Remaining Unknown Virus

[Jeh0]

The virus has been going on for at least a couple months. It is my parents computer and they aren't sure when it first began. It takes at least five minutes for a simple click to get a response. Extremely slow! High CPU and memory usage even when nothing is actually being done by the user. It seems similar to COM Surrogate, which I had on my machine, but I am not seeing the replication in the task manager. I have run McAfee scan, SuperAntiSpyware, and Malwarebytes, all of which found Numerous viruses and spyware, however the symptoms remain. When I checked Microsoft updates, some did update, however the service pack 1 will not install. It seems that it has been this way for some time while still being used. That may explain the numerous viruses. I have tried to install it but it continues to fail. I tried installing the System Update Readiness Tool as recommended on Microsoft support web site, but still won't install.
I think the fact that the service pack won't install is just a coincident factor. The slowness seems to be due to a virus that I have not been able to get rid of with the usual virus cleaners. I can't even continue to work on the service pack install due to the slowness. One click taking 5 to 10 minutes for a response is not allowing continued work on the machine. Any help greatly appreciated!

 

[argus]

Helllo,

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

You need to exit MalwareBytes in your tray area. Right click and select Exit.


Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Jeh0]

Thanks for the quick response. I am working on it, but given the extreme lag time and slowness, this may take a bit.

 

[Jeh0]

There was malware detected. Here are the logs.

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Jeh0]

When I first logged on today, error messages came up. One was a "Run DLL" and it was under the Users directory at Appdata\Local\fcriruf.dll and then several additional "RegSvr32" windows that I started to click ok and close until I realized they were different modules that could not be found, one of them being under \Program Data\LepyiGtilh\LepyiGtilh.dat.
Then once I got the "Fix" running, it was very slow and it appeared a McAfee scan was running but I could not stop it even using the cancel button. So I let it go but it took around 4 hours to run. I have attached the log. Thanks.

 

[argus]

Tell me is everything okay.

 

[Jeh0]

It is still very slow. For example, I have to choose "wait" several times when using Chrome browser because it keeps on being non-responsive. I also got the attached message (WinCloseProb.png) from in the PC Issues flag in the tray. I also tried all recommended methods to get the Windows7 service pack 1 to install and keep getting the other attached message (InstallNot.png). The only thing that seems to be possible is that it says it will fail if there is a virus in system. I think there might still be a virus or remnant of some sort. Thanks for any additional help.

 

[argus]

You have a hardware problem likely, sorry.

 

[Jeh0]

I ran Malwarebytes again today and there were two Trojan type viruses. Do you think these are new or could they be remnants? They were in the Temp directory. What indicates a possible hardware issue to you? Thanks.

 

[argus]

How is the situation now?


Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.