1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Looking for Defrag in all the wrong places!

Discussion in 'Windows XP' started by Mr Davo, May 30, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Mr Davo

    Mr Davo Thread Starter

    Joined:
    Mar 15, 2009
    Messages:
    349
    Hi Everyone,

    The error message below has started to come up on my Windows XP (SP3) computer over the last couple of days (at logon )-

    [​IMG]

    Obviously XP should not be looking for 'Defrag.exe' in the File Cache of Flash Player. I have checked the registry settings for Defrag, and as best I can see they are fine -

    [​IMG]


    As a final observation I have noticed that Defrag loads, and operates fine despite the message at startup.

    If anybody has any advice concerning how to fix this it will be greatly appreciated. Please don't suggest upgrading from XP, as I am using it for specific programs (that will not run elsewhere!).

    Kind Regards,

    Davo
     
  2. johnebadbak

    johnebadbak

    Joined:
    Feb 28, 2002
    Messages:
    1,731
    in the run box type msconfig press enter.
    click startup tab look for the setting and untick it save and exit
    when the system boots the configuraton box will show, to stop it showing, tick the check box in left hand corner of the configuration window
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    77,643
    First Name:
    Frank
    It's my guess your computer is infected.

    ----------------------------------------------------------

    Click Start, then type MSCONFIG in the search or run box, then press the Enter key.

    When the small "System Configuration Utility" window appears, click the "Startup" tab.

    If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

    Submit a screenshot image of that window.

    ----------------------------------------------------------

    Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the "Scan" button, then allow the scanning process to finish.

    Click the "Clean" button, then click "OK".

    Allow the cleaning process to finish.

    When it's finished, click "OK" in each window that appears.

    The computer will restart.

    When the log appears during restart, save it.

    Return here to your thread, then copy-and-paste the ENTIRE log here.

    -----------------------------------------------------------
     
  4. Mr Davo

    Mr Davo Thread Starter

    Joined:
    Mar 15, 2009
    Messages:
    349
    Hi flavallee,

    Thank you for responding to my post. Ultimately I used MalwareBytes to remove a couple of threats, however the box kept popping up when loading Windows. After scanning with an extra anti-virus program and finding no threats I decided to perform a System Restore, and the issue is no longer occurring.

    Kind Regards,

    Davo
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    77,643
    First Name:
    Frank
  6. Mr Davo

    Mr Davo Thread Starter

    Joined:
    Mar 15, 2009
    Messages:
    349
    Hi flavallee,

    I spoke too soon, my Windows 7 computer is also infected with this threat, and unfortunately I do not have any System Restore Points 'up my sleeve'.

    I did as you suggested and ran the AdwCleaner.exe program, on first cleaning attempt, the program crashed, I then ran it again, and had some success.

    [​IMG]

    Here are the logs from the AdwCleaner program runs -

    https://www.dropbox.com/s/9jm2hp7u4w5dqyi/2014-06-03-AdwCleaner[R0].txt

    https://www.dropbox.com/s/i10dukas02rbze5/2014-06-03-AdwCleaner[S0].txt

    https://www.dropbox.com/s/oens4416a9dre7o/2014-06-03-AdwCleaner-Quarantine.txt

    https://www.dropbox.com/s/ppfweyx8fnggz5j/2014-06-03-AdwCleaner[S1].txt

    After rebooting I still see the error message box -

    [​IMG]

    I am now running MalwareBytes, and will later try CCleaner.

    If you have any further suggestions please let me know.

    Kind Regards,

    Davo
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    77,643
    First Name:
    Frank
    If both your Windows XP and Windows 7 computers are infected, you need to deal with them in separate threads and not in the same thread.

    Dealing with 2 computers in the same thread is too confusing and too time-consuming.

    You also need to copy-and-paste your logs in your thread and not provide dropbox links for them.

    You may need more professional help at the "Virus & Other Malware Removal" section.

    If you do go there, you need to read this sticky first.

    ---------------------------------------------------------
     
  8. Mr Davo

    Mr Davo Thread Starter

    Joined:
    Mar 15, 2009
    Messages:
    349
    Hi Everyone,

    After doing some more research I realized that the threat which had infected my computer was quite common, and was called different things by different protection programs. Here is a link that describes the infection in greater detail -

    http://www.herdprotect.com/defrag.exe-bde76abdc6355437bc183eef5ac633e7994fcb4f.aspx

    For those interested in a little extra reading; I found this article to be quite informative -

    http://www.windows8central.com/inde...new-trojan-hijacks-your-pc-for-bitcoin-mining

    Whilst running an up to date version of MalwareBytes did seem to quarantine the Trojan (please see attached log), ultimately it did not stop it completely. Instead I was constantly seeing the message that started my thread...

    After doing a little digging in my file system I found the offending folder that still contained some files that were part of the Trojan threat.

    [​IMG]

    The 'def.bat' file (above) was found to contain the offending Windows Script Host commands -

    [​IMG]

    Once I knew what the Trojan was doing I double checked Msconfig for any unusual entries, and found -

    [​IMG]

    I could not take a screen shot of the entire Msconfig entry in one go so here is some more...

    [​IMG]

    I unchecked the Msconfig entry for this Trojan, and manually performed a 'permanent' delete (with SHIFT + DELETE) on the files contained in the Cache folder. After rebooting the message did not present on screen again, and the Cache folder was clean -

    [​IMG]

    Once more I am running a full MalwareBytes scan, and once this completes I will scan with additional Anti-Virus programs before being convinced that my system is completely clean. However I think that I am now on the right track...

    Kind Regards,

    Davo
     

    Attached Files:

  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Looking Defrag wrong
  1. DugRowland
    Replies:
    2
    Views:
    255
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1126911

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice