Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Even Safe Mode is Unsafe!


  • Please log in to reply
20 replies to this topic

#1 MisterSinister

MisterSinister

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 18 December 2011 - 04:59 AM

So, i seem to have some sort of unstoppable virus. Its the kind that says its Windows 7 Security but will say that anything under the sun, including IE or ANY program, and says i need to register it immediately! I tried running Rkill from here, which has helped in the past and ive run MalwareBytes countless times and it still isnt working. It first attacked my usual profile (also admin profile,) where viruses occasionally hit me. I go to my guest profile to work from there, (i usually do this and it works) but soon it got into there too, despite Malware-Bytes having eaten through a lot of these viruses, even saying there are some this time already that its killed, but not defeated. I tried Safe Mode w/ Networking and it has become a horribly ironic Unsafe Mode as it pops up there as well. Also, strange “will you allow this to change your comp” messages keep coming up with things like “bcont.exe” and strangely enough, “windows explorer.” when windows explorer comes up (oh and it doesnt go away, you click no and it IMMEDIATELY comes back) and i click it away with a no, it stops working and everything disappears except for the constantly nagging window and the viral security page. I am using a different computer altogether and am fearful to use my own again, fearing the virus will somehow spread more, not even allowing me to start it up. I also have decided not to click yes on any of the "to do you wish to allows" until i can trust them not to murder my comp anymore. Your help would be greatly appreciated, because i am freaking out.

Edited by Blade Zephon, 18 December 2011 - 05:42 AM.
Moved from Windows 7 to AII. ~BZ


BC AdBot (Login to Remove)

 


#2 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 18 December 2011 - 05:05 AM

under some light scrutiny it also says its the 2012 one too

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:07 AM

Posted 18 December 2011 - 05:41 AM

Hello.

Please try following this guide: http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012

Let me know how things are running after that.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#4 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 18 December 2011 - 06:33 AM

Dear sir, i apologize if i have wasted your time at all, but as usual, looking at random places on the internet has helped me in my time of need. I appreciate your aid though and i will consult it if a similar problem occurs. Thank you all so very much, without you all, i would probably not have a functioning laptop. Also, im not sure if this has been listed as a useful way of dealing with this virus, but i have read and tested (so far satisfactorily) that if you change your date on your system to a few weeks in the future, the virus will time itself out, making itself unable to work correctly, wherein i was able to rightly snuff it with MalwareBytes (notably, i will reply if something horrible does go wrong and this entire post shall become a mark of shame to me even after (and if i can) remove it from this thread)

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:07 AM

Posted 19 December 2011 - 12:18 AM

Glad you got things sorted :)

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#6 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 19 December 2011 - 03:02 PM

as it would turn out, this seems to only work momentarily, as the virus has returned. Though it is no longer present in the artificial future i use, the notes for bcont.exe . I noticed the virus was also still brewing in my Guest Account, and has now spread back to my Main Profile. But what did it? changing the date back? not running Malware-Bytes on my guess account? Either way, the virus lives on. I should consult this link now.

#7 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 30 December 2011 - 06:41 AM

More things have gone wrong. It seems through the double-whammy of Avast and Malware-Bytes that the virus is gone, but strangely enough, i can no longer access my internet (its says it can't find an IP address) and must use this secondary computer to solve the problems of the first once again. Is this a hardware problem? is this a viral problem? if not, how can i solve it? I have tried the process in the link, but it returned soon enough, the virus just as powerful. i fear it may have been caused by my altering the clock, but i cannot be sure. Any help i can recieve would be greatly appreciated

#8 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 30 December 2011 - 08:53 AM

Ive found many things wrong with my computer recently and need to know if these are hardware problems or viral/spyware infections causing such things as the following:

