Solved

Virus or otherwise

Posted on 2014-12-23
12
132 Views
Last Modified: 2015-01-01
I'm a computer guy and have come across a second occurrence of this problem.

The computer is very sluggish in responding.

The %temp% folders fills with hundreds of 3 and 4 character folders... takes hours and hours to delete them all.  The computer also starts creating fla*.tmp files as well.   If you remove the computer from the network the folder creation stops.  If you then reboot into safe mode with networking and join a network you can browse without issue.  If you simply reboot the computer, without removing it from a network, the process WILL continue in safe mode.

This is a Windows 7 computer.

Process Explorer doesn't really help a lot since things are bouncing around so much.  DVDUPGRD.EXE seems pretty active.  Searching for DVDUPGRD.EXE on the computer yields 3 files with a creation year of 2009.

The first occurrence of this, back in early Nov of 2014, resulted in wiping the drive and starting over.

Any thoughts?
0
Comment
Question by:classnet
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 17

Expert Comment

by:pjam
Comment Utility
I believe dvdupgrd.exe is not a concern as it is a Microsoft file.
I would start by opening a elevated CMD window, and running SFC /scannow
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
Scan the system with malwarebytes (don't use safe mode for this) and allow it to remove whatever nasties it finds.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
Scan with:
tdsskiller
Malwarebytes
HitManPro
RogueKiller
ESET Online Scanner
Remove everything they find if given a choice.
0
 

Author Comment

by:classnet
Comment Utility
I had already tried tdskiller, MWB, HitMan...

I will remove the drive, attach to a computer with NOD32 and try that next.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
The other possibility I suppose, although I've never seen what you describe, is some hardware problem.
I have found that very slow systems can get that way with a failing hard drive that checks out fine - well, except for the data transfer rate.  So you have to use a transfer rate test program to see that.

70kbps is more or less normal and 2kbps is NOT.  
I had one system that took 45 minutes to boot!  Replacing the hard drive fixed it.  It took a weekend to clone it!

Just a thought.
0
 

Author Comment

by:classnet
Comment Utility
NOD32 came up empty.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 87

Expert Comment

by:rindi
Comment Utility
Have you used msconfig to disable autostart stuff that does something on the LAN which you don't really need?
0
 

Author Comment

by:classnet
Comment Utility
Yes... only running MS services.
0
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
This sounds a lot like an old bug in Symantec End Point Security.  You didn't say which security programs are running.
0
 

Author Comment

by:classnet
Comment Utility
Eset's NOD32 is the installed AV.
0
 

Accepted Solution

by:
classnet earned 0 total points
Comment Utility
Figured it out... it was the PowerLik virus.
I used this to get rid of it.
0
 

Author Closing Comment

by:classnet
Comment Utility
Figured out myself.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now