Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 29th, 2008, 5:26pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   [Fixed:] Help me finding out what is going on.		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: [Fixed:] Help me finding out what is going on.  (Read 1276 times)
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
[Fixed:] Help me finding out what is going on.
« on: Jan 12th, 2006, 5:08am »		 Quote Quote  Modify Modify
Hello,
I wanted to start by saying I didn't really know where to post this topic as I am not sure whether I have probs with trojans, malwares, or just the OS malfunctioning. So I'm trying posting here.
In the past 2 weeks my pc has been hanging for some time while being working with it; I tried all the times thru TASK MANAGER to restart and close some processes but it just hangs there, it doesn't stop any process at all and then I lose my patience and I turn it off manually and even though it doesn't turn off straight away. In the last 4 days when I press RESTART it takes up to 15 mins to turn off and when it does it is very slow. I have tried restoring the system to different dates but the results are the same.
I want to mention that I have Norton Internet Security, Webroot Spysweeper, Trojan Hunter, Spybot S&D and none of them showed any problem at all. So, I don't know what is going on and sorry if this is not the place to post this thread.
Will be online all day to see if anyone helps or suggests something.
Thanks. Huh
« Last Edit: Jan 22nd, 2006, 1:51am by siliconman01 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Help me finding out what is going on.
« Reply #1 on: Jan 12th, 2006, 8:09am »		 Quote Quote  Modify Modify
Sounds like you have a sick 'puter  Wink
 
Let's start with some basic questions:
 
-  What brand and make of computer do you have?
 
-  What Windows OS do you have and is it fully updated per MS Updates?
 
-  What is your exact version of NIS, SpySweeper, TrojanHunter, and SpyBot S&D?  And are their rulesets and definitions the latest?  
 
-  Are you running the SpyBot TeaTimer option?  
 
-  How much RAM memory do you have?
 
-  How much disk space do you have?
 
-  When you look at the Task Manager, what is your %CPU usage typically showing?  
 
-  And finally how would you rate your computer expertise (for the purpose of explaining what/how to do something on this issue  Wink )?  
 
Next, download/install freebie CCleaner from www.ccleaner.com.  Set it up and run it to clean out junk from your system.  I suggest for the cleanings options Windows Tab that you checkmark all options under Internet Explorer, Windows Explorer and System.  On the Applications Tab, check mark those that apply.  
 
After the cleaning is complete, go to START-RUN and type in   chkdsk /f /r    (be sure there is a space before each /).   Click on Ok to run chkdsk.  When the CMD window opens, confirm Y that you want to run chkdsk on the next reboot and then close the CMD window.  Reboot.  CHKDSK should run and check/fix any errors on your disk...if possible.  It will take some time to run this depending on the size of your hard drive.
 
Then Defrag your system.
 
Please post back with results and answers.   Cheesy
« Last Edit: Jan 12th, 2006, 8:14am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Help me finding out what is going on.
« Reply #2 on: Jan 12th, 2006, 9:35am »		 Quote Quote  Modify Modify
Thanks Siliconman.
My pc is a SONY VAIO PCV-RX203 from 2002, running Windows XP Home, up-to-date with all MS updates, including last Tuesday's and SP2.
My version of NIS is 2005 (Ver. 8.0.5.14); my Spysweeper is ver. 4.5.8 (Build 683) (latest); TH is ver 4.2.(Build 90Cool; my Spybot is ver. 1.4. ALL of them are updated with the latest definitions.
My TeaTimer is OFF because it used to pop up with any single change. ( I know I'm wrong about this)
My RAM is 1024 G. Disk space is 120 GB divided into 2 hardrives of 60 Gb each. The first and main one is almost full, with 2.6 GB free only.
My Task Manager shows a CPu usage of 5 up to 30 % when I use certain progs. I forgot to mention also that gradually the Yahoo Chat Clients I use have been hanging too, unable to go connect me to the rooms since the last updates in all of them (Ymlite, Yahelite, Yazak); they all show as an active process in Task Manager and refuse to close when I tried to kill them.
I think my expertise is average; understand quite a bit but I'm not an expert I would say.
After posting this I will follow your instructions with the Cleaner and fix and defrag and will check your next reply.
Thanks
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Help me finding out what is going on.
« Reply #3 on: Jan 12th, 2006, 10:55am »		 Quote Quote  Modify Modify
Thanks for your answers.  They are most helpful in understanding what is on your system.
 
On the surface, your characterized problem(s) could be a number of possible issues.  So I will put forth some items to try:
 
Quote:
I forgot to mention also that gradually the Yahoo Chat Clients I use have been hanging too, unable to go connect me to the rooms since the last updates in all of them (Ymlite, Yahelite, Yazak); they all show as an active process in Task Manager and refuse to close when I tried to kill them.

 
This sounds characteristic of these programs trying to make a connection to the Internet but not being able to connect because they are being blocked.  Often, when a program is going through the connection procedures, it does not have adequate error return and as such just sits there trying and trying to connect.  XP cannot crack in and close the process with directed to do so.  This could also be causing your slow boot up because they may be trying to access the Internet during the boot up process.  
 
-  In NIS, go to Personal Firewalls-Configure-Programs tab.  Scan down through the list of programs and REMOVE any program that you have upgraded or added in the past 3-4 weeks.  You may find the programs in this list multiple times.  Remove them all.  When you get them removed, close NIS.  
 
Reboot.
 
Then when you get the NIS alert that they are trying to access the Internet, select "Always Allow"  
 
NOTE:  What type of Internet connection do you have...dial-up, cable, DSL?
 
Do you have Windows Firewall turned off?  You should not run it with the NIS 2005 firewall active.  Potential conflicts can occur.
 
The next issue that concerns me is the "almost full" C drive.  It is best to always have about 15% free space so that Windows has space to do whatever it needs to do.  Do you have some large storage folders that can be moved out on to the second drive to free up space?  You may not be able to even Defrag the C:\ drive with only 2.6 gbytes free.  
 
Have you restricted the amount of Virtual Memory that XP can use?  START-SETTINGS-CONTROL PANEL-SYSTEM-ADVANCED tab-PERFORMANCE-SETTINGS-Virtual Memory.  If so, how much do you have it set for?  
 
Have you upgraded to the latest JAVA security update 1.5.0.06?  Spy Sweeper has a problem with this version of Java. If you have upgraded to this version of JAVA, you can do one of the following to temporarily overcome this conflict.
 
1.  Turn off the ActiveX shield in SpySweeper.  
 
2.  Disable the 2 JAVA BHOs in Internet Explorer.  
-  START-SETTINGS-CONTROL PANEL-INTERNET OPTIONS-PROGRAMS tab-MANAGE ADD-ONS.  Select "Add-ons currently loaded in Internet Explorer".  Disable the 2 JAVA BHOs.
 
You only need to do one of the above options (1 or 2).
 
Please try this as a trouble shooting step:
 
Test 1:
 
-  For security reasons, be sure you are disconnected from the Internet.
 
-  Go to START-RUN and type in   msconfig
 
-  On the STARTUP tab, uncheck all the startup programs.
 
-  Click on Apply and Ok
 
-  Reboot your computer.
 
Does it boot up okay...and promptly?  
 
If so, go back to msconfig and add in one program to startup  and reboot....repeating this for each program in your list of startup programs.  This may tell you which program is causing the boot up to bog down.  
 
I'll stop here until your next post describing anything you have discovered or encountered thus far.  Wink
 
 
 
 
 
 
 
 
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Help me finding out what is going on.
« Reply #4 on: Jan 12th, 2006, 11:05am »		 Quote Quote  Modify Modify
I'm also a bit nervous about using System Restore to try to get back to a good operating state.  Not nervous about System Restore itself, but the fact that it can cause you to end up with multiple versions of programs on your C drive.  
 
