My computer runs at 100% some times too. I have a pretty bad virus on my computer and Bugbatter is helping me. Do you have anything like limewire, or AIM downloaded? I have these things and Bugbatter told me to delete them. I hope you get help soon.
You have more than one infection on there and one of them allows others to connect to your computer and steal information -- passwords, etc.
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
The other one that is visible is a very nasty Trojan. We will not know what is hiding until we run more diagnostic scans.
As far as the first one, if this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.
We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.
The Decision Whether to ReFormat or Not should be based on:
* The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
* The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
* Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
* Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
* If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
* Take any other steps you think appropriate for an attempted identity theft.
Thankyou thats what I needed to know. I have a deimension E510 and tried to acess info on returning the computer back to factory condition and couldn't the pages were unavailable but I know that I'm supposed to beable to do this. Do you know how or is that not what you ment when you said reformat. I have backup disks somewhere from last Sept. Im pretty sure that was before the infection, so I'm not worried about lost data. but I'm not sure how to reformat my hard drive. I can get help with that if I want to wait until my daughters friend has some free time. But patience has never been a virtue of mine so any advice is welcome. And also am I safe on the net in safe mode?
I would not rely on being safe online in Safemode with networking. Your log was run in Safemode, yet you still have one bad file in your Running Processes.
Thankyou so very much for your help. I am going to use the system restore now as I found the instruction came with the computer I just had to look. You said the infection was in my registery. Will this fix it? (I know it may be a stupid question but I'm not that computer savy.
Thankyou once again for all your help. I ment that I used the Dell PC Restore that was in a seperate partition. It was as easy as running a virus scan. I have changed all by banking acconts and passwords. I belive that is all I have to do. My computer is back to its original settings and I have installed the McAfee security suite for now. If there are any other steps I should take or programs you recomend I would appreciate the info.
Just make sure your security is running, and everything is cool.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these: 1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
5. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known
vulnerabilities.
7. If you have not already done so, you might want to install
CCleaner and run it in each user's profile:
http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
8. If you use
Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8.1.0 or higher.
It would be best to remove prior versions before updating to a new version.
If you need additional assistance, the Adobe forums are here:
http://www.adobe.com/support/forums/main.html
9.
Make sure you are using the most updated version of Java. The current version is Java Runtime Environment (JRE) 6u4
You can go here to download the latest version of
Java Runtime Environment (JRE) 6.
Scroll down to where it says "
Java Runtime Environment (JRE) 6u4 allows end-users to run Java applications".
Click the link to download the
Windows (Offline Installation) package: Save it, do
not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on
jre-6u3-windows-i586-p.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
10. Practice Safe Surfing with with
TrendProtect by Trendmicro.
TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine.
TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content.
The following color codes are used by TrendProtect to indicate the safety of each site.
Red for Warning Yellow for Use Caution Green for Safe Grey for Unknown
12. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies (Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
LazySrfr85
23 Posts
0
January 12th, 2008 20:00
sweetpennie
5 Posts
0
January 12th, 2008 21:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
January 12th, 2008 23:00
Not such good news.....
You have more than one infection on there and one of them allows others to connect to your computer and steal information -- passwords, etc.
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
More info here:
http://www.sophos.com/security/analyses/trojagentecu.html
The other one that is visible is a very nasty Trojan. We will not know what is hiding until we run more diagnostic scans.
As far as the first one, if this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.
We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.
The Decision Whether to ReFormat or Not should be based on:
* The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
* The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
* Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
* Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
* If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
* Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
sweetpennie
5 Posts
0
January 13th, 2008 01:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
January 13th, 2008 02:00
You can get info on reformatting and Dell PC Restore on the XP Board.
http://www.dellcommunity.com/supportforums/board?board.id=sw_winxp
sweetpennie
5 Posts
0
January 13th, 2008 03:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
January 13th, 2008 05:00
Dell PC Restore (to Factory Condition)
http://www.djdenham.com/New%20user%20questions.htm#PCRestore
sweetpennie
5 Posts
0
January 13th, 2008 19:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
January 13th, 2008 19:00
Just make sure your security is running, and everything is cool.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
2. Consider installing the following free programs:
a. SpywareBlaster: (Not recommended for Vista)
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.
3. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
4. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/
5. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known
vulnerabilities.
6. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.malwarebytes.org/database.php
7. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
8. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8.1.0 or higher.
It would be best to remove prior versions before updating to a new version.
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html
9. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE) 6u4
You can go here to download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says " Java Runtime Environment (JRE) 6u4 allows end-users to run Java applications".
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
10. Practice Safe Surfing with with TrendProtect by Trendmicro.
TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content.
The following color codes are used by TrendProtect to indicate the safety of each site.
Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown
11. Here are some helpful articles:
"So how did I get infected in the first place?"
by TonyKlein
http://computercops.biz/postlite7736-.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
12. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!