Author Topic: I need help.  (Read 4056 times)

K-Mann

  • Guest
I need help.
« on: April 10, 2008, 02:22:29 AM »
My computer is dying.

After one night, a little while ago, I noticed alot of shit not working well. SM was lagging, the GIMP crashed every time I tried to laod it, Firefox froze on occasion and I was getting alot of popups, even when I wasn't online.

Okay, fine. It was time to do a good ol' checkarooski anyways, so I started up Spybot and AdAware, did a disk defragment and clean up, redid the Spybot and AdAware and restarted.

It ran a little better, but FF still froze, SM still sucked, and the GIMP kept crashing. Also I noticed that when I ran AdAware, it searched a folder I had never known to exist: In my FONTS folder of all places. So that explains why the GIMP kept crashing. But what the hell? Why does it say the folder exists? And why does it contain zip folders with movie names, song names, and other bullshit that SHOULDN'T belong in the FONTS folder?

I brought this up with Zak. He says it could be a rootkit. And since I didn't know what that was, he says its something that can hide and cloak itself so it can't be found or even used/modified. Well fuck me gently and call me Carol, this is not good news.

So Zak says give it a good ol' chkdsk. "Zak," I ask, "whats a chkdsk?" And he explained it to me. And so I commenced the chking of the dsking and found out that bad things were happening on my C:\ drive. Things that Windows did not like. Stuff like file systems having problems and trying to be corrected but cannot.

Also, get this: I copied my fonts into a folder on my desktop. Folder size: 30ish megs. Okay fine, not bad, I have a lot of fonts anyways. Not a big deal. Folder size of C:\WINDOWS\Fonts? 3 fucking gigs.

What deuce?

Help me please! Also, if you're going to tell me to do things, please use nice grammar and humor, because I like that. Also mostly because I am NOT computer savvy, I'll need it pretty much idiot proof.

Also, sorry for not posting.

Spectere

  • \m/ (-_-) \m/
  • Administrator
  • Hero Member
  • *****
  • Posts: 5716
  • printf("%s\n", "Hi!");
    • View Profile
    • spectere.net
Re: I need help.
« Reply #1 on: April 10, 2008, 02:34:31 AM »
I wouldn't say it's a rootkit.  Rootkits tend to do nasties like bend the kernel (essentially, the heart of the OS) over the table and do very inappropriate things to it while you watch, wide-eyed, wishing that you could be recording what could possibly be the best rape video on the Interweb.  If it were a rootkit, odds are your software wouldn't even know it was there.

Windows\FONTS is a folder that, obviously enough, contains your fonts.  It's listed as a special folder, so it doesn't appear as a normal folder would when you display it in Explorer.  It only shows fonts that are installed in the system and provides you with options to install new fonts.  That's the main reason why some malware crap hides its stuff there; you can't give it a cursory glance and spot anything out of the ordinary (unless you navigate your system with the command prompt, anyway).

As for the humongous folder size of Windows\FONTS, 30MB is actually really small for that.  I don't have a whole hell of a lot of fonts and my folder still clocks in at around 200MB, but I digress.

It's going to be kind of hard to fix the issue without having physical access to it (since some particular nasty forms malware basically requires you to boot to a Windows LiveCD and hack it out of the registry manually).  At best you'll have to boot into safe mode and manually pull the stuff out.  HijackThis! might help.  Run that and post the log in this thread and I'll tell you if there are any suspicious processes running.  In the event that there are, you could always boot into Safe Mode, remove the suspect programs with HijackThis, and hope for the best.
"This is a machine for making cows."

K-Mann

  • Guest
Re: I need help.
« Reply #2 on: April 10, 2008, 02:42:30 AM »
Uh well there is a fuck ton of errors.

By fuckton, I mean 490. I dunno if thats alot or not.

EDIT: Should I fix them when it asks? Or show you first?

Spectere

  • \m/ (-_-) \m/
  • Administrator
  • Hero Member
  • *****
  • Posts: 5716
  • printf("%s\n", "Hi!");
    • View Profile
    • spectere.net
Re: I need help.
« Reply #3 on: April 10, 2008, 03:00:07 AM »
If it flat-out says that those are errors, yeah, I'd fix them.  The worst that could happen is that a program that you installed might not run right, but even that's relatively rare (and, at this point, is probably the least of your worries).
"This is a machine for making cows."

K-Mann

  • Guest
Re: I need help.
« Reply #4 on: April 10, 2008, 03:05:47 AM »
Shit.

Downloaded wrong link. I got Registry Booster instead, which apparently defrags bad registries. And it was on that site you posted, so maybe its not a bad thing?

HijackThis isn't supposed to show if its an error or not.

Anyways, I'd rather not post the log, just incase, so I pm'd.

Really appreciate this.
« Last Edit: April 10, 2008, 03:07:39 AM by K-Mann »

Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I need help.
« Reply #5 on: April 10, 2008, 03:55:09 AM »
Send me one as well, I'm experienced with HijackThis (I'd also have suggested getting it directly from the creator's site: http://www.spywareinfo.com/~merijn/programs.php)

anyway, send it to me too, though I'm telling you right now that there's nothing in a HijackThis log that can give away information for hackers and such (otherwise people wouldn't be posting them all over a bunch of sites dedicated to getting rid of malware.)

IBProcMan from Merijn.org is also a useful program if your taskmanager ever gets disabled. (happened to me once in a particularly nasty case.)

HijackThis scans your registry to look for anything out of the ordinary, and other things (like listing all the files to be loaded when windows starts) and such. There are usually quite a few things that are normal and don't need to be deleted, but there are some really useful places it scans. I've used it to get rid of or disable damn near every malware infection I've had since I discovered it.
This is going in my sig. :)

BANNED FOR BAD PUNS X_x

Zakamiro

  • Hero Member
  • *****
  • Posts: 1053
  • Foxy mama.
    • View Profile
    • Someplace
Re: I need help.
« Reply #6 on: April 10, 2008, 12:41:27 PM »
I first thought it was a rootkit because at first it sounded like the malware was hiding behind a folder he couldnt see in windows explorer. But, luckily it isn't that serious. hehe. Or maybe it really is. :[

I would just scan the fuck out of your system, remove all of the little nasty nasties and find a way of getting your filesystem back into check. I don't know of any 3rd party disk fixing tools, though. Except for what's on ultimate boot cd, though. This is basically the heart of all computing frustration: "I know this is EXACTLY what I need to do, but it still won't fucking do it!!!", followed by the usual yaaaaaaaaaahhhhrrrghhh *gargle* It's definitely a bitch, and I wish I knew way more than I do to fix it. And on the second thought, maybe I'm the only one that includes the gargle. :\

<<-----   Can we fix it?  _______!


We pressed on. Shortly afterwards, we arrived in a poisonous, post-apocalyptic hell - a sprawling, toxic dumping ground stretching for a mile or two. This is the final resting place for your old TV, computer or mobile phone.

Bobbias

  • #1 Poster
  • Hero Member
  • *****
  • Posts: 7210
  • 404 Avatar not found.
    • View Profile
    • Magnetic Architect
Re: I need help.
« Reply #7 on: April 10, 2008, 05:14:49 PM »
Hah, well, it was no rootkit, just a folder in C:\windows\fonts called ' (single quotation mark). Rather interesting, actually, I've never seen anything do that.
This is going in my sig. :)

BANNED FOR BAD PUNS X_x

K-Mann

  • Guest
Re: I need help.
« Reply #8 on: April 10, 2008, 11:55:05 PM »
Yeah... a folder called " ' "

Should have seen the bullshit in it. Also, a lot has been fixed now, thanks a bundle guys, for everything.