For example, if you did a System Restore back far enough to pick up the previous version of SpySweeper, you will have two versions of Spy Sweeper on your C drive.  You can detect this type of problem by using Windows Explorer and view the list of folders under C:\Program Files.  You may find folders that have (2) or (3) after them.  Example: a folder named Spy Sweeper and folder named Spy Sweeper(2)
 
This will also occur with individual files.  You will find identically named files with (2) or (3)...depending on how many System Restores you did where different VERSIONS of files were in Restore points.  
 
You may wish to check this.  Using Windows Explorer, scan your C drive for (2) and see if muliple versions of files exist.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Help me finding out what is going on.
« Reply #5 on: Jan 12th, 2006, 12:15pm »		 Quote Quote  Modify Modify
Ok, I'm back after a CHKDSK of 1 1/2 hours! I have to say I got scared when CCleaner showed me the things to delete (250 MB) but even more scared in the ISSUES section which I didn't press to fix but there was a mess there. But I dont really know how to do it and it's better to be careful with registry issues.
So, after that CHKDSK the pc restarted with the same delay (about 2 1/2 mins or maybe longer to load everything up; but I haven't done the defrag after reading your last post.
I have some big folders (i.e. Games and downloaded maps, etc). Do you think I should move them to the other drive in order to free up space? Will that affect the way it opens or any ERROR messages when executing them from the desktop shortcuts? I need to know that.
About the programs trying to go online, I had already checked NIS and I had deleted them from the list and when restarting and reinstalling the programs (chat clients) they would just open and say "Trying to authenticate" or log in chat rooms and nothing would happen; nor NIS would show the usual warning of a program trying to access the web. So that is  funny to happen. ANother thing I noticed is that even after uninstalled, removed all the folders, restarting the pc and reinstalling them, they would open with the same settings they previousy had. I thing it may be a registry issue there and to be honest I have no clue or am too scared to fix that. Unless someone guides me lol!
So, those programs would hang there in forever.  
I want to mention again (as in my first post) that the shut down process was taking too long, long minutes. 2 days ago it was more than 10 mins and had to finally shut the pc manually.
I have ADSL at 2 mbps. My Windows Firewall is off and there is no conflict with NIS Firewall. The Virtual Memory is set to 768 MB. Do you think it should be more than that? My JAVA update version is 1.04 as it shows in the Remove Programs list of Control Panel. I also see a couple of programs like KAzaaLite Resurrection still there and that aparantly were deleted or badly uninstalled and refuse to go when I tried to do so. That's why I was saying earlierr that I may have serious problems in my registry and got scared with the results in the ISSUES section of CCleaner.
I haven't noticed then any conflicts with Spysweeper regarding JAVA. Also, I just checked the Add-ons in the tab of Internet Options and it shows only a SUN JAVA CONSOLE browser extension but not 2 JAVA BHOs.
I wanted to ask if there is a problem having TeaTimer Option off.
Regarding the repeated folders due to restore operations, I found none. They are all the same as before.
I will be waiting for your next reply to know what to do to free up space in the hard drive.
Thanks.
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Help me finding out what is going on.
« Reply #6 on: Jan 12th, 2006, 2:43pm »		 Quote Quote  Modify Modify
Please read my message in your Private Messages of this forum.  I think it is best to continue working on this via private email instead of on the forum.   Wink
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Help me finding out what is going on.
« Reply #7 on: Jan 22nd, 2006, 1:49am »		 Quote Quote  Modify Modify
This problem fixed as of 18-Jan-06
 
Bad Hosts File  (127.0.0.1   localhost  missing)
Damaged installation of NIS 2005
Only 3% free space on main drive
2 minor adwares found
Cleaned registry
Cleaned off unneeded temp, etc. files
Moved numerous files off main C drive
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register