Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware wont let me install anything, complex problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 Cweezy

Cweezy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 16 June 2011 - 06:57 PM

Previous topic in AII here: http://www.bleepingcomputer.com/forums/topic403751.html

Mod. note: Cweezy is unable to create the logs. Do not move this topic. ~ OB


I tried running AVG and Ad-aware. both find multiple infections, but seem as if they cant remove them; error messages will pop up when i try to clean infection. I have dealt with trojans before and remember the only thing that worked was Hijack this. I have tried downloading and installing hijack this, but i always get an error in installation that "it must be installed to a local disk". I have tried downloading rkill. Nothing happens when i click run... just like when i tried downloading MBAM. the only web browser that works for me is IE 64-bit. I am totally stumped as for some reason all of my system restore files are gone.

What kind of malware is this?

and what is my first step to being rid of it?


I cannot install anything. i have tried installing multiple programs. I CANNOT INSTALL MBAM. I know its what will be recommended, but i have tried in safe mode as well. Firefox will not run. IE wont run, except for IE 64 bit.. please help. i would do a system restore but all of my save files are gone.

Edited by Orange Blossom, 17 June 2011 - 11:45 PM.


BC AdBot (Login to Remove)

 


#2 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 22 June 2011 - 02:13 PM

So any other ideas?

#3 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 23 June 2011 - 10:13 PM

im sorry to double and triple post but i could really use some help... any ideas on what i can do to fix my problem opening .exe files? I tried merging a file association fix for exe files to the registry but it didnt help anything.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 26 June 2011 - 07:44 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

Now the following may not work in your case, but please try. These don't need to be installed, just executed. Let me know what happens and we'll go from there.


We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 June 2011 - 10:03 PM

Ok so Ive got win7 64bit. No cd available. I downloaded OTL, saved to desktop, and double clicked it. the User Account Control box popped up, i clicked yes, and nothing happens. at all. It seems to be this way with anything i try to run..

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 27 June 2011 - 05:19 PM

Ok, let's start digging into this. First, some viruses do disable/remove system restore points. So, that is not unexpected. Not great, but normal for this.

You mention you can't run rkill. Which version of rkill did you download? rkill.exe, rkill.scr, rkill.pif, ieXplore.exe etc?
Here's the full list:
http://www.bleepingcomputer.com/download/anti-virus/rkill


Start at the top and work your way down the different files names. Filename and type does make an important difference here. I would try to run each one a few times (say 5-10) in rapid succession. I have found in my personal experience that eventually it will 'stick' and remove the issues. If it does stick and you get a logfile, immediately run MBAM (you will likely have to uninstall/reinstall it) and OTL as above.

What exact error messages do you get when you try to do anything?

Finally...I have two more tricks up my sleeve...provided you have a clean system and a flash drive we can use. Let me know how this goes first. If you can't get it to work, don't worry...we'll try an alternate tack.

Edited by etavares, 27 June 2011 - 05:20 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 28 June 2011 - 07:54 PM

Ok, I have tried every version of rkill available, around 20-30 times each, its not working. And I dont really get any error msgs at all... it just acts as if i never clicked anything.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 28 June 2011 - 08:13 PM

No worries. It was worth a shot as it was easier. Do you have access to a clean computer and an empty USB flash drive?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 29 June 2011 - 05:34 PM

yes i do

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 29 June 2011 - 06:25 PM

Hello, Cweezy.


Step 1


OK, we will try the simple way first. If this doesn't work...we'll make a bootable linux flash drive to access your infected computer.

First, on the clean computer, insert your flash drive...then run FlashDisinfector to prevent infections from crossing over.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



Step 2


On your infected computer, boot into Safe Mode with Command Prompt.

This will look quite different from normal safe mode.

  • Once it's booted, insert your flash drive.
  • we need to get to your flash drive. type D: and press Enter. See if the prompt changes to D:\>.
  • If not, try E:, F;, G;, etc. in sequence pressing Enter after each try. It is likely E: if I was a betting person.
  • Once you change to the other drive, type OTL and press Enter
  • OTL will launch. You may need to move the window around to be able to click everything I ask for.
  • Ensure the Scan All users check box is ticked.
  • Push the Run Scan button.
  • Two reports will open. You should be able to close them down and they should be on the E:\.
  • with your clean comptuer, please copy/paste the contents of both logs on the flash drive in your reply



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 30 June 2011 - 12:52 AM

Okay, so will a usb hard drive work as well? Or must i buy a flash drive?

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 30 June 2011 - 01:03 PM

For this...a USB drive will work. For the bootable USB backup option, it needs to be empty, but it should work.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 02 July 2011 - 01:26 PM

okay. i will format the drive shortly. could be a day or two till i do, fyi.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 03 July 2011 - 09:54 AM

OK, let me know.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 Cweezy

Cweezy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 05 July 2011 - 04:00 PM

okay just to clarify, i have to put OTL on the usb drive after using flash disinfector, right?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users