Reply to this topicStart new topic
> Trojan/worm/virus Type Pf Thing., Help!!!
Sensible Jones
post Feb 23 2010, 11:56 PM
Post #1


GMC:er
Group Icon

Group: GMC Senior
Posts: 6.261
Joined: 2-January 09
From: London-ish. UK.
Member No.: 6.517



Hi Guys,
Has anyone heard of a Virus/Worm/Trojan type of thing that kills Firefox completely and slows IE down to a snails pace before causing it to freeze up entirely?

I have somehow gotten infected and I can't find anything about it!
I've updated and run Malware Antibytes several times, it found a couple of Trojans but the last 2-3 Scans have been clear!

It's really beginning to annoy me as I can just about get 5 mins or so Online at a time before having to Reboot!!!!

Thanks in advance guys!!
biggrin.gif biggrin.gif


Edit ~ Kant Spel.

This post has been edited by Sensible Jones: Feb 23 2010, 11:57 PM


--------------------
I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
Go to the top of the page
 
+Quote Post
purple hayes
post Feb 24 2010, 12:32 AM
Post #2


Ultimate Guitar Hero
*

Group: Members
Posts: 1.085
Joined: 6-September 07
From: USA
Member No.: 2.712



How's Chrome run?


--------------------
My guitar bits on YouTube: <a href="https://www.youtube.com/duathlon70" target="_blank">https://www.youtube.com/duathlon70</a>
Go to the top of the page
 
+Quote Post
jafomatic
post Feb 24 2010, 12:47 AM
Post #3


GMC:er
*

Group: Members
Posts: 1.049
Joined: 6-May 09
From: Austin, TX
Member No.: 7.145



If it's specific to your browsers it sounds like a toolbar or other plugin/BHO. The program hijackthis! may be able to help identify those beyond the usual eyeballing of your windows registry.

If you'd like some alternatives, though this won't find BHO installations, you can export the following keys from your registry and we can take a look:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Any program listed in either of those nodes of your registry tree will be executed when windows starts up. Some common items to be found in there would be unnecessary wireless configuration apps, unnecessary printer configuration apps, quicktime, nvidia control panel, IM clients, and so on. The other thing you may find in there are viruses. The best time to clean that is when running in safe mode so that there is less chance that your virus is running and will repair the key that you remove.

There's also a forum (bleepingcomputer.com or something?) where folks are encouraged to upload the output from hijackthis! for analysis by the community; locating problems and offering solutions.



--------------------
::jafomatic


http://jafomatic.net/tunes/ <-- Here lies the master collection of my collaboration and other improvisation recordings.

Go to the top of the page
 
+Quote Post
Ivan Milenkovic
post Feb 24 2010, 01:30 AM
Post #4


Instructor
Group Icon

Group: GMC Instructor
Posts: 25.396
Joined: 20-November 07
From: Belgrade, Serbia
Member No.: 3.341



I would try Spybot anti spyware, and AVG antivirus scans. These two have never failed me. Good luck mate

This post has been edited by Ivan Milenkovic: Feb 24 2010, 01:30 AM


--------------------
- Ivan's Video Chat Lesson Notes HERE
- Check out my GMC Profile and Lessons
- (Please subscribe to my) YouTube Official Channel
- Let's be connected through ! Facebook! :)
Go to the top of the page
 
+Quote Post
UncleSkillet
post Feb 24 2010, 01:31 AM
Post #5


Learning Tone Seeker
*

Group: Members
Posts: 1.525
Joined: 21-January 08
From: Cincinnati, Ohio
Member No.: 3.915



I would suggest that you do the following things.

1.) Boot in safe mode with networking
2.) Delete all temp files (under all profiles and the Windows directory)
3.( Delete all items in the Windows\prefetch folder.
4.)Turn off System Restore.
5.) Open a Run command and type msconfig. Look through there and uncheck anything that looks suspect.
6.) Download Trojan Remover, update the definition files and run it. This will detect those BHO and other things that Jafo mentioned.
7.) Make sure your malware definition files are updated and run it again.
8.) Also go to Add and Remove Program in Control Panel and uninstall any tool bars and weird junk that your not using.
9.) Go to Control Panel> Internet Options and in the Security tab reset the browser security levels for everything back to the defaults.
10.) Reboot in normal mode. First try IE. If that works fine then close it and Try Firefox.

