help needed! PC slow & infected

Learn about Computer Security Virus/Malware Removal Assistance
21

guys! please tell me excactly what can i do to get out of this malware to healed or to remove because my PC is running slowly

Moderator Edit: Please do NOT post HJT logs; they are simply too long. Instead, upload them as an attachment.

[attachment deleted by admin]

22

Best way for a 100% Clean PC… Reformat I know reformatting sucks but from time to time it will need done…

23

Your HiJackThis log still show signs of Brontok-I. Specifically these two lines:

O4 - HKCU\..\Run: [Tok-Cirrhatus-3939] "C:\Documents and Settings\ramil.bungque\Local Settings\Application Data\br8901on.exe" O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\ramil.bungque\Local Settings\Application Data\smss.exe"

From what I can tell, the forum here can provide basic help, but what you have isn’t a basic kind of problem.

You’ve got these alternatives, in this order:

  • Download and run the Microsoft Malicious Software Removal Tool, which does list itself as removing Brontok malware.
  • A web search turns up removal instructions at trendmicro.com, at their web page Search - Threat Encyclopedia
  • The Trendmicro web page also lists their on-line scanner Housecall as being able to remove Brontok.
  • If those methods don’t work, then I’m going to point you to another malware removal forum for assistance to walk you thru the malware cleanup. I’ll suggest castlecops.com, bleepingcomputer.com, spywareinfo.com, techsupportform.com. Any of the forums listed at the ASAP page http://asap.maddoktor2.com/ can do the job.
  • At worst, goose17 is right, then you zero wipe your disk, format, and reinstall.

Wish I could be more help, but this is outside my skill range.

24

Seems like this one has returned.
For info about it:
http://spywarefiles.prevx.com/RRDDGD036916051/SSVICHOSST.EXE.html

You can try downloading the tool there and see if it’s able to fix the problem.

If you’re able to, install CFP3 with HIPS, or another HIPS. This way you can prevent it from running.
Tho the best thing you can do is to backup all important data to a second HDD/external HDD/USB-drive or CD/DVD and then format.

Cheers,
Ragwing

25
C:\WINDOWS\SSVICHOSST.exe

And that, thru prevx, becomes W32/Sohana-R, Details http://www.sophos.com/security/analyses/w32sohanar.html

Note this from the Sophos description:

W32/Sohana-R includes functionality to - access the internet and communicate with a remote server via HTTP. - download, install and run new software.

With both Brontok and Sohana, I’d say the machine is fully compromised. While you might be able to get it cleaned thru one of the ASAP malware removal forums, I don’t believe that the machine can be trusted again. At this stage of infection, I’d expect there to be a rootkit fully installed.

It’s a judgment call, but I’d suggest what goose17 suggested: make what backups you can, and can verify are not infected, then zero wipe the disk, and reinstall.

26

Thank you guys! i think i need to do the best way…

sorry for the bold letters thing & the Hjt logs…

thank you again guys for all your suggestion…i’ll be back when my pc is reformat ok…cheers :■■■■