What is this malware?

December 12, 2009

I don’t know why or if this got deleted before, but here it is again:

I had a user who had some type of malware, but I don’t know what it is. Now I have it on my portable drive (after using it to back up her data) and I got it on my PC after trying to run SAV on the portable. (I had to reimage both PCs to get trid of it.) But I need to clean the portable drive before I use it again.

I have run SAV, SpybotS&D, Malwarebytes, but nothing can even detect whatever this is.
The symptoms are:
User cannot open local HD. Error message is: Cannot find RECYCLER\S-8-8-24-100026533-100007783-100027606-8409.com c:\

The malware puts a false AUTORUN entry in the context (rigth click) menu. I have found this in the registry: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-8-24-100026533-100007783-100027606-8409.com C:\
Also it change the DNS entries from DHCP to 83.255.112.67 and 85.255.112.170

There was also a process running (even in safe mode) called system the was constantly using 50% of the proc time.

The user could not open or run any apps or do a proper shut down.

I could not install Hijackthis and it probably would not have been able to run anyway due to the erratic operation of the system.

Also the OS was XP Pro SP2.

Any ideas what this is or how to get rid of it without formatting the drive?

Thanks.

P.S. I forgot to say that it was also periotically trying to read the floppy drive with no disk in it.

What is wrong with my PC? **PC expert needed**?

November 26, 2009

My PC has recently sprung a new problem on me that I can’t solve. I am by no means a noob but this has got me baffled!

I am using Windows Vista with Intel Core 2 Quad CPU

The problem is that my PC will turn it’s self off for no apparent reason… I can be doing my normal work at my PC and it just goes off, no "Windows is Shutting Down" message no logging off message, nothing, just turns it’s self off.

If I try to turn it back on it wont boot up, I need to wait a few minutes before I can turn it back on (this suggests to me that my PC turned off as a precaution as my processor was over heating but I don’t know to be honest)

It started to happen more often so I ran Windows task manager to see what could be pushing my CPU so hard… nothing obvious there but all 4 cores were running at 100% when my PC turned it’s self off again so I’m pretty sure my PC is turning off because of it but I don’t know what is causing my CPU to run at 100%

I’m running a lot of programs at the same time I must admit but this was never a problem for my PC (at most it would use 80% total CPU for the same amount of open applications and that really is at the very most!)

Needless to say I have ran a virus scan and nothing come up (NOD32 anti virus)

I have also used CCleaner… Run Reg Cure and Registry Cleaner, Tune Up Utilities 2009 and Malwarebytes’ Anti-Malware… none of them helped even a small bit.

Stupidly I deleted my restore point that was created before this problem started so thats not an option.

I appreciate any help as always.

registry scanners, anyone know of free fully functional ones? Also I have another question again.?

November 26, 2009

First Question:
Where to download a free "FULLY FUNCTIONAL" registry scanner and cleaner that will fix the problems. Not just tell you you have problems and offer to fix 2…

Second Issue:
When I open a new browser window, open a link, double click, or after a few minutes my browser will pull up an advertising browser window.
I have tried Avast, AVG, Malwarebytes, and I’ve just downloaded SpyDllRemover (I ran it but honestly I’m lost as to what to do with that). I also erased all the cookies in hp admin where most of of the spyware on my computer seems to be focused. Anyways none of them have stopped the ‘root kit?’ or whatever it is.

Here is an example of the link it opens
http://lightseek.biz/
It pulls up others as well

I haven’t noticed it doing anything, but then again I don’t want it using my computer for things I can’t see.

Second Question:
Does anyone know what it is? If you do, do you know of a way to get rid of it with freeware? I’ve already asked once and downloaded malwarebytes, and while I like malwarebytes, it didn’t resolve my original issue.

If you need additional details please just ask.
Pop Up blocker has been active for as long as I’ve had this computer and on my previous computer
CC didn’t work, matter of fact it made it worse. Thanks for the answers but I’ll just bug my computer geek friends.

My computer is freezing when windows update tries to install updates, how do I fix this?

October 23, 2009

So yea, I did the registry cleaner thing, antivirus scan, and malwarebytes scan, and my computer was rnning great again. However, maybe after a minute or 2, windows tells me that it cannot install anyupdates and click here to solve the problem. At that very moment when i get that message, my whole computer starts to freeze up again. And I know its not a virus or malware. What could be the problem? Should I Just completely turn off windows updates? Best answer for 10 points.

SVCHOST.EXE QUESTION?

October 13, 2009

Hi there.
This is a serious question for programmers and other interested parties.

Recently I experienced a general slowing down of my machine. I use Norton 360 V3 But I realized that this program was not finding the malware in the registry.

After some investigation, I realized that I needed some extra help.
I downloaded Malwarebytes ; CCleaner and I already had a StormSoft Registry Cleaner. Well, the Stomsoft registry cleaner world not run,and I guess this was because whatever malware was still in the machine was fighting this program to load (and still won’t run).

I installed and ram Malwarebytes three or four times and ws pleased with this program’s abilities. Well done Malwarebytes. Then I ran CCleaner a few times, and this also seemed to work quite well, too.

Now my question is this… I know that svchost.exe is supposed to be in C:\Windows\system32\svchost.exe (01/19/2008) attribute ‘a’
But I have also discovered it in …..
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3865ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe ***(DATED 05/29/2008) Attribute ‘a’ ***

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3865ad364e35_6.0.6000.18000_none_b5bb59a1054dbde5\svchost.exe ***(DATED 11/02/2006) Attribute ‘a’ ***

Apart from the dates, the only other difference is 6000. rather than 6001 as with the later one above this.

Should this be here? Should I delete these two files and what do they do?

Any help in understanding this issue would be most appreciated.
Victor
I am weary of downloading SpiceWorks . Mainly because so many free (let’s fix your PC programs) downloads actually put malware unto your computer. Your thoughts would be helpful.