Jump to content

Trojan.0access Found and Deleted, but still running slow


Recommended Posts

My Dell laptop began running very slow yesterday.  I am currently unable to uninstall any programs.  I get an error message saying windows installer is not working.  I was able to run Malwarebytes in safe-mode with networking and the trojan.0access was found and quarantined.  I have deleted this from the system.  When I tried to go back into normal mode, it took about 25 minutes to get off of a black screen with only my mouse cursor showing.  Once Windows finally loaded, it was still extremely slow, in fact, it seemed worse.  So I followed the instructions found here

 

I'm attaching the two reports from my Farbar Recovery Scan Tool.  Please help.

 

FRST.txtAddition.txt

Link to post
Share on other sites
  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
Re-run MalwareBytes scan, but now quarantine all found items.
 
 
 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
  • Include that log in your next reply.
    icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
    icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Link to post
Share on other sites

Thanks for the quick response!  I am at work, so I will be responding quickly as well for the next couple of hours.

 

I ran MalwareBytes again and although the log doesn't show it, I had 6 new threats with the below title.

 

Trojan.Siredef.C - Location: C:\$Recycle.Bin\S-1-5........etc

 

I quarantined all 6 and ran the scan again.  This time I came up clean.  This was a hyper scan.  I guess I will run a full scan now to be sure.  I'll run the ComboFix right after, if it comes back clean.

 

 

malware log 2.txt

Link to post
Share on other sites

I tried running Malwarebytes threat (full) scan, but it got hung up early on for about 35 minutes.  I gave up and ran the ComboFix.  I should have asked first, but ComboFix is restarting my computer and going into normal mode.  I wasn't sure if I should hold down F8 to force the restart back into Safe Mode.  The restart is probably going to take a while, so I may not get the log posted until tomorrow morning (U.S. EST).  

 

Windows came back on, and ComboFix said it was saving the log.  Now I just have a black screen with my mouse pointer.  If anything changes in the next 30 minutes, I will post the log.  Otherwise, I will do it tomorrow.

 

Link to post
Share on other sites

It appears my computer may be frozen.  I have a blue screen (not the blue screen of death) with the windows 7 Professional logo at the bottom and my mouse cursor.  The mouse cursor does not move though.  In an essence to save time tomorrow morning when I get here, please let me know if I should just do a hard shutdown and try to go into Safe Mode.  If I don't hear from you by tomorrow morning, I guess I will go ahead and do it either way.

Link to post
Share on other sites

I came in this morning to find my computer at the same screen I mentioned above.  So I did a hard shutdown about 30 minutes ago and started it back up.  I'm currently at a black screen with only my house cursor.  It may be a while before windows actually pulls up, if it does at all.  Are you sure I can't just boot up into safe mode with networking?  For whatever reason safe mode runs 1000 times faster than normal mode right now.

Link to post
Share on other sites

I just went through the forums to view some other people's combofix logs.  It looks like mine is incomplete.  Should I run it again and this time, when combofix reboots my computer hold down f8 so it goes back into safe mode?  I don't really know what else to do since normal mode doesn't work.  Sorry for all the replys.  I don't see an edit post button.

Link to post
Share on other sites
  • Staff

I don't think this will help.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Any idea on where to go from here? I've made it to normal mode today. I'm viewing my processes and I have one called System with a description of NT Kernal & System taking up to 25% of my CPU. I tried ending and it just comes back on. Let me know what I should do while normal mode is actually responding. I'm considering trashing the computer tomorrow since it has been nearly a week for me trying to fix it.

Link to post
Share on other sites
  • Staff

Let's make one more check:
 
 

TDSSKiller_Kaspersky.png Scan with TDSSKiller
 
Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.
 
 
 
 

RogueKiller.png Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Link to post
Share on other sites

I'm sure you can guess, normal mode failed when rebooting.  I ran everything in safe mode with networking.  It sounds like there's no hope in doing it this way though.  Attached are the two reports just in case.  Let me know what you suggest either way.  Thanks!

 

TDSSKiller.3.0.0.40_19.10.2014_16.11.46_log.txt

RKreport_SCN_10192014_162009.log

Link to post
Share on other sites

Well that's good.  Unfortunately my computer fails to start in normal mode.  I'm not sure if something was deleted in the initial sweep, but ever since deleting the trojan.0access, my computer moves at a snail's pace.  

 

As I mentioned earlier, I have some system process taking at least 25% of my CPU on a constant basis.  From what I could find on google, that process should be at 0% CPU most of the time.  

 

On another note, my computer seemed to have hit the fan when I updated Skype last week.  My first thought was to uninstall Skype all together.  That's when I discovered the trojan.  I currently cannot uninstall any programs.  When I try, it says something like Windows Installer Service could not be accessed.  I assumed it was the trojan blocking the installer from working, but since deleting the trojan, windows installer still doesn't work.

 

I'm going to poke around the internet to try and find solutions on how to fix that, unless you have any clue.  Either way, thanks for your assistance.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.