  • My Computer sometimes just clicks on things when i hover over them (though i think this may be a problem with my somewhat deficient mouse, i found this mostly only happens when using Firefox, making me think its an internal problem. This i believe may be connected to my slightly shoddy Toshiba as soon after purchasing it a few months back, the mouse button (which is shaped roughly elliptically-shaped "(---|---)like so) and the silver gleam on it seemingly wore off or tarnished or something into black (it looks like my finger just rubbed through it and the left button would stick to the left, falling inward it would seem almost, although this is an easily remedied problem (i just press the other side to get it back up and to this day only press the button near the middle where they meet to keep it from falling into my comp again.) <This last part i know is clearly a hardware problem, but also would like any tips on how to fix this or open the comp to try to.>
  • Sometimes my computer just decides to restart itself, shutting down things and just restarting, taking a large amount of time to do so as well (this i found may be a problem with Windows Update, though im not sure)
  • Windows Update constantly has a need to update things, although i think this may be because spyware is preventing some of the updates from getting through, making it want to re-install them all the time, though this is only a theory)
  • After Updating, i have found randomly named files that cannot activate and have long number-based names and are .exes (i.e. 0.5403305870756482.exe) and am scared to delete something like that. For them meantime i have just kept it in a folder labeled "Useless Twaddle." (this has only happened once or twice so i dont know if its a real "problem" so much as a curiosity or if its harmless)
  • Whenever i use Firefox or Google Chrome, sometimes random windows will pop-up, not like pop-ups, but as if i had clicked on them as they also open as tabs. They are always some ad that doesnt load or a "congratulations you win the internet lottery!" thing (im formerly thought this had to do with the clicking problem i have, but i notice the things that i could, in theory, click have no relation to the useless tabs or sometimes two or three tabbed windows that appear)

Also i have done several things which i am not sure are in and of themselves bad for my computer, though i am not sure if these are the root problems of my occasional viral assault:

  • Installing Avast Antivirus (although it ran out eventually and mysteriously a virus started...i uninstalled it, but i must've clicked the wrong button, because its returned and doesnt seem to want me to buy it as it had formerly done and now says i am safe and all that jazz
  • I have also installed a cheap "i-tunes" knockoff for my brother's MP3 player named RCA easyRip, which tends to take up some space (i doubt this is a real problem but one never knows)
  • Much earlier i fell prey to using a "facebook" app ad to find a useful facebook background (that i do not recall actually working now that i think about it) brought to what i believe to be the now unsavory PageRage, since i felt the onset of a viral infection, which, if i remember correctly, was my first time i had a problem with my comp. Although i got rid of it, i sometimes think it wasnt actually gone. (It also went under the name CouchPotato in my comp, probably whoever makes it.)
  • Other installations of possibly spotty origin:
  • WhiteCap, an application for MediaPlayer that uses the sound-waves in patterns for entertainment (i doubt this is a problem, but once again i dont know)
  • Elsword, an online computer game (seriously doubt it though)
  • VideoLAN, a different mediaplayer
  • PC Friendly, a strange device i recieved in a DVD, that purported the ability to access DVD-ROM features, though it never worked for that same movie, strangely (this was a legitimate movie and not some hand-made disc from Johnny Buspass)
  • Avast Antivirus (something about the way they bother me, makes me suspicious about them)

Notably, any of these may or may not actually be problems virally speaking, but just suspicions of my paranoid mind, though i feel rather certain about some more than others, and only wish to verify that such programs are, in fact, harmless or otherwise. I appreciate any help anyone can give about these issues.

edited by Queen_Evie: this post was originally another topic about the same issue. It has been moved to this topic in order to avoid cross posting and confusion.

Edited by Queen-Evie, 31 December 2011 - 03:27 PM.


#9 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:09:07 AM

Posted 30 December 2011 - 10:38 AM

Q What Operating System are you running? WinXP, WinVista, Win7?

1) Go into Control Panel

2) Add/Remove Programs... you will see a program listing

3) Remove all TOOLBARS (yahoo, google, Target, ASK.com, WSJ.com, Time.com, )

4) Remove any program associated with ASK.com

5) Remove any GAMES that you do not play

6) Remove CouchPotato

7) Remove ANY OTHER Anti-Virus programs. LEAVE AVAST on your computer.
Having more than one anti-virus program will cause registry, system problems,
and odd/erradic behaviour.

8) Remove OLD versions of JAVA. Some PCs I have seen have had 7 versions
still loaded.

9) Remove OLD versions of ADOBE reader, shockwave, flash.

10) Remove TRIAL versions of software that you NEVER use!

11) Reboot the PC

12) Go to www.safer-networking.org and download SPYBOT. Run the installation
program and do the updates including teatimer. RUN SPYBOT and it will take
1-2 hours+ to do its work. When it prompts you to clean and fix, say YES.

13) Reboot the PC and run SPYBOT once again! Clean and fix again.

