1. Yes, it's a whole new look! Have questions or need help? Please post your question in the New Forum Questions thread Click the X to the right to dismiss this notice
    Dismiss Notice
  2. Seeing tons of unread posts after the upgrade? See this thread for help. Click the X to the right to dismiss this notice
    Dismiss Notice

Virus? Tojan? Worm?

Discussion in 'Community Broadband & Computers' started by Kaosdad, Apr 27, 2008.

  1. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    This one has me a bit stumped.

    Brassy's laptop started acting really funky - wireless connectivity never got above 20 bps, IE took 2 - 3 minutes to load the start page, e-mail was agonizingly slow. Mind you - we are running Avast, Microsoft Defender & SpyBot S&D - it's not like we run around the webbernets naked.

    I looked at msconfig - startup and sure enough the laptop had the obligatory, mysterious blank line entry. OK, uncheck that. However, there was also a startup file C:\windows\system32\Mommabear.exe (Mommabear is the name of Brassy's laptop). I thought that maybe it was an Alienware thing as it had an associated .ini & .tmp files and was making no effort to hide. The .ini file looks like this:

    Jgcfgp83,22]7-07-0225"008080:
    QTP"CFF8@CVACTG
    QTP"RPMV83~064~2~~6~3~
    QCTG"RPMV383
    QCTG"NMA38
    PGCF"RPMV81
    PGCF"NMA8U8^Nmeq
    QCTG"KLVT812
    WRNMCF"KLVT842
    AMLVGLV841
    LKAILCOG8Omooc`gcp
    DKNGLCOG8Omooc`gcp
    NKLILCOG8Omooc`gcp
    AIG[877:2G477D3D;0D6:;A@G05144@GC04@C564F3@2C
    805:32

    The only thing that turned up interesting in Google Search was that QTP seems to be a program by HP called "Quick Test Pro" which appears to aid in regression testing.

    Anyway - removal of that start up line and movign the files off to a safe place returned Brassy's laptop to normal finctionality. Anyone else ever see this and do you Smart Guys have any idea what this thing was?
     
  2. Pc Gamer 2006

    Pc Gamer 2006 New Member

    Joined:
    May 31, 2006
    Messages:
    97
    Likes Received:
    0
    aw man that sucks

    theres some stuff out there to scan running stuff but i dunno.
     
  3. boomertsfx

    boomertsfx Booyakasha!

    Joined:
    Feb 14, 2002
    Messages:
    2,260
    Likes Received:
    34
    firewall never came up asking to connect to the internet for that program? Seems fishy..... I would "nuke & pave" because you never know how it got on there to begin with... :( Perhaps it was a spam bot type thing, or it could be the government spying on you. You should also cover your house in alum foil to prevent that 8)
     
  4. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    You are, of course, assuming that it's NOT already covered in foil? I just put it on the underside of the roof!

    Because of the gamers in the house I allow all protocols out, but only HTTP, HTTPS, POP & SMTP in. I'm just amazed that three separate programs didn't find it! I dread doing a nuke & pave - but if the things starts going wnky again, I'll have to.
     
  5. Mr. Linux

    Mr. Linux Senior Member & Moderator Forum Staff

    Joined:
    Jul 26, 2001
    Messages:
    3,277
    Likes Received:
    69
    If you still have the EXE, please zip it up and email it to me for analysis. I'll PM you my email address to send it to...
     
  6. Brassy

    Brassy Hiyah

    Joined:
    May 25, 2004
    Messages:
    1,524
    Likes Received:
    0
    WOW, all this concern over my little powerhouse machine:) Thanks guys! I hate to be dis-connected, and yes, I still write letters the old way and keep a desk calendar...
     
  7. boomertsfx

    boomertsfx Booyakasha!

    Joined:
    Feb 14, 2002
    Messages:
    2,260
    Likes Received:
    34
    Wait, a woman was driving..?!
     
  8. tiff78

    tiff78 Broadlands Resident

    Joined:
    Oct 10, 2006
    Messages:
    260
    Likes Received:
    0
    oooook, what are you trying to say boomer?

    seriously, i didn't get that joke, and dont make a comment about i didnt get it because i'm a woman either... :) would you want your daughter to be made fun of?
     
  9. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    Wow - I've never actually witnessed some tap dancing on a land mine.




    I'll be over there ->
     
  10. krmckee

    krmckee Member

    Joined:
    Feb 9, 2006
    Messages:
    497
    Likes Received:
    6
    What is nuke and pave? My computer has been acting funky lately too. We run Norton Internet Security every week and all seems OK. My Outlook has been experiencing a lot of errors and shutting down lately, when browsing some websites freeze and stop responding, at times email start up and web surfing becomes painfully slow. I wouldn't know where to begin looking for mysterious files but any tips are greatly appreciated. Help!?
     
  11. Kaosdad

    Kaosdad Will work for Rum

    Joined:
    Sep 21, 2005
    Messages:
    2,557
    Likes Received:
    4
    OK - "nuke & pave" means - wipe the hard drive & re-install everything from the OS on up.

    What you are rescribing is not (necessarily) a virus or other bug. It sounds more like a hard drive going bad.

    Backup all of your important stuff, get a new hard drive and do the "nuke & pave" dance.
     
  12. merky1

    merky1 Member

    Joined:
    Feb 24, 2005
    Messages:
    303
    Likes Received:
    8
    I think that most slow / speed issues not related to malware come from HDD issues. Things to do would be to run a full chckdisk on all of the drives, and then run a defrag tool against the drive.

    If the HDD is going dead, you should check in the event log in windows and look for drive errors in the system log. If you have a sick drive, you should see quite a few resets.
     
  13. signifer

    signifer Member

    Joined:
    Aug 19, 2005
    Messages:
    314
    Likes Received:
    15
    You may want to try Malwarebytes. It seems to find and fix all sorts of things. Their free version lets you scan but you have to pay to get real time scanning protection.

    Good luck,
    Richard
     
  14. krmckee

    krmckee Member

    Joined:
    Feb 9, 2006
    Messages:
    497
    Likes Received:
    6
    Thank you! How exactly do I run chckdisk and check the event log? Sorry - not very savvy! :)
     
  15. merky1

    merky1 Member

    Joined:
    Feb 24, 2005
    Messages:
    303
    Likes Received:
    8
    for Win XP:

    chkdsk /F
    (reboot required - takes a while, so plan on down time)

    to view the event log, right click my computer, select manage.

    On the left hand pane select event viewer and select system to look a the event logs. just filter for the red errors, and look for source to be disk or storage related.
     

Share This Page