help needed! PC slow & infected

suhasmk

Newbie

Offline

Posts: 6

« on: September 29, 2007, 12:28:36 PM »

I find my computer running very slowly. This is happening from just few days.
I regularly update my anti-virus and other similar programs. Whenever i scan my computer, it takes plenty hours to scan just a few files.
I cannot even open task manager and run regedit.

Please help me in this regard...


« Last Edit: November 13, 2007, 08:01:07 AM by Soyabeaner »	Logged

Ragwing

Global Moderator
Comodo's Hero

Offline

Posts: 3199

Re: help needed!

« Reply #1 on: September 29, 2007, 12:42:59 PM »

Greetings,

If you can't open task manager or regedit, it's surely a malware.
Have you installed anything new this week or visited some site you haven't before?
Download HijackThis(http://216.180.233.162/~merijn/programs.php#hijackthis) and run it and save the logfile, then post it here(not the file, copy the text from the logfile instead), to see if there's anything that's suspicious.
Also try Spybot S&D and Lavasoft Ad-aware.

Ragwing


	Logged

Forum Policy
FAQ's

If you should need help or have a question, feel free to PM me.

suhasmk

Newbie

Offline

Posts: 6

Re: help needed!

« Reply #2 on: September 30, 2007, 04:55:03 AM »

I installed certain programs from my pen drive.
I ran spybot and ad-aware. Spybot detected the problem (with task manager) and but didn't get it corrected.

However i have posted the log file. Please see attachment.

Moderator Edit: Please do NOT post HJT logs; they are simply too long. Instead, upload them as an attachment.


« Last Edit: November 13, 2007, 05:17:02 PM by Soyabeaner »	Logged

eXPerience

Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero

Offline

Posts: 2773

Why not ? The choice is yours !

Re: help needed!

« Reply #3 on: September 30, 2007, 05:09:54 AM »

Quote

C:\WINDOWS\system32\SSVICHOSST.exe

This one is a virus called SSVICHOSST.exe is W32/Sohana-R. a think it's a rootkit.
Try A-squared downloadable here : http://www.emsisoft.com/en/software/download/

Try scanning in safe mode with this

please post your advance

Xan


	Logged

OK, we'll see each other outside Angry

. But err... different countries ?

Vista Ultimate 64bit SP1 l Comodo Internet Security l Comodo BoClean

zvaragabor

Comodo Loves me

Offline

Posts: 109

Re: help needed!

« Reply #4 on: September 30, 2007, 05:33:13 AM »

Uhh, suhasmk, your computer is a malware farm.

Tick, then fix these:
C:\WINDOWS\system32\SSVICHOSST.exe
C:\WINDOWS\system32\SSVICHOSST.exe(yes, there are two of this)
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: 203.27.235.25 www. payseal.icicibank.com
O1 - Hosts: 210.210.19.82 www. sifymall.com
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSVICHOSST.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-18\..\RunOnce: [yisouu.dll] Regsvr32.exe /s C:\PROGRA~1\YiSou\yisouu.dll (User 'SYSTEM')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A41D8E-AED2-41C8-B82F-B28467017BBC}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll

Also run a full scan in safe mode with disabled system restore.


« Last Edit: September 30, 2007, 06:00:06 AM by zvaragabor »	Logged

eXPerience

Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero

Offline

Posts: 2773

Why not ? The choice is yours !

Re: help needed!

« Reply #5 on: September 30, 2007, 05:41:32 AM »

Quote

Uhh, suhasmk, your computer is a malware farm.

LOL

Quote

C:\WINDOWS\system32\SSVICHOSST.exe

Yeah, still got one right Wink

Xan


	Logged

OK, we'll see each other outside Angry

. But err... different countries ?

Vista Ultimate 64bit SP1 l Comodo Internet Security l Comodo BoClean

suhasmk

Newbie

Offline

Posts: 6

Re: help needed!

