×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Virus/Spyware

Virus/Spyware

Virus/Spyware

(OP)
Hi All,

One of our work computers got infected last week with a virus. I have downloaded all the malware/spyware removal tools and have cleaned it completely... I run my Anti-Virus and it tells me that there are no issues.

However, this computer is still freezing up and acting really weird.

I downloaded HijackThis and here are the results:
"C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: rms.radiator.com
O15 - Trusted Zone: http://rms.radiator.com
O16 - DPF: {402C09CD-68ED-48B0-B008-E7B01DDBD2D5} (RawDataPrinter.Printer) - http://rms.radiator.com/inventory/RawDataPrinter.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O17 - HKLM\System\CS3\Services\Tcpip\..\{281B415A-4C92-4B18-AE7A-6587C9DBBA3E}: NameServer = 198.235.216.130,198.235.216.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4567 bytes
"

Any ideas?

mot98
cheers
"Is it Friday Yet?"

RE: Virus/Spyware

Do you mean you've run the antivirus programme that is installed in this machine, and it came up clean?  Unfortunately, viruses can be clever little so and so's and hide themselves so they can't be found once the system has been compromised.  Take the hard drive out and attach it to a known clean system, then run that system's antivirus on the disk.

It could be that the operating system has been partially damaged which is resulting in the symptoms you describe.  Or it might be hardware failure, e.g. RAM, HDD, etc.  Run MEMTEST and HDD manufacturer's diags on the hardware.

If you've extracted any important data from this drive, I'd consider a fresh install unless it's so loaded with programmes for which the install CDs have gone awol!

ROGER - G0AOZ.
 

RE: Virus/Spyware

Quote (mot98):

One of our work computers got infected last week with a virus. I have downloaded all the malware/spyware removal tools and have cleaned it completely... I run my Anti-Virus and it tells me that there are no issues.

However, this computer is still freezing up and acting really weird.

That doesn't tell a whole lot.

What scanners did you run?  Surely you didn't run every scanner in existence?  If so, you'd of spent more time reinstalling the system.

What do you mean by the system is still "acting really weird"?

Have you tried a repair install of Windows?

What version of Windows are you running?

It really would help if you told what odd things were going on.  I mean, freezing up is odd of course, but you said it's freezing AND doing odd things.

Is a reinstall of Windows out of the question?  Sometimes, it's best to just reinstall Windows after a major malware/virus infection.

Internet/Network settings - check to be sure no proxy is setup that shouldn't be there, and it might do good to check your hosts file.
http://en.wikipedia.org/wiki/Hosts_file

RE: Virus/Spyware

A virus or malware doesn't exclude a problem on the os or conflicting programs.
If you have multiple virus programs running, they may conflicting.
Your system itself could have taken a hit due to alteration and or removal of a .dll (can cause the computer to hang).
Before you rip everything apart try an online scan. I use Trend Micro's housecall..it's free and can catch things your possibly compromised AV software cannot.
Then see if you can repair Windows rather than reinstall.
Go off line and uninstall all AV software, restart in safe mode without network and delete the folders the software uses, then reinstall one spyware and ond AV program.
Check your startup programs using MSConfig, if you have XP. Uncheck things that are not necessary.
You might want to ask this question in the OS questions area, as well.
 

RE: Virus/Spyware

Well, recent post to an old thread, but oh well..

mot98,

Did you ever do anything else with this one?  What's the current situation?  Did you wipe and reinstall, ignore it, or what?

RE: Virus/Spyware

I wouldn't go that far.  It just seems to me that jlockley posted some other info he/she thought useful, but didn't look or notice that the thread was a little old.

Then again, I've seen on many other forum boards, where the questions and answers are often separated by weeks or months.  So, I suppose just depends upon what you're used to.

RE: Virus/Spyware

"a little old" - Yep.  Especially with no update from the OP.  That sealed the deal for me.

On other forums (now you know I"m seeing other forums on the sly) you get ripped a new one for bumping an old post unless there's a real relevant reason for doing so.

RE: Virus/Spyware

There can be a chance of rootkits. Rootkits can slow down the computers performance . There is a possibility of registry errors which may freeze the computer .

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close