Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Security 2012 removal issue


  • Please log in to reply
11 replies to this topic

#1 mcrugger

mcrugger

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 21 December 2011 - 12:06 PM

Hello,

I followed the instructions to remove Win 7 Security 2012 on this site, but I ran the two programs in Safe Mode, and I didn't run Malwarebytes because I have several other programs on my computer (Norton Antivirus, Webroot Spysweeper) so I ran those instead. When I rebooted my computer after all of that the Win 7 messages had gone away, but I can't open anything up. The programs that are supposed to start up do so, like Norton and Webroot, but when I try to open Firefox or even try to bring up the task manager it simply does not work, I will get the spinning circle for like 30 seconds then it won't do anything. I have yet to try a system restore through safe mode, but I was wondering if you had any other thoughts on what I should do. It still works normally in Safe Mode, but a regular startup gives me the issues previously mentioned. I am on my work computer now, so I will try what you tell me tonight. Help please!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 21 December 2011 - 09:48 PM

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.

FixNCR.reg

insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.


Did you also run TDSS?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mcrugger

mcrugger
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 22 December 2011 - 11:48 AM

Well I downloaded FixNCR in safe mode and ran it, as well as iExplorer, but like I said, now when I run it in normal mode nothing reacts. I didn't sun TDSS initially but I tried it again later on and it didn't do anything. It is not that I am getting redirected anymore, it is that nothing will open, no programs, files, or even folders. The screen will show the mouse hitting the icon, the icon reacting, and the spinnin circle thta shows when something is loading, but after that nothing happens. I can try using an external device to load FixNCR but I dont think I will be able to open it once it is on my computer, seeing as I can't open anything. FixNCR is also on my desktop already, but it won't run in normal mode, only in safe mode. any other ideas?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 22 December 2011 - 12:50 PM

Ok,let's run EXE HELPER
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
((((((((((((((((((((((((((((
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mcrugger

mcrugger
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 22 December 2011 - 12:52 PM

Ok, I will do this when I get home, but it is likely I will have to do it in Safe Mode since nothing opens in Normal mode. Will that be alright?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 22 December 2011 - 04:18 PM

That will be OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mcrugger

mcrugger
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 22 December 2011 - 09:45 PM

Here is the result. What next?

exeHelper by Raktor
Build 20100414
Run at 18:43:30 on 12/22/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 23 December 2011 - 11:02 AM

Will they open now..

Can we run this.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 mcrugger

mcrugger
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 27 December 2011 - 04:55 PM

Here is the result of the ESET scan.:

C:\Users\mcunnie\AppData\Local\gbu.exe a variant of Win32/Kryptik.XTE trojan cleaned by deleting - quarantined
C:\Users\mcunnie\AppData\Local\Temp\xvwhgfxpyd a variant of Win32/Kryptik.XTE trojan cleaned by deleting - quarantined
C:\Users\mcunnie\AppData\Local\Temp\zsn.dll a variant of Win32/Kryptik.XTE trojan cleaned by deleting - quarantined
C:\Users\mcunnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\31ee1782-337f9fd3 a variant of Win32/Kryptik.XTE trojan cleaned by deleting - quarantined

Before I ran this, I tried starting my computer in normal mode to see if the previous actons had any effects. I was somehow able to open a text file right when I booted up, but then I closed it, and when I tried to open it again, it didnt work, and neither did anything else. Did this scan take care of my problem? Should I try again?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 28 December 2011 - 04:37 PM

Reboot and try opening the file again.
Are you getting an error message?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 mcrugger

mcrugger
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:12 AM

Posted 02 January 2012 - 06:08 PM

So I rebooted an tried to open it up. Basically, I could open up that file and firefox and even browse a couple of sites for a minute or two, but after that when all my background programs had started nothing would react anymore. Firefox froze, the notepad file wouldnt close,etc. It seems like as long as i open something up quickly i can get it to work for a minute or two, but after that its the same problem.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 AM

Posted 02 January 2012 - 07:22 PM

Hmmm,it appears the malware has hidden itself and we will need to move you to apply stronger tools.

Lets see if you can create a new topic wirh a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include this link back to this topic.

http://www.bleepingcomputer.com/forums/topic433757.html/page__gopid__2534412#entry2534412

Let me know if that went well.

Edited by boopme, 02 January 2012 - 07:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users