943,809 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jan 6th, 2009
0

Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Expand Post »
Hello, All,

Thanks for the help in advance. My husband's computer had attracted a number of viruses - Virtumonde, Zedo, etc. - that I've since removed. However, yesterday, a "sever busy" pop-up window started appearing, and windows would freeze after about 3 minutes of normal operation. At that point, no applications could be launched, though I could alt-tab between applications that were ALREADY launched.

The taskbar would freeze, I couldn't shut anything down, and the quicklaunch buttons wouldn't work either. Nor could I access the internet.

I guess I should make this all present tense. Although I've run both CCleaner and Malwarebytes and Spyware S&D in safe mode with system folders showing and system restore off, etc.... nothing. And since I can't access the internet any longer on his computer, even when it first starts up ( when I attempt to launch Mozilla, nothing happens ), I can't download Hijack This.

I had previously thought it was an issue with Spyware S&D's TeaTimer, so I disabled that in msconfig and a few other programs that weren't needed... but yeah, still having issues.

Any suggestions? Also of note is that when the taskbar freezes, a thin black line appears on the bottom of the start button.

Again, thanks for the help in advance!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
deletedspace is offline Offline
4 posts
since Jan 2009
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Do you have the log from MBA-M? This is a program which isn't supposed to be run in Safe Mode but in normal mode. You are correct about TeaTimer. Leave it off, it interferes with some fixes attempted.
I don't know what firewall you are using or even if there is a firewall involved, but you might try turning this off and see if it helps.
Also don't know the operating system but have you tried Safe Boot with Networking? This allows the computer to boot in safe mode but also allows internet service without the unnecessary items which may be running during normal boot.
Is there a way you can get the log and post it from the computer you are using now?
Can you download HJT to another computer, burn it to a disk and then put it on the affected computer? If you can do that then try to get the log and post it back here.
System Restore should also be left ON until the computer is clean. After it is clean is when you then reset it. It is better to have at least something to go back to, even if infection is involved, rather than nothing which is what you have by turning off System Restore because that will erase all restore points. It is too late for that now just remember that in the future.
Judy
Last edited by jholland1964; Jan 6th, 2009 at 1:59 pm.
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Thank you for responding, Judy.

I realized that I could Gtalk files back and forth, so I sent HijackThis and downloaded it to my husband's cpu.

Here's that log:

Quote ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:31 PM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\Google Talk Received Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Administrator\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1229538388093
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229538557062
O20 - AppInit_DLLs: gmuxlx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Client Security Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10396 bytes
So, now what? : )
Reputation Points: 10
Solved Threads: 0
Newbie Poster
deletedspace is offline Offline
4 posts
since Jan 2009
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Let me look through all this and I will get back to you. This is a wireless connection correct? Have you tried a hard connection, is that possible?
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Can you run HJT on the infected machine? If so run it again.
Place a checkmark next to this entry
O20 - AppInit_DLLs: gmuxlx.dll
Then click the Fix Checked button.
Exit HJT.
Reboot the system and see what happens.
Judy
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Okay, I did what you said. I'm not seeing any server busy notices yet, but the taskbar still froze as soon as I attempted to open my documents, and Mozilla wouldn't open.

It didn't seem NEARLY as sluggish opening Windows as it did previously, though.

Then, when I shut down ( which I had to do manually), I got a "tcsd_win32.exe" application error.

I thought that might have had to do with some non-essential system32 files I'd removed from startup, so I replaced them and rebooted again.

I tried loading Mozilla again, and no dice. I can open IE, but it continually says, "connecting," and when I try searching for anything in the search bar, it gives me that, "OH NO YOU DON'T" Windows gong. My internet connection is just fine, 'cause I can log on to gTalk.

After about ten minutes of various navigating, I got the "sever busy" window pop-up after opening QuickBooks.

Weird, huh?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
deletedspace is offline Offline
4 posts
since Jan 2009
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Quote ...
I thought that might have had to do with some non-essential system32 files I'd removed from startup, so I replaced them and rebooted again.
How did you know for sure that these were unnecessary?
The file you get the error from is associated with NTRU Cryptosystems
what is the exact error that you get?
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

I didn't get the error after I restored those processes to startup, and I googled them to see if it'd cause problems to remove them from start up, and removed the ones that the "experts" said wouldn't cause problems.

That's no longer an issue... it's more of the freezing, internet-not-working thing now. SO much better.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
deletedspace is offline Offline
4 posts
since Jan 2009
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Well that NTRU Cryptosystems program has to do with your wireless network so maybe the program is damaged.
The system freezes definitely shows there is "something" trying to work or not working right in the background.
Were the freezes the reason you turned off some of those system32 files? While some may not be necessary they are often tied together with others which are necessary and sometimes turning off one may turn off many others that you didn't mean to disable. This is why it is always recommended that each and every one be totally researched before turn them off.
Did the freezing and internet not working come before or after the clean ups?
Can you give me a list of those system32 files you turned off and then turned back on?
Last edited by jholland1964; Jan 6th, 2009 at 3:32 pm.
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Jan 6th, 2009
0

Re: Server Busy Virus + Can't Launch IE or Mozilla + Windows Freezes

Go to Start, Control Panel, Administrative Tools, Event Viewer. Look in Applications and also System and locate errors which may give an indication as to what is causing these Server busy errors.
Judy
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Hijack and malwarebytes log-avsoft removal
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Virus lsasrv.dll





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC