I'm not sure if its configuration or infection

[canamalar]

Hi,
I've had problems with my laptop for as long as I have had it, it was an ex-display model. Sony VGN-TZ-21WN, if that makes any difference.
It seems to have a mind of its own, some days its as fast as a SSD and runs great, others its as though someone swithed it to frustration mode, it slows right down and hangs and chrashes constantly.
Over the year I've had various "computer savy" people look at it and in the main they have helped, but it seem only for a short while then its like the frustration switch it thrown again.
Currently the problem is CPU usage shoots up to 100% and stays there, and the laptop becomes a heater.
help please.

 

[canamalar]

Hi,
I've had problems with my laptop for as long as I have had it, it was an ex-display model. Sony VGN-TZ-21WN, if that makes any difference.
It seems to have a mind of its own, some days its as fast as a SSD and runs great, others its as though someone swithed it to frustration mode, it slows right down and hangs and chrashes constantly.
Over the year I've had various "computer savy" people look at it and in the main they have helped, but it seem only for a short while then its like the frustration switch it thrown again.
Currently the problem is CPU usage shoots up to 100% and stays there, and the laptop becomes a heater.
help please.
Ooops sorry I missed the other files

 

[Fiery]

Hi and welcome to MalwareTips!

You have some adware on your PC, let's get rid of that first.

Please uninstall the following by going to Start > Control Panel > uninstall a program.

vShare


Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=201112_1849_4712_4&babsrc=SP_ss&mntrId=00be2c1d000000000000001b77bee5b2
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\Users\sony\AppData\Local\j638u7q3443b5j
[2011/04/04 02:17:07 | 000,011,730 | -HS- | C] () -- C:\ProgramData\j638u7q3443b5j
[2012/11/24 16:40:40 | 000,000,000 | ---D | M] -- C:\Users\sony\AppData\Roaming\Babylon

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

[/color]

 

[canamalar]

Hi,
How long does "run fix" take ?
It appeared to start, dialog in bottom frame said "do not interrupt" then disappeared with icons and laptop task bar, laptop appeare to be hanging, could fry an egg on it

 

[Fiery]

Try the OTL fix in safemode

Start your computer in Safe Mode with Networking.

• Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
  [*]<>Tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
  [*]On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.

<br>
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>

 

[canamalar]

I could have bet the morgage on what was giong to happen as soon as I posted )
system burst into life, rebooted and the result is attached, spoke too soon again, the OTL.Txt is 1.69M, too big, any ideas
I will atttch the extras file

I will now run the AdwCleaner and post the results.

I have noticed desktop files only visible in the attachment browser

Try the OTL fix in safemode

Start your computer in Safe Mode with Networking.

• Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
  [*]<>Tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
  [*]On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.

<br>
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>

 

[Fiery]

That is an usual size for an OTL log.

Paste the content here: http://pastebin.com/

and send me the link to the post.

 

[canamalar]

Currently running the adwcleaner on laptop
I have noticed the windows security centre has opened twice since the reboot telling me to start the malware protection, I did the first time but its back asking mt to do it again.
The laptop has started hanging and responding very slowly.

 

[canamalar]

Should I run the rogue killer before Connecting the laptop back online ?

 

[Fiery]

Should I run the rogue killer before Connecting the laptop back online ?

It doesn't matter a lot, but run it before you connect back online.

Regarding your laptop heating.. make sure the fan is not dirty. It collects dust over time which can block circulation. You can use a vaccum to gently suck the dust out.

Also, do you have compressed air cans? Those can be a temporary fix until there is a permanent solution.

 

[canamalar]

Hi,
I'm having problems copypasting the OTL onto thepastebin, I'm not sure if it worked
http://pastebin.com/
The rest I will attache here
there were two reports generated by the rogue killer.

Should I run the rogue killer before Connecting the laptop back online ?

It doesn't matter a lot, but run it before you connect back online.

Regarding your laptop heating.. make sure the fan is not dirty. It collects dust over time which can block circulation. You can use a vaccum to gently suck the dust out.

Also, do you have compressed air cans? Those can be a temporary fix until there is a permanent solution.

 

[canamalar]

Just to let you know the laptop is wizzing like a dream, even the internet connection has improved greatly, I understand we may not be finished but at last there is a sense of progress.

I hava noticed there are still a lot of files only on my desk top only visible when I use the attachment browser, I was going to attach one for your perusal but they dont attach their names are
hs_err_pid280
hs_err_pid4032
hs_err_pid6808
hs_err_pid7600
hs_err_pid8088
temp.res

there is also an old file of mine I wondered what happened to.

So far this has been the most satisfying computer experience I can remember
Thank you for your time and patience

Hi,
I'm having problems copypasting the OTL onto thepastebin, I'm not sure if it worked
http://pastebin.com/
The rest I will attache here
there were two reports generated by the rogue killer.

Should I run the rogue killer before Connecting the laptop back online ?

It doesn't matter a lot, but run it before you connect back online.

Regarding your laptop heating.. make sure the fan is not dirty. It collects dust over time which can block circulation. You can use a vaccum to gently suck the dust out.

Also, do you have compressed air cans? Those can be a temporary fix until there is a permanent solution.

 

[canamalar]

Hi again, I managed to get the OTL file onto pastebin
labeled it Canamalar OTL2

not sure if the link is correct though.
http://pastebin.com/index.php?e=1

 

[Fiery]

Hi,

Good to hear we are making progress!

Upload a File to Virustotal
Please visit Virustotal

• Click the Choose File... button
• Select hs_err_pid8088
• Click the Open button
• Click the Scan It button
• Copy and paste the results back here please.

Also do the same for temp.res. Copy and paste the results page's URL back here.

And hmm, the pastebin doesn't seem to work.

Can you still fry an egg on your laptop?

 

[canamalar]

maybe not, telling me my attatchment is too big

 

[canamalar]

everything is going well and the laptop doesnt burn to touch now, thanks )

 

[Fiery]

Good

Let me know the virustotal results

 

[canamalar]

found the page, will post in an min

 

[canamalar]

This sample has been flagged by Hispasec feed bank as a banking trojan, i.e. a trojan that steals banking information in order to perform unauthorized wire transfers to attacker accounts.

Lab family name: Zeus
This trojan steals credentials from at least 17 financial/banking entities or organizations.

Family summary:
Zeus is a trojan threat designed to steal data from victim’s system. It is most widely known for stealing financial account information e.g. online banking login details and account data. Once the infected binary file is installed to a machine, it connects to a command and control server, and also monitors for internet activity and uploads stolen data.

#malware #banker #Zeus

http://www.hispasec.com

Good

Let me know the virustotal results

 

[canamalar]

The same applies to the temp file

This sample has been flagged by Hispasec feed bank as a banking trojan, i.e. a trojan that steals banking information in order to perform unauthorized wire transfers to attacker accounts.

Lab family name: Zeus
This trojan steals credentials from at least 17 financial/banking entities or organizations.

Family summary:
Zeus is a trojan threat designed to steal data from victim’s system. It is most widely known for stealing financial account information e.g. online banking login details and account data. Once the infected binary file is installed to a machine, it connects to a command and control server, and also monitors for internet activity and uploads stolen data.

#malware #banker #Zeus

http://www.hispasec.com

Good

Let me know the virustotal results