Virus/Adware/Spyware problem

[montana9550]

I have got something in my computer that is driving me crazy and I can't even identify it let alone remove it.

Symptoms:

Explorer.exe uses 100% CPU randomly, not always (even in safe mode)
Can't open System32 folder (even in safe mode and from cmd)
Internet connection is being hijacked, normal connection of 4-5M is reduced to 100-200K: netstat -a shows no abnormal connections (that I'm aware of)(even in safe mode with networking)

The following programs lock up during their respective scans eventually using 100% CPU and going no where (even in safe mode):
AVG Free edition
Spybot SD - locks on "baciami"
Adaware SE Pro
CWShredder - locks on "CWS.CoolSearchA"
Trend Micro online virus scan
Panda Active Scan online

None of the scans complete so I can't see what is causing the problem. Hijack This log is clean (the only thing that comes up is AVG startup and type32.exe which is my microsoft keyboard.) No abnormal services running as far as I can tell and I am pretty good at knowing what shouldn't be there. I can usually always get rid of anything bad that gets on my computer but I am absolutely frustrated with this one, hence the post. Thanks for any advice.

 

[pechenegs]

Postt he hijack this log here so we can scan it! Do you have version 1.99.1?


When your in safe mode running ewido, alos run cwshredder and spybot!


Download the Hoster from:

http://www.funkytoad.com/download/hoster.zip

UnZip the file and press "Restore Original Hosts" and press "OK". Exit Program.



Make sure your ActiveX controls are set as follows:

Go to Internet Options - Security - Internet, press 'default level', then OK.
Now press "Custom Level."

In the ActiveX section, set the first two options (Download signed and
unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
controls not marked as safe" to 'disable'.



Active X settings

http://www.compu-docs.com/activex.htm

Download ewido!

http://www.ewido.net/en/

* Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run Ewido and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:




Run Ewido!

# IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
# Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# Ewido will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close Ewido and reboot your system back into Normal Mode.



reboot to normal mode and run a few online scans!


Run an online antivirus check from

http://www.kaspersky.com/virusscanner

choose extended database for the scan!


Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



post another hijack this log, the ewido, kaspersky and active scan logs




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

 

[montana9550]

I solved the problem before your reply but thanks for all the advice anyway. Ended up getting Spy Sweeper to complete a scan in safe mode. It caught and removed something that allowed scans from the other programs to complete and remove a whole list of junk. Computer is back to normal. Thanks.