Trojan/worm/virus Type Pf Thing., Help!!! Options

[Sensible Jones]

Hi Guys,
Has anyone heard of a Virus/Worm/Trojan type of thing that kills Firefox completely and slows IE down to a snails pace before causing it to freeze up entirely?

I have somehow gotten infected and I can't find anything about it!
I've updated and run Malware Antibytes several times, it found a couple of Trojans but the last 2-3 Scans have been clear!

It's really beginning to annoy me as I can just about get 5 mins or so Online at a time before having to Reboot!!!!

Thanks in advance guys!!



Edit ~ Kant Spel.

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

This post has been edited by Sensible Jones: Feb 23 2010, 11:57 PM

[purple hayes]

How's Chrome run?

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[jafomatic]

If it's specific to your browsers it sounds like a toolbar or other plugin/BHO. The program hijackthis! may be able to help identify those beyond the usual eyeballing of your windows registry.

If you'd like some alternatives, though this won't find BHO installations, you can export the following keys from your registry and we can take a look:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Any program listed in either of those nodes of your registry tree will be executed when windows starts up. Some common items to be found in there would be unnecessary wireless configuration apps, unnecessary printer configuration apps, quicktime, nvidia control panel, IM clients, and so on. The other thing you may find in there are viruses. The best time to clean that is when running in safe mode so that there is less chance that your virus is running and will repair the key that you remove.

There's also a forum (bleepingcomputer.com or something?) where folks are encouraged to upload the output from hijackthis! for analysis by the community; locating problems and offering solutions.

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Ivan Milenkovic]

I would try Spybot anti spyware, and AVG antivirus scans. These two have never failed me. Good luck mate

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

This post has been edited by Ivan Milenkovic: Feb 24 2010, 01:30 AM

[UncleSkillet]

I would suggest that you do the following things.

1.) Boot in safe mode with networking
2.) Delete all temp files (under all profiles and the Windows directory)
3.( Delete all items in the Windows\prefetch folder.
4.)Turn off System Restore.
5.) Open a Run command and type msconfig. Look through there and uncheck anything that looks suspect.
6.) Download Trojan Remover, update the definition files and run it. This will detect those BHO and other things that Jafo mentioned.
7.) Make sure your malware definition files are updated and run it again.
8.) Also go to Add and Remove Program in Control Panel and uninstall any tool bars and weird junk that your not using.
9.) Go to Control Panel> Internet Options and in the Security tab reset the browser security levels for everything back to the defaults.
10.) Reboot in normal mode. First try IE. If that works fine then close it and Try Firefox.

Let us know what happens. May the force be with you!

Their are a few other things we can do but this should get you back up to a stable point were we can discuss it if you want.

Hope it help

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Bogdan Radovic]

Usually this software was helpful to me - http://download.cnet.com/Spybot-Search-amp...4-10122137.html

But some trojans are tough and I only get to remove them by formatting whole drive and reinstalling the OS...

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Sensible Jones]

Thanks for all the advice guys!
I have Spybot, Malaware etc and they haven't found anything! I've also got Hijackthis and will run that as well.

Jafo:- I'll run those two and post the results here and I'll also try what Uncleskillet suggests too!

I'll check the Error Log and post that too! Hopefully we can figure this out!!!

Thanks again guys!

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Fran]

This has saved me in the past from something similar, as simple as it sounds: restore the system to a previous date like a week or two ago when it wasn't happening.

It won't hurt and is fast and easy.

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Sensible Jones]

This has saved me in the past from something similar, as simple as it sounds: restore the system to a previous date like a week or two ago when it wasn't happening.

It won't hurt and is fast and easy.

How do I do that Fran?


If it's of any use to anyone my Error Log reads as:-

"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

This post has been edited by Sensible Jones: Feb 27 2010, 08:48 PM

[JCJXXL]

I wouldn't recommend system restore. Not all files get returned to their original state. Why don't you try COMBOFIX. It's a great tool for those hard to find spyware intrusions.

CODE

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Fran]

How do I do that Fran?


If it's of any use to anyone my Error Log reads as:-

"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?

Sorry Jones, didn't se your reply until now

It's easy, go to start > programs > accesories > system tools > system restore

But I hope you had already solved it by now

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Saoirse O'Shea]

...
"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?

SJ,
I don't think that is a trojan etc but a BIOS issue see Microsoft Q283649:
http://support.microsoft.com/default.aspx?...b;EN-US;q283649. It's caused as your Bios is trying to write to a port in the AML.

Are you on an Athlon by any chance? Just asking as they were known for this.

You need to flash upgrade the Bios on your pc mate.

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Daniel Realpe]

seems like a serious virus...did you manage to fix it? I never can fix serious viruses....just reinstall...then again I haven't got them in a long time

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Sensible Jones]

SJ,
I don't think that is a trojan etc but a BIOS issue see Microsoft Q283649:
http://support.microsoft.com/default.aspx?...b;EN-US;q283649. It's caused as your Bios is trying to write to a port in the AML.

Are you on an Athlon by any chance? Just asking as they were known for this.

You need to flash upgrade the Bios on your pc mate.

Thanks for that link Tony, that explains what's been going on!!
I can't seem to find any BIOS Updates though. It's not an Athlon, it's a Compaq Deskpro EP/SB, Pent III.
Can't find any relevant info on the HP site either!

seems like a serious virus...did you manage to fix it? I never can fix serious viruses....just reinstall...then again I haven't got them in a long time

Fortunately it doesn't seem to be a virus as Tony points out!
Tomorrow I am going to move all my files to another drive and then re-format this one and re-install XP!

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!

[Saoirse O'Shea]

Thanks for that link Tony, that explains what's been going on!!
I can't seem to find any BIOS Updates though. It's not an Athlon, it's a Compaq Deskpro EP/SB, Pent III.
Can't find any relevant info on the HP site either!
...

If it's a Compaq they may not put up a BIOS fix - long time since I have any dealing with Compaq but I kind of remember them preferring people to use authorised techs for things like BIOS updates. Here's the UK website though just in case SJ.

You are at GuitarMasterClass.net

Don't miss today's free lick. Plus all our lessons are packed with free content!

Don't miss today's free blues, jazz & country licks. Plus all our lessons are packed with free content!