Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista not updating and other problems


  • This topic is locked This topic is locked
10 replies to this topic

#1 Madmickc

Madmickc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 16 May 2011 - 06:42 AM

Hi, time to bite the bullet and ask for some help as I am unable to figure out what is hppening.

Am running Visat Home premium with SP 2.

Recently figured out it hadn't updated for about 2 months so tried to do manual updates but unable to.

Also the antivirus is now not loading (NOD32) and is being locked out of its kernal. tried uninstalling but unable to uninstall as some registry keys are blocked.

Also some flash sites and forms (the registration form for this site) throw up a page of wierd characters like:
���Y_s�6�f�Pe��=��$��d�&q�S�Nc�4}�$H�" �,�N��-


Have run:
Malawarebytes Anti Malware
Spybot
Sophos anti rootkit
Superantispyware

These have found and destroyed some things but still the same problems.

Installed Avast Antivirus and loaded OK but when restarted it too is blocked from starting.

Methinks there is a problem beyond my expertise.

Michael

Edited by hamluis, 16 May 2011 - 10:00 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Madmickc

Madmickc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 May 2011 - 02:02 AM

Was eventually able to uninstall NOD but Avast still not being able to start.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 PM

Posted 19 May 2011 - 10:36 AM

Hello, let's run a coupe and see what the logs show.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Madmickc

Madmickc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 May 2011 - 10:24 PM

Thanks Boopme,

Have run the scans and log details below.

MBAM (MalwareBytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6620

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

20/05/2011 9:09:50 AM
mbam-log-2011-05-20 (09-09-50).txt

Scan type: Quick scan
Objects scanned: 180895
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET OnlineScan

C:\Program Files\GuffinsEI\Installr\1.bin\u4EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\MING Network Monitor\MNM.EXE a variant of Win32/MingSoft.Spy.A application cleaned by deleting - quarantined
C:\Users\Michael\Downloads\BestSpywareScanner_Setup.exe multiple threats deleted - quarantined
C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.1.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Sharon\Desktop\CD & DVD Stuff\media.player.codec.pack.v3.9.5.setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined


Interesting from Eset - find it hard to believe that MyPhoneExplorer is a problem. Also looks like my kids have been installing toolbars.

Anyhow, leave it to you from here on.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 PM

Posted 22 May 2011 - 08:42 PM

Hello, we lost our internet here for construction. I believe tha Phone app is OK, Can you restore it from Quarantine or reinstall it? Ignore if found in the future ESET will probably correct that in its next update.
Toolbars should be uninstalled thruu Control Panel if there are any left. A lot of updates like yahoo and Adobe auti add these stupid things if you do not ubchaeck at install.
How is it now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Madmickc

Madmickc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 22 May 2011 - 11:09 PM

Still the same, unable to update, virus scanner (Avast) will not start and still get that strange code on some pages ie a few forms do it but not all, some flash works some gives the weird stuff and I think some Java maybe doing the same.

The Phhone App is fine once reinstalled.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 PM

Posted 23 May 2011 - 12:33 PM

Hi Mike ,let's try something else. Do a system restore to a date before all this started.
Windows Vista System Restore Guide

See how it is running now. Also rerun thr ESET scan. Don't remove the phone app this time.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Madmickc

Madmickc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 23 May 2011 - 10:15 PM

Ok,

Couldn't find a restore point prior to the 19th of this month so didn't restore back (as it happened prior to that).

ESET Scan:

C:\Program Files\AVAST Software\Avast\AvastSvc.exe a variant of Win32/Patched.NAT trojan unable to clean
C:\Program Files\Bonjour\mDNSResponder.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Program Files\NPVR\NRecord.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Users\Michael\AppData\Local\Temp\NOD5C0E.tmp a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Users\Michael\AppData\Local\Temp\NOD614B.tmp a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Users\Michael\AppData\Local\Temp\NOD65EE.tmp a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Windows\System32\AEstSrv.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Windows\System32\bgsvcgen.exe a variant of Win32/Patched.NAT trojan deleted - quarantined
C:\Windows\System32\Pen_Tablet.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Windows\System32\stacsv.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined
C:\Windows\System32\drivers\XAudio.exe a variant of Win32/Patched.NAT trojan deleted (after the next restart) - quarantined


So have restarted, still the same problem with strange code when opening some websites. Windows still not updating and Virus Scanner (Avast) blocked.

Don't know if this will help but Firefox 4, Seamonkey 2.0.14 and IE 8.0.6001.19019 all experience the website issues BUT Google Chrome and something called Flock (Interesting Browser) do not have the problem.

I am nearly ready to FDisk the PC and start from scratch.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 PM

Posted 24 May 2011 - 09:52 AM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

If you want to wait about 5 days to find what is buried on here and remove it,you can also do that.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Madmickc

Madmickc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 25 May 2011 - 01:05 AM

Thats fine, shall continue to see what it could be as it now has me intrigued. The Format and reinstall is my last option.

Thanks for the help so far and shall continue with the next step tomorrow when I have some time to spend at the computer.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 PM

Posted 26 May 2011 - 09:53 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users