Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery-Windows Security 2011


  • Please log in to reply
6 replies to this topic

#1 bartwyoming

bartwyoming

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 19 April 2011 - 06:58 PM

Hi computer has pop ups that warn of severe memory loss and various virus. Windows Recovery immediately loads on start up. It runs a scan which informs me of a severe security issue. I have run Super-Anti Virus and it finds various trojans and adware but upon restart,the problem still persists. I have also ran RKill and Malwarebytes and received no infections. As of now the desktop only will show internet explore; recycle bin,Malwarebytes and RKill.
can anyone help me please

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:44 AM

Posted 19 April 2011 - 07:16 PM

FWIW: BC Windows Recovery Removal Guide

I will move this to the Am I Infected forum.

Louis

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 19 April 2011 - 08:35 PM

After you've completed that, post your scan log here,let us know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 bartwyoming

bartwyoming
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 19 April 2011 - 10:35 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2011 9:30:56 PM
mbam-log-2011-04-19 (21-30-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 354022
Time elapsed: 1 hour(s), 0 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 bartwyoming

bartwyoming
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 19 April 2011 - 11:03 PM

I have now downloaded and ran Unhide.exe and the hidden files are now visible. I continue to get an internet script error asking if I want to continue running script to a page I never asked for. I get intermittent sound from these pages they are asking the script about. It sounds like ads for various products. When I ran rkill prior to the MBAM scan,it said access was denied but after the screen went blank..it restarted rkill and I was able to finish that scan. I checked on the programs that were now restorede and they appear to be working. I have not restarted the computer at all and will await further instructions. Thank you so much for all the help.

#6 bartwyoming

bartwyoming
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 20 April 2011 - 08:21 AM

I woke the computer from hibernation this morning and the Windows Recovery scan loaded and with it the fake hard drive failure messages. I am currently looking at a message with states, Windows-Delayed Write Filed, in the dialogue box reads,Windows was unable to save all the data for the file\\System32\\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware. I know from past experience that if I try to close this error message the computer will go into a restart and restart Windows Recovery again. The screen saver and all the desktop icons are once again gone and I have no programs in start. I have not done a restart nor have I shut the computer down since we started working on this problem. I will leave the computer on while I am away today. All the programs I was aksed to load -RKill..MBAM are also no longer on my desktop.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 20 April 2011 - 08:58 AM

Can you run SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users