14) Reboot the PC

15) Go into Control Panel, Add/Remove Programs and remove SPYBOT

16) Do a Windows Update and if you are running WindowsXP, do not stop
until you have loaded Service Pack 3 and all its updates! ! ! Very
important because SVC Pack 1, and SVC Pack 2 let in all kinds of problems
if you are negligent in getting SVC Pack 3 loaded.

17) Go to JAVA.com and load the latest JAVA

18) Go to ADOBE.com and load the latest a.) Reader b.) Flash c.) Shockwave

Let me know how you fare. Tom

PS, Not a big fan of Chrome or Firefox. They, like an APPLE, are NOT without
their problems! ! They just show problems differently ! :dance:

IF you are STILL having these same erradic issues, your PC may need to
have a COMPLETE TUNE-UP by a reputable PC Tech (such as myself) or some
one nearby that knows what the hell they are doing. Not some Gamer or backyard
techie-mechanic that put together his own (and only his own), PC.

Trailing issues: a.) FULL TUNE-UP needed b.) Bad Hard Drive c.) RELOAD Op Sys may need to be reloaded. Files are to be backed up first, of course.

edited by Queen_Evie: this post was originally another topic about the same issue. It has been moved to this topic in order to avoid cross posting and confusion.

Edited by Queen-Evie, 31 December 2011 - 03:43 PM.

R We Good ?


#10 TommyBoat

TommyBoat

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jean Nevada
  • Local time:09:07 AM

Posted 30 December 2011 - 10:53 AM

You may have to take evasive action sooner than later...

BACKUP YOUR PHOTOS, Docs, Excel files, Outlook emails (if you use outlook)
and contact lists and anything you deem important.

Sometimes these viruses dig in deeper the more you try to oust them
from your Op Sys, and may even give you a limited number of reboots. :angry:

Get a USB flash drive, OR an external Hard Drive and back up
these files immediately. You do not need to backup Microsoft Office
or other Applications that you can download from the Web. Java, Adobe,
Itunes etc. Incidentally, if you have Itunes and use it, back up
the directory to your external HD.

Later on, we can do an Anti-Virus SCAN of your external Hard Drive
or USB flash drive because sometimes a virus will follow your backup! :crazy:

BACKUP NOW :clapping:

Edited by Queen-Evie, 31 December 2011 - 03:43 PM.
removed one comment since it is no longer relevant after merging topics

R We Good ?


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:07 AM

Posted 30 December 2011 - 11:58 AM

@MisterSinister

Hi

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.

* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply.

#12 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 31 December 2011 - 03:31 AM

I use Windows 7 because thats what came with my comp.
I have already updated both Java & Flash due to computorial problems it causes with my web-surfing, so those are not a problem.

I also run Malware-Bytes as well as Avast, is this alright?

i have most of my things already sort of backed up where i would need them, but am saving that for a last-ditch effort if all else fails.

Also, due to what may or may not be a viral problem, my computer cannot or will not connect to the internet, wirelessly or plugged-in. I do not know why, though otherwise it seems healthy.

edited by Queen_Evie: this post was originally another topic about the same issue. It has been moved to this topic in order to avoid cross posting and confusion.

Edited by Queen-Evie, 31 December 2011 - 03:42 PM.


#13 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 31 December 2011 - 03:35 AM

I would also like to exhaust any other possibilities before i wipe my entire computer save for my backups.

I also cannot download any thing to the computer until i can find my USB drive, which i have yet to open, though i know its "around here somewhere." Will, go to find it now, thank you and i appreciate the help.

Edited by Queen-Evie, 31 December 2011 - 03:42 PM.
removed one comment since it is no longer relevant after merging topics


#14 MisterSinister

MisterSinister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 01 January 2012 - 12:47 PM

Here you go, this is the requested log:


Farbar Service Scanner
Ran by Kiru (administrator) on 01-01-2012 at 12:23:19
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\windows\system32\Drivers\tdx.sys is missing.
C:\windows\system32\Drivers\tcpip.sys
[2011-11-08 20:02] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\windows\system32\dnsrslvr.dll
[2011-04-24 18:37] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-02-09 17:11] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2009-07-13 18:33] - [2009-07-13 20:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:07 AM

Posted 01 January 2012 - 12:58 PM

Launch the scanner again

Type

tdx.sys in the BOX

click on search files

Post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users