PC freezing after trojan found and quarantined

[Carol Smithson]

OS WinXP Home Ed. SP2, updates current, McAfee Internet Security 8, Lavasoft Adaware and Spybot Search and Destroy, AVG spyware thing (latest version)

I noticed either Sunday or Monday that my PC was frozen after leaving it on overnight. I usually leave it on nightly. I didn't think much about it and shut it off improperly to have it freeze again and again. I got suspicious about a virus or spyware and ran Lavasoft Adaware which found Win32.TrojanClicker (4 files) which it quarantined. I ran Spybot Search and Destroy afterwards and it found nothing. My PC continued to freeze up. I did a system restore sometime but now cannot remember if it was before the trojan was detected or after, but it was done the same night. The PC screen was black after the restore, so I rebooted and restored it back (or canceled that restore...not sure what term to use). Maybe I was too hasty in undoing the restore?? I downloaded AVG latest version spyware thing and it finds nothing. Neither does Adaware, McAfee or Spybot S&D. I tried Panda but could not get it to scan. I read everything about posting a Hijack This log and downloaded everything to get ready to go to Safe Mode and scan when I read the disclaimer on system restore that if I turn it off, all restore points will be lost. I thought if this was not a spyware problem, then maybe I would be advised to restore, so I decided I better post before I did that step. However, the night I did the restore and then undid it, I tried to pick several different restore points and none of those would work. While none of my scans are showing anything, I am still thinking that it is too much of a coincidence that my PC began freezing and then I found a trojan. My son had been on the PC on a gaming place he saw on Cartoon Network. He says nothing weird came up and he didn't download anything. He says a McAfee firewall alert popped up and he clicked to block the change. Could the trojan be gone but something is still messed up in the registry from the trojan? What would you recommend me to do next? I would almost reformat, but I am not 100% sure all my photos, music and Word docs are all backed up, though many are. I am very careful where I go online and what I do, and have never had a problem like this before. However, the PC keeps freezing! It seems to be doing it less frequently, but it does it sometimes after I turn on the PC (after turning it off so it doesn't freeze while it is sitting idle), last night it froze when I tried to download something from my email to my 2nd hard drive used for storage, it froze when I opened RawShooter, it froze as the PC was shutting down, it froze twice while I attempted to download the Superspyblaster (or whatever it is called, the one listed on here to download) and other times too (I just can't remember all the times). When trying to download the Superspyblaster, I clicked on the link which took me to the page for the product. When I clicked to download it, an alert popped up telling me to see the info under the toolbar which asked me if I wanted to download this and if so, click here. Each time after clicking, it froze, but when I tried the third time, I held down the ctrl button which allowed it to download (without the message popping up) and the PC did not freeze. Also, I just remembered, when I ran AVG in normal mode, it worked fine on my C and K hard drives. I had forgotten to plug in my external drive (I am keeping it off because it has many photos on it) and when I plugged it in and started the AVG scan again, it froze before finishing, getting maybe halfway thru the scan. One other thing I have noticed at times, down at the bottom in the little bar where it shows the Internet icon, the icon to click to check to see if this is a phishing site, and where the privacy report eye thing is, sometimes as I see the address of the site it is connecting to (like say Yahoo!), I will quickly see about:blank and then its back to the address. Sometimes I see about:blank at the top in the address bar for just a second. I had wwwcoolsearch on the PC about 2 months ago or so, but it was quarantined by Spybot S&D and nothing else has shown up in any scans since. I have wondered though if the about:blank was spyware too. However, after finding the Coolsearch, my PC was not freezing until either Sunday or Monday. Sorry this is long, but I was trying to be as detailed as possible! I am awaiting an answer to tell me what to do next, and should I turn off my system restore, and should I go through all the steps and post a hijack log! Thanks so much in advance!

[chiaz]

Hello.
You can leave System Restore as it is for now.

