Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • Please log in to reply
11 replies to this topic

#1 germ1578

germ1578

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 02 July 2010 - 12:17 AM

An eMachine ET1161-05 running Windows Vista Home Basic SP2. Experiencing odd behavior. Everytime the machine boots up I get a window titled Driver Software Installation with the message "Installing device driver software" and the following lines:

ACPI x86 based PC Finished, restart required
Volume Manager Finished, restart required
Generic Volume Finished, restart required
Generic Volume Finished, restart required

After this I also get a window titled Microsoft Windows with the message "You must restart your computer to apply these changes." And Restart Now and Restart Later buttons. I click Restart Later, and close the Driver Software Installation window. When I try to start Internet Explorer it fails initially; no messages, just never opens. When I try IE again it opens, but I get the message "Cannot display webpage" with buttons titled Diagnose Connection Problems and More Information. If I click either of these buttons nothing happens. However, after a short while, I get a window titled Microsoft Windows with the message "Host process for windows stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available."
I then tried starting the machine in Safe Mode with Networking. I got the same window about Driver Software Installation, but when I try IE it works without any problems. Would greatly appreciate any adivce as to how to get IE working in normal windows logon. Thanks.

Edited by boopme, 03 July 2010 - 10:22 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:51 PM

Posted 02 July 2010 - 03:34 PM

Hi, may not be malware ,but let's get a quick scan and see.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 germ1578

germ1578
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 02 July 2010 - 08:59 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4269

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

7/2/2010 9:55:37 PM
mbam-log-2010-07-02 (21-55-37).txt

Scan type: Quick scan
Objects scanned: 127341
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:51 PM

Posted 03 July 2010 - 10:23 AM

I am moving this to the WIN7 forun as I believe it's a driver related issue.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:51 PM

Posted 03 July 2010 - 11:18 AM

Click the 'restart now' and see if that gets rid of the problem. Vista may take a while to go through it's rebooting, so just let it do it's own thing... don't manually shut it down, if it's taking longer than you think it should.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#6 germ1578

germ1578
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 July 2010 - 09:55 AM

Yes; I tried clicking Restart Now a few times before my initial post. I always get the "You must restart the machine to apply these changes" message again. I recently went into Device Manager to see if I had any failed devices. In Network Adapters I found 3 Microsoft 6to4 Adapters that are not working properly because "Windows cannot not load the drivers required for this device. (Code 31) I guess that makes sense because the machine cannot connect to the internet in normal mode. Though I don't know why it needs 3. I also found in Other devices 14 Unknown devices all not working because "The drivers for this device are not installed. (Code 28) There is no driver selected for the device information set or element. To reinstall the drivers for this device, click Reinstall Driver." I never tried the reinstall; I'm leery of it because the device is unknown. I Still have no clue as to why I'm getting the "Host process for windows stopped working and was closed" message. I went into View Problems History and there are hundreds of IE problems going back 6 months. Oddly though there are none from the time I've been recently working with the machine. I'm also concerned about the driver software needing to install every time I boot up the machine. I guess that might be normal for Vista. My machines are all XP; I'm trying to help someone with this Vista machine.

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:51 PM

Posted 04 July 2010 - 10:09 AM

I wonder what a full scan of Malwarebytes Anti-malware will show?

#8 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:51 PM

Posted 04 July 2010 - 10:35 AM

Moved to Windows Vista from Windows 7.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter


#9 germ1578

germ1578
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 July 2010 - 04:44 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4269

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/4/2010 5:22:40 PM
mbam-log-2010-07-04 (17-22-40).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|)
Objects scanned: 479790
Time elapsed: 2 hour(s), 14 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:51 PM

Posted 04 July 2010 - 09:59 PM

how new is your computer?

#11 germ1578

germ1578
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 05 July 2010 - 09:06 AM

Manufacture date = 2009/03/18

#12 germ1578

germ1578
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 10 July 2010 - 06:42 AM

Was able to recover the machine from a backup. Thanks to all who posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users