« Reply #6 on: September 30, 2007, 06:23:32 AM »

Thank you zvaragabor. I tried your way. I could not find when i ran hijackthis.
C:\WINDOWS\system32\SSVICHOSST.exe
C:\WINDOWS\system32\SSVICHOSST.exe

However, i can run regedit and task manager.


	Logged

eXPerience

Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero

Offline

Posts: 2773

Why not ? The choice is yours !

Re: help needed!

« Reply #7 on: September 30, 2007, 06:35:03 AM »

Please send another log file so we can see that you're totally secure


	Logged

OK, we'll see each other outside Angry

. But err... different countries ?

Vista Ultimate 64bit SP1 l Comodo Internet Security l Comodo BoClean

suhasmk

Newbie

Offline

Posts: 6

Re: help needed!

« Reply #8 on: September 30, 2007, 08:16:09 AM »

here is my log file. i couldn't remove C:\WINDOWS\system32\SSVICHOSST.exe & C:\WINDOWS\system32\SSVICHOSST.exe
how can i remove that?


« Last Edit: November 13, 2007, 05:10:58 PM by Soyabeaner »	Logged

eXPerience

Malware Researcher Virus Removal Helper Advanced Tweak Freak Crazy Little Devil
Global Moderator
Comodo's Hero

Offline

Posts: 2773

Why not ? The choice is yours !

Re: help needed!

« Reply #9 on: September 30, 2007, 08:38:44 AM »

I can't see no problem any more but I'm not really an expert, still try a scan in safe mode (I hope you now how to do it? If not just say) and scan with avg, adaware, and spybot to be complete sure.

Also a saw 1 thing, it's no longer BoClean 4.24 it's 4.25 now, you should consider updating him

Hope I could help ya
Xan


	Logged

OK, we'll see each other outside Angry

. But err... different countries ?

Vista Ultimate 64bit SP1 l Comodo Internet Security l Comodo BoClean

zvaragabor

Comodo Loves me

Offline

Posts: 109

Re: help needed!

« Reply #10 on: September 30, 2007, 09:17:53 AM »

I cannot see the SSVICHOSST.exe in the new report too.
As alaertsxan mentioned, try a scan in safe mode. I would also recommend a-Squared free to run. It's a good antispy too.
Anyway, which antivirus do you use?


« Last Edit: October 01, 2007, 10:00:43 AM by zvaragabor »	Logged

suhasmk

Newbie

Offline

Posts: 6

Re: help needed!

« Reply #11 on: September 30, 2007, 10:32:02 AM »

I use AVG free-edition anti-virus, Spybot, Ad-aware and Comodo BOClean.


	Logged

suhasmk

Newbie

Offline

Posts: 6

Re: help needed!

« Reply #12 on: October 05, 2007, 10:26:50 AM »

Greetings,
Finally Comodo BOClean came to my rescue. It detected and healed that particular virus. Bounce


	Logged

little mermaid

Newbie

Offline

Posts: 1

Re: help needed!

« Reply #13 on: October 27, 2007, 11:21:20 AM »

I have the same problem

and this is the log file in the next reply

plzzzzzzzzzzz tell me what should I do !!!!!!!!!!!!!? Huh


« Last Edit: November 13, 2007, 05:11:21 PM by Soyabeaner »	Logged

Ragwing

Global Moderator
Comodo's Hero

Offline

Posts: 3199

Re: help needed!

« Reply #14 on: October 27, 2007, 11:40:07 AM »

Quote from: little mermaid on October 27, 2007, 11:21:20 AM

I have the same problem

and this is the log file in the next reply

plzzzzzzzzzzz tell me what should I do !!!!!!!!!!!!!? Huh

If none of the above works, post your own topic in 'Virus/Malware Removal Assistance'.
Include what security products you use, and include a HijackThis log(http://216.180.233.162/~merijn/programs.php#hijackthis).

Ragwing


	Logged

Forum Policy
FAQ's

If you should need help or have a question, feel free to PM me.

Tags: problem in my pc

Pages: [1] 2

« previous next »

Jump to:

SSL

Firewall

Page created in 0.165 seconds with 20 queries.

Design by 7dana.com