your computer is working slowly

Posted on 2008-10-07
Medium Priority
Last Modified: 2012-05-05
Attachment to email was opened (not by me) called bill.zip. SInce then I have been getting popups from the system tray saying various things such as 'your computer is working slowly' and 'Your computer is infected with spyware'. I can't run Smitfraudfix cause it gets hung up trying to clean temporary files because it's been accessed by another process. Malwarebytes anti malware also fails towards the end with windows crash message box send dont send blah blah.
Question by:Paulduberry
  • 5
  • 5
LVL 47

Assisted Solution

rpggamergirl earned 1000 total points
ID: 22659336
Try SDFix, (works only in Safe Mode)

Download SDFix and save it to your desktop.(either one below)

Double click SDFix and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.
*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and attach the "Report.txt" back  
If SDFix also won't complete its run, try Combofix.

Please download ComboFix from either of these links to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. *
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

* The link below is a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.

* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please attach the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.


Expert Comment

ID: 22659530
In order to try to fix this you need to stop the service its using from starting up.
use msconfig to stop everything that you dont recodnise.
then disable system restore.
If you get any pop ups then just leave them alone for now. Dont even close them.
Clicking on these even trying to close it could cause the infection to exicute.
Down load spybot and once its up to date run it.
this should remove the issue you are having.
also run your AV. If youre having probs with your av then download and run AVG free.

Author Comment

ID: 22659567
Ran SDFix. Hasn't fixed the problem. Should I now run ComboFix? Also, the desktop has changed. JPEG and report.txt attached.
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

LVL 47

Expert Comment

ID: 22659934

HKLM\SYSTEM\CurrentControlSet\Services\psyche <-- rootkit scanner found this service

SystemRoot%\System32\psyche.exe <--and this suspicious file, can you submit this for virus check at http://virusscan.jotti.org/

Can you also show us a Hijackthis log please?
Download Hijackthis:

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.

Author Comment

ID: 22660034
HJT log attached. Psyche.exe no longer in system32 folder.
LVL 47

Expert Comment

ID: 22660172

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: getsn32.msiesn - {67FE3EFE-2915-4D08-8AF9-21723C19B0E4} - C:\WINDOWS\system32\getsn32.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Fix the above entries in Hijackthis.

C:\WINDOWS\system32\uesiuqcr.exe <-- delete this file.
If problem persists run Combofix.

Accepted Solution

Paulduberry earned 0 total points
ID: 22660891
Problem persisted. Ran ComboFix in Windows regular mode. Report attached. I'm happy. Another job well done. Thanks for coming to the rescue again.
LVL 47

Expert Comment

ID: 22664682

Thanks for the log.

I see combofix is not running from the desktop, it's recommended to be run from the desktop.

This entry below is still showing in the combofix log;
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,

C:\WINDOWS\system32\psyche.exe <-- this file is still present in the system as showing in the CF Gmer's log.

I'm not sure about that file that's why I asked to have it scanned. The file is hidden so you would've to show hidden files first to see it.
OR, You can just have combofix delete that file and the service.

Run combofix again using this script.

1. Open Notepad.
2. Now copy/paste the text between the lines below into the Notepad window:

3. Save the above as CFScript.txt on your desktop(in the same location as combofix.exe).
4. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

Since your combofix is not running from your desktop, CFScript must also be put where you put combofix.exe for the script to work.



Author Comment

ID: 22676112
I had hidden files showing but still couldn;t find psyche.exe. I saw the entry for C:\WINDOWS\system32\uesiuqcr.exe and removed it from hjt . Not showing up now. I did this before your latest reply. The system has been returned to the user now so I can't do any more work on it easily. I realised afterwards that I ihad executed CombFix from my memory stick. I think everything is all right and again many thanks for your help.

Author Comment

ID: 22685559
I don't know if there is a problem. I want rpggamergirl  to get the 250 points. rpggamergirl, did you get the points or not?
LVL 47

Expert Comment

ID: 22696797
Yes, I got the points thanks. There's always that pending 4-day period (for objections) when you close a question this way.
Now, it's finally closed.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question