points? and how to make a new 'clean restore point? also, I noticed that this post was from the year 2003, and that worm was also 'spreading' through peoples computers in 2003, so, can i be infected with this worm here in the year 2006? So far, my progress dealing with this problem, is kinda slow, im not even sure what kind of virus/worm/trojan this is, but i know that my computer is infected with something because its slower and the startup time is very slow. I have disabled my system restore and restarted, that is all, I'm not sure what to do now, that is why i ask for someone to post a simple step by step instruction on how to delete all the system restore points and make a new 'clean' restore point. Also, i ran norton AV, but it didn't detect anything, I ran spybotSD, only cookies. I ran Ad-Aware, nothing. A-Squared, nothing again) Did more research, found out that the W32.Gluber or W32.Berglur worm 'turns off' when they detect an ,antivirus or any other scanner, run(I forgot which one does this but its one of those) So, i ran in safe-mode and when the login sceen showed up, there were two profiles, the Administrator and Anthony (Mine). I'm thinking, 'maybe this is normal?' maybe it is normal, but anyway, i logged into the Administrators profile and ran Norton AV. Norton scanned more files than usual..., when i don't run in safe mode, Norton scans about 220,000 files, when i ran in safe mode it scanned almost 400,000 files. Anyways, the scan in safe mode came up clean, no detections. So i restart (not in safe mode of course) now I'm absolutely lost, without knowing what kind of threat is in my computer, i came here, looking for help, hope you guys can help me =). reformatting is not an option to me!!!!! |
|
#2
October 29th, 2006, 06:33 PM
|
|||
|
|||
|
Re: Problem
Hello,
since there could be a few issues here, i would advise u to get HijackThis help over at this site, http://gladiator-antivirus.com/forum...howtopic=10517 Just follow the instructions at the link, post your log then wait for the malware experts to analyse your log and give u recommendations on removal if indeed any infections are found. snowbound |
|
#4
October 29th, 2006, 06:56 PM
|
|||
|
|||
|
Re: Problem
Sorry if u misunderstood me. Wilders no longer analyzes HJT logs.
Again, follow the instructions at the link and post your log over at the Gladiator site and the experts there will help u. snowbound |
|
#8
October 29th, 2006, 08:04 PM
|
|||
|
|||
|
Re: Problem
Quote:
Just be patient and check back periodically for replies. It's a busy place. Quote:
after u reenable SR again there is an option in the GUI to create a new restore point. snowbound Last edited by snowbound : October 29th, 2006 at 08:13 PM. |
|
#9
October 29th, 2006, 09:38 PM
|
|||
|
|||
|
Re: Problem
Quote:
However, while you wait, I did take a quick peek over, and you may wish to settle on either Symantec/Norton or NOD32, but not both, as your AV. Many of the symptoms you see could be related to running two AV's realtime. Blue |
|
#10
October 29th, 2006, 09:52 PM
|
|||
|
|||
|
Re: Problem
hey again, well, still no response from the gladiator forums, i guess they might answer tomorrow.
as for the SR, i already know how to turn it on or off, its just that, Pilli said something about: turning off the system restore and removing all of the restore points from the Help and Support section. (he said it somewhere in this topic http://www.wilderssecurity.com/showthread.php?t=8548) and thats what i want to know. also, while doing some research, i came across something that told me to look in my system.ini file.... Quote:
is it supposed to have only this stuff? i saw in some other forum that there was WAAAAAYYY more things in there, can someone clarify |
|
#11
October 29th, 2006, 09:58 PM
|
|||
|
|||
|
Re: Problem
Quote:
In the meantime, have you settled on one AV for your system and tested whether that has an impact on the problems you're experiencing? Quote:
Quote:
Blue |
|
#12
October 29th, 2006, 10:24 PM
|
||||||
|
||||||
|
Re: Problem
[quote]
Quote:
I uninstalled the nod32, and i will run a full system scan tomorrow. Quote:
well nvm forget what i said =), i might get back to that statement later on if i have to. Quote:
ok, cool, because i saw someone's system.ini file on a different forum and it was like 5 times the length of mine. |
|
#13
October 30th, 2006, 12:33 AM
|
|||
|
|||
|
Re: Problem
oh, another thing that just happened to me about 5 minutes ago...
i restarted my computer because i wanted to see how long my comp would take to login, anyways, while the computer was shutting down i had to end the task of some programs. Norton AV Zone Alarms and the Connections Tray... the thing that bothers me is the Connections Tray, can someone tell me what this program does? Im curious because the name bothers me... thanks for the help (and yes i did search for what it was, but i still need some clarification, thanks again) |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
