Virus/Spyware

[mot98]

Hi All,

One of our work computers got infected last week with a virus. I have downloaded all the malware/spyware removal tools and have cleaned it completely... I run my Anti-Virus and it tells me that there are no issues.

However, this computer is still freezing up and acting really weird.

I downloaded HijackThis and here are the results:
"C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: rms.radiator.com
O15 - Trusted Zone:

http://rms.radiator.com

O16 - DPF: {402C09CD-68ED-48B0-B008-E7B01DDBD2D5} (RawDataPrinter.Printer) -

http://rms.radiator.com/inventory/RawDataPrinter.CAB

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4567 bytes
"

Any ideas?

mot98

"Is it Friday Yet?

 

[G0AOZ]

Do you mean you've run the antivirus programme that is installed in this machine, and it came up clean? Unfortunately, viruses can be clever little so and so's and hide themselves so they can't be found once the system has been compromised. Take the hard drive out and attach it to a known clean system, then run that system's antivirus on the disk.

It could be that the operating system has been partially damaged which is resulting in the symptoms you describe. Or it might be hardware failure, e.g. RAM, HDD, etc. Run MEMTEST and HDD manufacturer's diags on the hardware.

If you've extracted any important data from this drive, I'd consider a fresh install unless it's so loaded with programmes for which the install CDs have gone awol!

ROGER - G0AOZ.

 

[kjv1611]

One of our work computers got infected last week with a virus. I have downloaded all the malware/spyware removal tools and have cleaned it completely... I run my Anti-Virus and it tells me that there are no issues.

However, this computer is still freezing up and acting really weird.

That doesn't tell a whole lot.

What scanners did you run? Surely you didn't run every scanner in existence? If so, you'd of spent more time reinstalling the system.

What do you mean by the system is still "acting really weird"?

Have you tried a repair install of Windows?

What version of Windows are you running?

It really would help if you told what odd things were going on. I mean, freezing up is odd of course, but you said it's freezing AND doing odd things.

Is a reinstall of Windows out of the question? Sometimes, it's best to just reinstall Windows after a major malware/virus infection.

Internet/Network settings - check to be sure no proxy is setup that shouldn't be there, and it might do good to check your hosts file.

http://en.wikipedia.org/wiki/Hosts_file

 

[jlockley]

A virus or malware doesn't exclude a problem on the os or conflicting programs.
If you have multiple virus programs running, they may conflicting.
Your system itself could have taken a hit due to alteration and or removal of a .dll (can cause the computer to hang).
Before you rip everything apart try an online scan. I use Trend Micro's housecall..it's free and can catch things your possibly compromised AV software cannot.
Then see if you can repair Windows rather than reinstall.
Go off line and uninstall all AV software, restart in safe mode without network and delete the folders the software uses, then reinstall one spyware and ond AV program.
Check your startup programs using MSConfig, if you have XP. Uncheck things that are not necessary.
You might want to ask this question in the OS questions area, as well.

 

[kjv1611]

Well, recent post to an old thread, but oh well..

mot98,

Did you ever do anything else with this one? What's the current situation? Did you wipe and reinstall, ignore it, or what?

 

[goombawaho]

Hmmmm. Could this be a case of

http://www.urbandictionary.com/define.php?term=post+whoring

 

[kjv1611]

I wouldn't go that far. It just seems to me that jlockley posted some other info he/she thought useful, but didn't look or notice that the thread was a little old.

Then again, I've seen on many other forum boards, where the questions and answers are often separated by weeks or months. So, I suppose just depends upon what you're used to.

 

[goombawaho]

a little old" - Yep. Especially with no update from the OP. That sealed the deal for me.

On other forums (now you know I"m seeing other forums on the sly) you get ripped a new one for bumping an old post unless there's a real relevant reason for doing so.

 

[TerryTurn]

There can be a chance of rootkits. Rootkits can slow down the computers performance . There is a possibility of registry errors which may freeze the computer .