Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem after removing Vista Antivirus 2012


  • This topic is locked This topic is locked
11 replies to this topic

#1 docjej

docjej

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 04 December 2011 - 09:06 PM

am running Windows Vista Ultimate 32-bit on a Vaio. It recently became infected with the Vista Antivirus 2012 malware and I followed the instructions by Grinler I found here (http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012) on removing it using FixNCR.rg, RKill and Malwarebytes Anti-Malware. I have also been running the free version of Avast ( which was set for automatic downloads so it should have been updated ), Windows Firewall ( havent been able to disable it despite the redundancy ) and am behind a router/modem from my ISP. Anyways it appears I successfully removed the malware but now anytime I try to open a program - IE, Firefox, Outlook - I am get a dialogue box stating I have attempted to open a file. Please choose a program to open it with. Sometimes I get one option, other times more. So with Firefox, it offers me Firefox as an option ( for the others it does not give me appropriate options ) but when I click it to open a browser window, I get in addition, another dialogue box stating:

You have chosen to open firefox.exe
which is a : Application (903 kb)
from c:\Program Files\Mozilla Firefox

Would you like to save this file?

This happens each time. I tried reinstalling Firefox with no improvement. When I attempted to open MS Word, I get an error saying that it cannot find the program. I havent yet run Secunia. I would like to run Malware on my desktop ( not having any over issues but has been running slow since I moved to the new place, coincidentally i guess, and am not sure why ) but am afraid of having the same problem.

BC AdBot (Login to Remove)

 


#2 docjej

docjej
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 05 December 2011 - 08:49 PM

Ok I used the fix from here http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html and it seems to be working well now. Thanks for the wonderful website.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 PM

Posted 05 December 2011 - 10:02 PM

Some malware infections target .exe files and alter associations. Without repairing the file association, .exe files will lose functionality and you may be unable to run any programs. File Extension Exe Fix is one such tool to make those repairs but there are others.

Is your computer still running ok?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 docjej

docjej
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 05 December 2011 - 10:42 PM

Well I ran that fix and so far so good.
The problem using the red " x" button to close windows, and also the ability to move windows around the screen predated this malware issue. I think it started when I updated to Vista but cant remember for sure.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 PM

Posted 06 December 2011 - 07:43 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 docjej

docjej
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 18 December 2011 - 01:28 PM

Ok so heres where things stand. I was reinfected, ran the whole rkill, malware etc series again. Its been cleared but now i cant access the internet. The icon shows as " identifying the network" but never moves beyond. I tried restoring to known clean dates but the restores ( two different points ) were not successful. I tried a wired connection to my router/modem. No difference. The internet connection works fine on my other computers so the problem is specific to that laptop. What now?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 PM

Posted 18 December 2011 - 01:38 PM

If you were reinfected, then chances are all the malware has not been removed. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself or infect critical system files which cannot be cleaned. Sometimes there is an undetected hidden piece of malware such as a rootkit which protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 7 there are instructions for downloading and running DDS which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. After doing this, it would be helpful if you replied back in this thread with a link to the new topic so we can closed this one.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

Note: If you can produce at least some of the logs, create a new topic and explain what happened with those logs you tried to create but could not. If you cannot create any of the logs, then still post the topic and explain that you followed the Prep. Guide but were unable to create the required logs. Again, describe what happened when you tried to create them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 docjej

docjej
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 18 December 2011 - 01:42 PM

When I diagnosed the LAN connection I got the message that the DHCP client service is not on. I tried turning it on and it failed. I tried running serives.msc or turing it on through the taskbar and I get a message stating " The operation could not be completed. The dependency service does not exist or has been marked for deletion. "

#9 BrianC.

BrianC.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 December 2011 - 04:00 PM

Is there any way to inoculate against this %^$& thing? My sister keeps getting it regardless of how many times I talk her through "safe internet practices". The fixes here clean it right up (THANK YOU!!!) but anywhere between 3 to 8 months later she will pick it up again. Can I put a dummy file somewhere and mark it read only or anything like that?

Would be most appreciated!
Thank you for all your help.

#10 docjej

docjej
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 18 December 2011 - 08:05 PM

THanks. I have done the above and here is the link to the new thread.
http://www.bleepingcomputer.com/forums/topic433258.html

#11 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:49 AM

Posted 18 December 2011 - 08:13 PM

You did not post the malware logs requested by quietman7 in post #7. Please do so you can either edit your current topic http://www.bleepingcomputer.com/forums/topic433258.html or if you are unable to edit, go ahead and add them as a reply.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:49 AM

Posted 18 December 2011 - 08:35 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users