Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problems restoring backup files after malware


  • Please log in to reply
6 replies to this topic

#1 iam_kramer

iam_kramer

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 02 November 2011 - 09:31 AM

hello, computer is a
HP Pavillion
a6557.uk
Windows Vista Home Premium, Service Pack 1.
64 bit.
4 GB ram.
AMD phenom™ 9550 Quad-core processor 2.20 Ghz

2 days ago parents allowed access to something,
it then hid the desktop and start menu etc in some temp folder.
came up with 20+ overlapping warning boxes on the desktop
came up with warnings on the taskbar saying clusters are broken. typical malware symptoms.
anyway, i have removed malware before a few times, using Rkill and Malwarebytes, and this proved successful this time. i thought.

but then, with every click from google's searches i would be redirected to other websites, internet explorer pop ups would come on the desktop when IE was not running. even adverts "sounds" were coming through my speakers but not to be seen.

this has never happened before when i have removed malware. this, to me, seems different.

to try to rid of this redirection, i downloaded ccleaner, did a disc clean, reset internet options.. but it didn't work.
finally, i used combofix (don't have logs), it didn't really do anything of note except when it restarted my computer it loaded with a worrying "hard drive failure is imminent..." press F2 to continue..
when it loaded up, combo fix flashed a a lot of times, overlapping itself and took a while to go down. it did, i uninstalled, and started to back up my files. when i had backed them up. I used recovery discs i created ages ago to recover and send it to factory settings.
now when i try to restore my files i am greeted with a runtime error about 5% in, "This application has requested the Runtime to terminate it in an unusual way"

i don't have any logs from MBAM/combofix/rkill because i thought it would be a routine malware removal thing. so i know i have hindered myself a few times here
the computer looks new now, at it's factory setting. i dreaded the rootkit "thing" but figured i should start up this first. as i know nothing of rootkits.

any help would be so appreciated.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,295 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:24 PM

Posted 02 November 2011 - 10:32 AM

<<...it restarted my computer it loaded with a worrying "hard drive failure is imminent...">>

FWIW: Anytime a user receives such a warning about the hard drive, it becomes the priority...regardless of whatever else a user may think has taken place.

I suggest that you run the appropriate hard drive diagnostic...on the hard drive installed.

FWIW

http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph05701&cc=uk&dlc=en&lc=en&product=3755442&tmp_track_link=ot_search

Louis

#3 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 02 November 2011 - 12:55 PM

Hello Louis,
ok, I am running the Diagnostic tools now. it does say powered by PC-doctor.
Processor - passed
Memory - passed
Drive -Hitachi HDP725050GLA360 (GEA560RE22K6BE) - passed
Drive -Hitachi HDP725050GLA360 (GEA560RE2AHYGE) - passed
Drive -HL-DT-ST DVD-RAM GH10L (K2983213330) - passed
Boot path - passed.

I did a retest after this, same outcome.
after i did the recovery with the discs, the "failure imminent" black screen did subside.


Now i am doing the SMART self test.
both drives passed the self test without error

what do you think?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,295 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:24 PM

Posted 02 November 2011 - 03:52 PM

I think that I would use the diagnostic developed and available from the manufacturer of my respective hard drives...if I wanted to check the status of same. Mo disrespect to system manufacturers...but hard drive manufacturers know their products better, IMO.

To be honest...I've never seen anyone state that HP made a diagnostic package that could be relied upon in the same manner that Dell's Diagnostic package may be.

Free Hard Drive Testing Tools - Hard Drive Diagnostics - http://pcsupport.about.com/od/toolsofthetrade/tp/tophddiag.htm

Louis

#5 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 02 November 2011 - 05:24 PM

booted up with the Hitachi drive test. both drives completed it successfully. no problems.
I haven't had any black screen warnings since recovery.

i just installed my wireless adapter driver and am back online.
Internet Explorer no longer re directs me to other sights. and there have been no pop ups, yet.

i still don't believe that there is nothing deep down somewhere. is there anything I can do?

#6 iam_kramer

iam_kramer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 03 November 2011 - 03:29 AM

Booted up this morning. last night i installed Avast anti virus, Comodo firewall (would not work when installed), Emsisoft and Malwarebytes.
I also installed updates for windows. I booted and when i came back to the screen there was a warning on a black screen saying

"an unauthorised change was made to windows."
Windows has discovered a change that will result in limited functionality.

I googled it, of course, and it appears that other users got this warning after installing Antivirus software.
I turned off the computer and it is now installing the updates from last night.
should i system restore?

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,295 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:24 PM

Posted 03 November 2011 - 10:28 AM

Me...I would uninstall the Emisoft program and the Comod software. The Windows firewall is more than adequate for users who don't want to get buried in minutiae about routine Internet events.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users