When you said Superspyblaster, do you mean SUPERAntiSpyware (SAS)? You mentioned that you had downloaded it finally, but have you ran a scan with it? Then continue with CCleaner as in the Prework, before running HijackThis (HJT). Attach the two logs from SAS and HJT in your next reply, and we'll take it from there.

[Carol Smithson]

Originally Posted by chiaz

Hello.
You can leave System Restore as it is for now.

When you said Superspyblaster, do you mean SUPERAntiSpyware (SAS)? You mentioned that you had downloaded it finally, but have you ran a scan with it? Then continue with CCleaner as in the Prework, before running HijackThis (HJT). Attach the two logs from SAS and HJT in your next reply, and we'll take it from there.

Yes I meant SAS which I downloaded from here, but I was already typing so did not go back to the steps to see the exact name and was going by memory (which mine is not that good ) Ok Chiaz, I really appreciate this; it froze last night during shutdown and again this morning during the startup. I have to take my son to a doctor's appt at 10:00AM (1 hour from now) so I will be doing this just as soon as I walk back in the house!

[Carol Smithson]

Originally Posted by Carol Smithson

Yes I meant SAS which I downloaded from here, but I was already typing so did not go back to the steps to see the exact name and was going by memory (which mine is not that good ) Ok Chiaz, I really appreciate this; it froze last night during shutdown and again this morning during the startup. I have to take my son to a doctor's appt at 10:00AM (1 hour from now) so I will be doing this just as soon as I walk back in the house!

Attached Hijack This log and SAS log. PC still freezing! Ran CC cleaner too. PC just froze when I attempted to run CC cleaner (so I did it in safe mode) and when I tried to attach the logs to here the first time.

[valis]

I just want to pop in and say 2 things:

1. Sons. Sheesh. Who needs 'em? (luckily mine has only destroyed one pc, but then he's only 2ish, so the day is young).

2. If I could get every poster on the planet to examine your first post as an example of what to tell the people helping them, I would do so in a heartbeat. You gave us all the info necessary, in a clear and concise manner, and let us know exactly where you stand. Usually we have to fish around a bit to get some more info out of the client, but your's was absolutely stellar.

As is chiaz. I'll leave you in his incomparable hands now.

And welcome to the forum, as well.

[Carol Smithson]

Valis, thank you so much for the welcome! I am glad my post was helpful; I was trying to save time so that no one had to ask me to clarify and slow down the process awaiting my answer. I should have opened another window to find the proper name for SAS, but that was just a minor delay. I am glad for once my short novel was a good thing and that I didn't hear "you write/talk too much!" which is what my husband always says!

Well I wish you luck with your son that he does not destory any more PCs! Mine (11 yrs) has been on the PC since about age 4, and I guess this is the first time I have had a problem (that I know of), but now he has been banned from any site but one! I do photography and have too many photos on my hard drives to risk losing them (and I need to get busy on catching up on my backups!!) I am anxiously awaiting an answer; I can't even download my latest photos from my camera to the hard drive because I am afraid to with all the freezing going on!

[valis]

what I used to do was burn everything to dvd, then store it in a safety deposit box every 6 months or so. As stated, I got a little monkeyboy and a digital camera, so in 18 months I've accumulated about 6k pics. I've also been a freelance writer for a few years, so I got all that stuff as well. Long story short, I finally broke down and for about $100, bought an external hard drive and an enclosure. Every Friday I take it home from work and synchronize it with my home pc (using MS's freeware app SynchToys) and then it goes back to work; sort of like the pres and the v.pres, they don't travel together. This way, if I drop the enclosure, I can just buy a new one. If my home rig blows up (courtesy of aforementioned monkeyboy ) I have all my data on my enclosure.

Something to consider, and really not that technically advanced.

Don't worry about your PC. Chiaz hasn't met his match yet in malware, and I'm always learning from him, so I wasn't exaggerating when I said capable hands.

thanks,

v