Reply
Newbie
chrispy12
Posts: 3
Registered: ‎07-03-2013
0

Do I have a virus ?

Windows XP PC running IE8 and use BT Yahoo as browser..extremely slow on start up...Have antiVirus Microsoft Security Essentials loaded.

 

Can anybody please explain why,  when I have ALL windows closed if I open Windows Task Manager I can see the following applications running :

 

http://listcatalogdirect.com/find7?kws=hindenburg*+mystery*+solved* -Windows Internet Explorer provided by BTahoo

 

*the above words are just examples as tey keep changing.

 

This is then replace by the following line

 

http://46.165.221.234/wpad.dat?n=1 ....

 

See above running when I open Explorer OR Firefox......I am assuming these are really slowing PC down.Any answers as to what they are &how I can remove greatfully received..Have recently run FULL scans using MSSE,Malwarebytes,AdAware all now show clear.

Distinguished Guru
gg30340
Posts: 8,476
Registered: ‎10-12-2012

Re: Do I have a virus ?

Download CCleaner and run it to clear your temp files etc. Also run the registry scanner on it. When it offers a back up of registry,accept it. If you have BTYahoo toolbar installed uninstall it and likewise for any other toolbars installed. In CCleaner you can check what is running at startup. Have a look there and take a note of what is starting. If you see anything that appears suspicious and you're not sure report back here and you'll be given info what to do.
"If you want to say thanks for a helpful answer, click the white star"
Newbie
chrispy12
Posts: 3
Registered: ‎07-03-2013
0

Re: Do I have a virus ?

Thanks gg30340....have done as you suggested...I said originally all scans reported clear, however downloaded new definitions from MSSE today...rescanned and it has found another 3 infected files with the Trojan :JS/Medfos A and X.

 

Just finished another full scan and all appears ok now ...fingers crossed......MS explanation of this trojan makes sense...latest update for Medfos released today.

 

Thanks again.

 

Chrispy

Distinguished Guru
gg30340
Posts: 8,476
Registered: ‎10-12-2012
0

Re: Do I have a virus ?

[ Edited ]

It might be worth doing a scan in safe mode just to make sure you have got everything removed. It is also worth getting CCleaner and running that and checking what is starting at start up. It can give you a heads up to whats using resources.

 

To get into safe mode on Windows XP follow this guide

 

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mf...

 

"If you want to say thanks for a helpful answer, click the white star"
Distinguished Guru
gg30340
Posts: 8,476
Registered: ‎10-12-2012
0

Re: Do I have a virus ?

The virus you have looks like a bad one, see this link. It would be well worth working your way through this to ensure that your antivirus has done its job.

 

http://guides.yoosecurity.com/how-do-i-remove-trojanjsmedfos-a-completely/

 

 

"If you want to say thanks for a helpful answer, click the white star"
Distinguished Guru
pottyperson
Posts: 6,053
Registered: ‎07-07-2010

Re: Do I have a virus ?

That site is rated poor by Web of Trust, gg. May not be significant but I thought you'd want to know. I don't know what SiteAdvisor says.

You can click the white star next to this message if you think it was helpful.
Distinguished Guru
gg30340
Posts: 8,476
Registered: ‎10-12-2012

Re: Do I have a virus ?

Thanks for that pp. It gets the green light on Site Advisor. I looked through the page on the link and it appeared to be how I would expect to remove the virus manually. It may be that the OP's antivirus has done a good enough job and he won't need to manually intervene. 

"If you want to say thanks for a helpful answer, click the white star"
Newbie
chrispy12
Posts: 3
Registered: ‎07-03-2013
0

Re: Do I have a virus ?

Thanks guys for info so far...am having one or two problems getting into safe mode at the mo, so have done a couple more AV scans -all appears clear and Task Manager shows no unknown apps running after start up.....so, may just keep a close eye open for a while. (plus do not profess to be totally PC literate)

 

But have one further question you may be able to answer....msconfig-Startup shows this item ticked for startup :-

 

_run ....... 

               ...... C:\Documents and  Settings\All Users\Application Data\Search Protection\_run.bat   

 

                         ........HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

 

Is this likely to be a bona fida file, and does it need to be ticked, currently system appears to fire up reasonably quickly ?

Aspiring Expert
deltaflyer
Posts: 188
Registered: ‎29-01-2010
0

Re: Do I have a virus ?


chrispy12 wrote:

Thanks guys for info so far...am having one or two problems getting into safe mode at the mo, so have done a couple more AV scans -all appears clear and Task Manager shows no unknown apps running after start up.....so, may just keep a close eye open for a while. (plus do not profess to be totally PC literate)

 

But have one further question you may be able to answer....msconfig-Startup shows this item ticked for startup :-

 

_run ....... 

               ...... C:\Documents and  Settings\All Users\Application Data\Search Protection\_run.bat   

 

                         ........HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

 

Is this likely to be a bona fida file, and does it need to be ticked, currently system appears to fire up reasonably quickly ?


only if you run a minecraft server, otherwise, you can stop it from running

---------------------------------------------------------------------------------------------
free your computer, use opensource
i'm a linux user & very happy about it
Guru
ryant704
Posts: 2,805
Registered: ‎02-08-2012
0

Re: Do I have a virus ?

Ctrl + C will stop anything that is running in command prompt.

If this helped you please click the Star beside my name.

If this answered your question please click "Mark as Accepted Solution" below.