Laptop slow & constantly crashing - may eb Win32/ vi

May 1, 2013 at 12:03:47
Specs: Windows 7
My computer is seriously malfunctioning. It's slow, programs won't load. It crashes repeatedly - sometimes to the blue screen, sometimes not. I had a notice that said I had the Win32/ virus so I looked here for a solution. I downloaded Malwarebytes free and fixed what it said after running the Quick Scan. I then downloaded the Malwarebytes Anti-Rootkit and tried to run it but it stops working in the middle.

Running Malwarebytes again shows nothing malicious detected but the computer is a mess so something is clearly wrong. I ran disk check once when it restarted and it took about 18 hours. I'm afraid I've messed it up completely. Can anyone please help?

See More: Laptop slow & constantly crashing - may eb Win32/ vi

Report •

May 1, 2013 at 13:30:07
" I'm afraid I've messed it up completely"
Not yet.

Please Copy and Paste instructions into a text file, print/write down steps & info. You will need them, as they are hard to remember, for when you are offline.

As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.

If any program won't run ( due to the infection ) let me know.

Copy and Paste the contents of the log/logs after running each program.

Report •

May 1, 2013 at 13:32:27
1: Download & run Unhide
A introduction as to what this program does.
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt. Let me know if it dosn't produce a log please.

2: Reboot

3: Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.

You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?

Configure ESET this way & disable your AV.
How to Temporarily Disable your Anti-virus

Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

If no threats are found, you will simply see an information window that no threats were found.

Report •

May 1, 2013 at 15:33:02
Thank you! It crashed several times while I was attempting to run Unhide, but I finally got it to work. I'm going to reboot now and move on to the ESET part. In the meantime, here is the Unhide log. The temp\smtmp folder is indeed missing:

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013
More Information about Unhide.exe can be found at this link:

Program started at: 05/01/2013 04:58:07 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 278713 files processed.

The C:\Users\Laurie\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts:

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 05/01/2013 05:18:15 PM
Execution time: 0 hours(s), 20 minute(s), and 7 seconds(s)

Report •

Related Solutions

May 1, 2013 at 15:48:58
While running ESET, during Initialization, it says: "Can not get update. Is proxy configured?"

I'm not sure what to do. Should I download it on a flash drive and try that?

Report •

May 1, 2013 at 17:54:18
" Should I download it on a flash drive and try that?"
Yes, the infection is doing it's job & locking you out.
We now have to outsmart the infection & it may not happen straight away, just a matter of finding the right tool.

Report •

Ask Question