Let us know what happens. May the force be with you! cool.gif

Their are a few other things we can do but this should get you back up to a stable point were we can discuss it if you want.

Hope it help


--------------------
"Think of a guitar solo as a paragraph. You need a clear beginning, a middle, and an end. Look at musical phrases like sentences, and make sure you break them up using punctuation—or space. You pause naturally when conversing, right? If you don't, you'll bore the listener. The same thing will happen with your audience if your solo is one dimensional. You'll wear them out and lose their attention." —Tom Principato
Go to the top of the page
 
+Quote Post
Bogdan Radovic
post Feb 24 2010, 01:54 AM
Post #6


Bass & Beginner Instructor
Group Icon

Group: GMC Instructor
Posts: 15.612
Joined: 30-November 07
From: Belgrade, Serbia
Member No.: 3.410



Usually this software was helpful to me - http://download.cnet.com/Spybot-Search-amp...4-10122137.html

But some trojans are tough and I only get to remove them by formatting whole drive and reinstalling the OS... sad.gif


--------------------
For GMC support please email support (at) guitarmasterclass.net
Check out my lessons and my instructor board.
Check out my beginner guitar lessons course! ; Take a bass course now!
My solo and band songs : Keep Going On, Night Vibe, Kad Te Vidim, Susret, Plava Silueta
Go to the top of the page
 
+Quote Post
Sensible Jones
post Feb 26 2010, 01:23 PM
Post #7


GMC:er
Group Icon

Group: GMC Senior
Posts: 6.261
Joined: 2-January 09
From: London-ish. UK.
Member No.: 6.517



Thanks for all the advice guys!
I have Spybot, Malaware etc and they haven't found anything! I've also got Hijackthis and will run that as well.

Jafo:- I'll run those two and post the results here and I'll also try what Uncleskillet suggests too!

I'll check the Error Log and post that too! Hopefully we can figure this out!!!

Thanks again guys!
biggrin.gif


--------------------
I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
Go to the top of the page
 
+Quote Post
Fran
post Feb 26 2010, 06:00 PM
Post #8


Learning Rock Star - Wiki Coordinator
Group Icon

Group: GMC Senior
Posts: 7.921
Joined: 20-November 07
From: Spain
Member No.: 3.338



This has saved me in the past from something similar, as simple as it sounds: restore the system to a previous date like a week or two ago when it wasn't happening.

It won't hurt and is fast and easy.


--------------------
Guitars:
Fender American Deluxe Stratocaster, Ibanez RG2570MZ, Epiphone SG G-400
Amp:
Vox AC4TVH head + V112TV cab
Effects:
Vox Satchurator, Vox Time Machine, Dunlop CryBaby, Boss MT-2, Boss CE-5, Boss TU-2, Boss ME-70
Recording:
Line-6 POD X3 + FBV-Express, Pandora PX5D

GMC wants YOU to take part in our Guitar-Wikipedia!
Have a good time reading great articles and writing your own with us in our GUITAR WIKI!
Share your playing and get Pro-advice from our Instructors: Join REC
Go to the top of the page
 
+Quote Post
Sensible Jones
post Feb 27 2010, 05:14 PM
Post #9


GMC:er
Group Icon

Group: GMC Senior
Posts: 6.261
Joined: 2-January 09
From: London-ish. UK.
Member No.: 6.517



QUOTE (Fran @ Feb 26 2010, 05:00 PM) *
This has saved me in the past from something similar, as simple as it sounds: restore the system to a previous date like a week or two ago when it wasn't happening.

It won't hurt and is fast and easy.

How do I do that Fran?


If it's of any use to anyone my Error Log reads as:-

"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?
huh.gif


This post has been edited by Sensible Jones: Feb 27 2010, 08:48 PM


--------------------
I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
Go to the top of the page
 
+Quote Post
JCJXXL
post Mar 1 2010, 04:28 AM
Post #10


GMC:er
*

Group: Members
Posts: 327
Joined: 22-January 07
From: AMERICA THE BEAUTIFUL!
Member No.: 1.101



I wouldn't recommend system restore. Not all files get returned to their original state. Why don't you try COMBOFIX. It's a great tool for those hard to find spyware intrusions.

CODE
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Go to the top of the page
 
+Quote Post
Fran
post Mar 1 2010, 10:47 AM
Post #11


Learning Rock Star - Wiki Coordinator
Group Icon

Group: GMC Senior
Posts: 7.921
Joined: 20-November 07
From: Spain
Member No.: 3.338



QUOTE (Sensible Jones @ Feb 27 2010, 05:14 PM) *
How do I do that Fran?


If it's of any use to anyone my Error Log reads as:-

"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?
huh.gif


Sorry Jones, didn't se your reply until now sad.gif

It's easy, go to start > programs > accesories > system tools > system restore

But I hope you had already solved it by now smile.gif


--------------------
Guitars:
Fender American Deluxe Stratocaster, Ibanez RG2570MZ, Epiphone SG G-400
Amp:
Vox AC4TVH head + V112TV cab
Effects:
Vox Satchurator, Vox Time Machine, Dunlop CryBaby, Boss MT-2, Boss CE-5, Boss TU-2, Boss ME-70
Recording:
Line-6 POD X3 + FBV-Express, Pandora PX5D

GMC wants YOU to take part in our Guitar-Wikipedia!
Have a good time reading great articles and writing your own with us in our GUITAR WIKI!
Share your playing and get Pro-advice from our Instructors: Join REC
Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post Mar 1 2010, 12:12 PM
Post #12


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



QUOTE (Sensible Jones @ Feb 27 2010, 05:14 PM) *
...
"AMLI:ACPI BIOS is attempting to read from an illegal IO Port address (0x71). which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance."

Any ideas?
huh.gif



SJ,
I don't think that is a trojan etc but a BIOS issue see Microsoft Q283649:
http://support.microsoft.com/default.aspx?...b;EN-US;q283649. It's caused as your Bios is trying to write to a port in the AML.

Are you on an Athlon by any chance? Just asking as they were known for this.

You need to flash upgrade the Bios on your pc mate.


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post
Daniel Realpe
post Mar 7 2010, 06:26 PM
Post #13


Instructor
Group Icon

Group: GMC Instructor
Posts: 5.655
Joined: 11-October 09
From: Bogota
Member No.: 7.694



seems like a serious virus...did you manage to fix it? I never can fix serious viruses....just reinstall...then again I haven't got them in a long time


--------------------
Visit my:
INSTRUCTOR PROFILE

"If a composer could say what he had to say in words he would not bother trying to say it in music."
Gustav Mahler


Subscribe to my Youtube Channel here
Go to the top of the page
 
+Quote Post
Sensible Jones
post Mar 7 2010, 06:45 PM
Post #14


GMC:er
Group Icon

Group: GMC Senior
Posts: 6.261
Joined: 2-January 09
From: London-ish. UK.
Member No.: 6.517



QUOTE (tonymiro @ Mar 1 2010, 11:12 AM) *
SJ,
I don't think that is a trojan etc but a BIOS issue see Microsoft Q283649:
http://support.microsoft.com/default.aspx?...b;EN-US;q283649. It's caused as your Bios is trying to write to a port in the AML.

Are you on an Athlon by any chance? Just asking as they were known for this.

You need to flash upgrade the Bios on your pc mate.

Thanks for that link Tony, that explains what's been going on!!
I can't seem to find any BIOS Updates though. It's not an Athlon, it's a Compaq Deskpro EP/SB, Pent III.
Can't find any relevant info on the HP site either!
sad.gif

QUOTE (Daniel Realpe @ Mar 7 2010, 05:26 PM) *
seems like a serious virus...did you manage to fix it? I never can fix serious viruses....just reinstall...then again I haven't got them in a long time

Fortunately it doesn't seem to be a virus as Tony points out!
Tomorrow I am going to move all my files to another drive and then re-format this one and re-install XP!


--------------------
I'd rather have a full Bottle in front of me than a full Frontal Lobotomy!!
Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post Mar 7 2010, 06:52 PM
Post #15


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



QUOTE (Sensible Jones @ Mar 7 2010, 06:45 PM) *
Thanks for that link Tony, that explains what's been going on!!
I can't seem to find any BIOS Updates though. It's not an Athlon, it's a Compaq Deskpro EP/SB, Pent III.
Can't find any relevant info on the HP site either!
...


If it's a Compaq they may not put up a BIOS fix - long time since I have any dealing with Compaq but I kind of remember them preferring people to use authorised techs for things like BIOS updates. Here's the UK website though just in case SJ.


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Lo-Fi Version Time is now: 24th May 2017 - 09:16 AM