Jump to content

Invisible possible malware causing slowness, hanging, freezing

books

By books
in Resolved Malware Removal Logs

 Share

Recommended Posts

Android8888

Android8888

Posted
Posted

Hi,

 

6 hours ago, books said:

Have cleaned and reset all browsers, ran sophos and it said the computer is clean. AND it is working much better! Thank You Again!

I'm glad to hear that! :)  You're most welcome!

 

Now I suggest that you search for which outdated programs are installed in your computer. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.

You can download, install and run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

 

After doing that you can now remove the tools we used in this clean-up by running DelFix.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (this option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. You can close it, I do not need to see that log.

You can also delete manually the logs or files which DelFix was not able to remove.


If all is running well, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your Antivirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.


Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note:[/color] Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe!:)

Rui

Link to post
Share on other sites
books

books

Posted
  • Author
Posted

This is too depressing for words! The computer seem well until this morning, now its worse than ever! Absolutely every thing is "Not responding". Our home base 2 data base crashed 3 times in a row. Worst of all, we earn our living on that PC! Browsers are not responding for minutes at at time. I have the PSI scanning now as per your instructions. It seems to be taking forever! Obviously I never got as far as DelFix. Malwarebytes scan showed no threats. I am at a complete loss trying to understand what is bugging that danged PC. I am writing this from another machine.

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello books.

What do you mean with "...home base 2 data base..."? Did you meant that you have more computers connected in your Home Network? If so, please let me know.

Okay, if you still have FRST installed please re-run the tool with Administrator privileges, perform a new scan and attach the two new (FRST.txt and Addition.txt) produced logs.

I need to see those logs to understand what is going on.

Link to post
Share on other sites
books

books

Posted
  • Author
Posted

No, Home Base 2 is a database program for booksellers. However, I just went through all the programs PSI wanted updated. Many were from an old hard drive and no longer applicable so I simply removed them. I then went through the other old hard drive foldders one at a time and removed all that predated the purchase of the new computer. Then I ran the delfix and after all of that, I ran Cleaner and registry cleaner. No bugs, pups or pums showed up on any final scans. Today's efforts seemed to bring things back to normal. So, with crossed fingers and a prayer, I say, "I think we are indeed, done here!"

If it is not normal by morning I will download the FRST.txt again and download farbar again. For now, I'll just wait and see if the new normal will last. Thank You again!

Link to post
Share on other sites
books

books

Posted
  • Author
Posted

Just to confirm: My thanks to you for all your help! Three days running and all is still well and working. That machine had been bugged for a year! I'd do scans and clean ups and it would last an hour or two. This is the first time in over a year that it has functioned in a normal fashion. No more hanging and crashing! Thank you ever so much! I will never know how it got in. We have Webroot, Malwarebytes Anti-Malware Premium and windows defender of course.  Malwarebytes is always set for web protection. It all seems good now!

Oddly, it sometimes block the malwarebytes website! You can see this in the screenshot.

Capture.JPG

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello books.

 

On 31/10/2017 at 4:29 AM, books said:

Three days running and all is still well and working. That machine had been bugged for a year! I'd do scans and clean ups and it would last an hour or two. This is the first time in over a year that it has functioned in a normal fashion. No more hanging and crashing!

Okay, I'm glad to hear that! :)

 

Regarding the website blocking, please do the following:

Open Malwarebytes;
On the left pane menu click on Reports;
On the Protection Event column check-mark the checkbox corresponding to the latest Website blocked report (see the latest date);
Click the View Report button (it will open a new window);
Click the Export button and select 'Text File (*.txt)';
Give it a name and save it to the Desktop;
Please attach that file to your next reply for my review.

Thank you.

Rui

Link to post
Share on other sites
books

books

Posted
  • Author
Posted

Hi, Rui, The original problem appears to have returned!! My boss-spouse is presently working on (and screaming at) that machine. I should have access shortly and will download the FRST.txt  file and Farbar and produce a new scan. The Malwarebytes website that is being blocked is on machine # 2 which I use when I can not get on # 1. The blocked website report is attached here. I swear, machine # 1 is making me crazy. I can not seem to get to a cure. The problems always return. I am really at my wit's end! (As is my boss) I have not yet checked for this particular problem on problem machine # 1.

Blocked.txt

Link to post
Share on other sites
books

books

Posted
  • Author
Posted

Dear Rui /Android8888, Hubby is nuts. The computer is still fine. (I think sometimes he has no idea what he is doing!) I checked everything today and there Zero crashing, hanging or bugs!!!

So I think the issues with MindSpark & its companions IS RESOLVED. I have also given orders that any required downloads will be handled by me and HE IS NOT TO DOWNLOAD ANY PROGRAMS AT ALL! I think that will prevent future issues if MindSpark is truly gone. He tells me he only downloads things recommended by KimKomando, (Dumb!)  He is Books, I am FoundMarbles online, here, and it is me you have been dealing with. Books would never have the patience.

Its been a couple of years that the problem has dragged on. We both thank you!!:D:wub:

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello.


Just a note: When you suspect that a computer is infected and if that machine is connected to a network where other computers are also connected the first and safe procedure to do is disconnect those uninfected computers from that network until the infected one is clean.


That being said and if everything is okay now it's time to check for updates. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.

To do that you can run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


If all is well, you can delete the tools we used in the removal process by using DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (this option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open.


I don't need to see that log, you can close and delete it.


Before I give you some recommendations to keep computers safe and clean, let me know if all is running well at this point.


Thank you.

Rui

Link to post
Share on other sites
  • 5 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.