[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Vista machine virus infection

Posted on 2013-12-11
15
Medium Priority
?
235 Views
Last Modified: 2013-12-16
On a HP running Vista can not get the processor to run at less then 100% most of the time.

I have cleaned with JRT, ADWCleaner, Combofix 2 times.  Have removed significant amounts of malware and rootkits.  But it still runs at 75 to 100% when idle. Removed several unused/junk programs.

Have used Process Explorer to try to isolate the problem, but no clues there.

This does have an old copy of CA antivirus that I can not get uninstalled.  I want to run a new av but want to uninstall CA first.

Two problems:  processor running 100% of time and removing CA.
0
Comment
Question by:DwEckert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +4
15 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39711004
Can you please:

a. Run Malwarebytes Antimalware (www.mbam.org)
b. Remove any unwanted toolbars / software on the system please.
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39711070
Use the CA Antivirus – Step-by-Step Removal Guide:

http://maxuninstaller.com/howtouninstallguides/how-to-uninstall-ca-antivirus/
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39711247
Hello DwEckert,

Could you please post the last Combofix logs from the C:\ drive?

It seems there are some infection which need manual removal.

Sudeep
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39711366
You could follow the steps in my article which usually cleans up most infections

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html
0
 

Author Comment

by:DwEckert
ID: 39711850
Sudeep

I have run Combofix 2 times.  The first had a large number of files removed. The second, not so many.  The second Combofix took about 4 hours.  I'm posting both.
combofix.txt
0
 

Author Comment

by:DwEckert
ID: 39711863
ihasham

I've installed Malwarebytes hundreds of times.  This time it installed OK but would not start.  I deleted and reinstalled and no start.  I ran RKill first and tried Malwarebytes in Safe Mode and still would not start.  Any suggestions?

Dan
0
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39713487
If MalwareBytes is not working, use the worse one, HiJackThis! which should allow you to clear whatever you want... Use it with caution!
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39713825
Your last Combofix logs suggests that you are still infected. So here is what you need to do.

Scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
LVL 93

Accepted Solution

by:
nobus earned 2000 total points
ID: 39713920
with such an infection - it is best to backup, and do a fresh install
it will save you time in the end!
0
 

Author Comment

by:DwEckert
ID: 39713996
nobus

None of the tools was doing any good and had not had a response for 24 hours from EE so I went ahead and started the HP fresh install.

Will let you know if that fixes the problem.

Dan
0
 
LVL 93

Expert Comment

by:nobus
ID: 39714315
i suppose you deleted the partition(s) before reinstalling?  then it will eliminate all problems
0
 
LVL 62

Expert Comment

by:gheist
ID: 39720331
Theoretically HP recovery partition is a disk partition that can be infected by malware...
Check right after while service pack is spinning...
0
 

Author Closing Comment

by:DwEckert
ID: 39720340
None of the malware cleaning tools was making much of a difference.  Your "fresh install" suggestion was the final step I was trying to avoid, but it cleared the problems.  The only problem was the extensive updating to get current.  Couldn't talk him into a new one. I gave that old Vista a new life.
0
 
LVL 93

Expert Comment

by:nobus
ID: 39720904
i suggest  making an image, after the pc is up to date; that way you can restore it much faster.
you can use the free Paragon B&R : http://www.paragon-software.com/free/
0
 
LVL 62

Expert Comment

by:gheist
ID: 39722340
install emet from microsoft in addition to common security tools. it clears blush from vistas face...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question