We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Vaio laptop spyware/virus/malware

garcia
garcia Posts: 214 Forumite
Hi all,
I have a vaio laptop (actually its my sisters) which has some kind of spyware/virus/malware/trojan infection.

The symptoms are everything is really slow - in particular startup, cursor movement and sound skips on audio.

I've installed all the progs recommended in the security thread - e.g. adaware, spybot, windows defender, ewido, ccleaner. I also have AVG installed. I have run them twice in safe mode.

I've also done 2 online scans.

Between them they've found a bit of malware - e.g. p2pnetwork, bhot_rxtoolbar, common components.

I know for a fact that a few dodgy programs were installed including kazaa and somekind of toolbar thingy.

OK so all thats been removed, and everything is "clear" now but the problem still persists.

One other thing the boot sector & partition table can't be read by AVG for some reason. Is this to do with the fact its a vaio laptop, or have I got somekind of boot infection??

Any help much appreciated.
Garcia.
«134

Comments

  • Lord_Chris
    Lord_Chris Posts: 358 Forumite
    hmm, firstly remove all the crap youve filled that laptop with, chances are one of the programs has removed the trojans/virus or whatever you had, but all those antiviral, antispyware, anti everything software you have will cause more problems than most viruses.

    Remove all the security programs you have, except AVG and if you dont have a router, get a firewall (i'd personally recommend Sygate Firewall)

    then run AVG (make sure you have got the updates)

    You are causing problems, you NEVER run more than 1 of each security program, thats 1 antivirus, 1 firewall and if you really want it (although you dont need it) 1 spyware remover.

    If this doesnt help, just reinstall windows, its very easy and it will sort the problem out unless its a hardware fault. My vaio had a partition before i reinstalled windows but AVG never had any problem with it, again this could be a consequence of your over zelous protection.

    good luck, and remember no matter what you do, your computer will always slow down over time, unless you dont use it. You might also want to try downloading your laptops driver updates (https://www.vaio-link.com)
  • garcia
    garcia Posts: 214 Forumite
    Anyone with a brain? Half a brain? A neuron?
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    I think the AVG bootsector error is a bug, it is a common problem.

    http://forum.grisoft.cz/freeforum/read.php?4,52110,52110#msg-52110
    Ever get the feeling you are wasting your time? :rolleyes:
  • garcia
    garcia Posts: 214 Forumite
    ok thanks albertross - thats the impression I got too.

    Just wish I could find the underlying problem.
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    You could try hijackthis and post the log it creates here:

    http://www.hijackthis.de/

    and click analyse.

    and or, go here, and click full service scan

    http://safety.live.com/site/en-gb/default.htm

    how much ram has the PC got?

    In task manager, is there any process using the processor a lot?

    Also, check for rootkits:

    http://www.sysinternals.com/Utilities/RootkitRevealer.html

    http://www.f-secure.com/blacklight/try.shtml
    Ever get the feeling you are wasting your time? :rolleyes:
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    post the hijackthis log here and I'll take a look straight away :)

    http://www.tomcoyote.org/hjt/

    download + instructions
    Ex forum ambassador

    Long term forum member
  • garcia
    garcia Posts: 214 Forumite
    albertross wrote:
    You could try hijackthis and post the log it creates here:

    Ok thanks very much guys I'll install and then post the hijackthis log.
    how much ram has the PC got?

    In task manager, is there any process using the processor a lot?

    512mb. The first thing I looked for was such a task, but I couldn't find one - it just seems to show idle (even though its running slow).

    Ok, I'll do that after hijackthis
  • albertross_2
    albertross_2 Posts: 8,932 Forumite
    is your hard disk light continually flashing when it goes slow? You can also see in task manager whether it is running out of ram, which causes swapping, hard disk trashing, and resulting slowness..
    Ever get the feeling you are wasting your time? :rolleyes:
  • garcia
    garcia Posts: 214 Forumite
    Logfile of HijackThis v1.99.1
    Scan saved at 14:35:00, on 04/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\USER\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu.asp?l=en&u=m&h=0809
    O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: !!6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: !!9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    this needs to go

    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL


    apart from that it's clean...

    you need to go to windowsupdate and get fully up to date at some point
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245.1K Work, Benefits & Business
  • 600.7K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 258.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.