Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple problems after removing malware


  • Please log in to reply
8 replies to this topic

#1 ckk650

ckk650

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 04 January 2012 - 03:11 AM

Hi All,

First off, I want to thank you for providing and staffing this forum, it's a great resource.

Here's the situation:

I was recently infected with the "security 2011" malware, and I had a heck of a time removing it. malware bytes didn't help, neither did tdskiller.

I finally ran combofix 2 times in safe mode, and the malware seems to be gone (no more browser redirects at least).

Unfortunately, after running all of those tools, I now have a couple of problems. Possibly caused by combofix?

1. Windows update fails. When I try to download/install any of the 5 updates currently available, it tries for a while, then comes up with a failure. The error code (80096001) doesn't result in any useful information online. MS Fixit doesn't help

2. After I boot, usually when I start IE or Chrome, the Mcafee host service is killed by Data Execution Prevention. uninstalling and reinstalling doesn't help. This is the error message when the service dies:
Problem Event Name: BEX
Application Name: McSvHost.exe
Application Version: 1.5.109.0
Application Timestamp: 4b97baa6
Fault Module Name: naiann.dll_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4bbe4256
Exception Offset: 65c1f240
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 8d99
Additional Information 2: fa6696398de2b9f98383d7a3bf5c3ea1
Additional Information 3: 453d
Additional Information 3: 453d

3. Possibly related, I can't seem to "activate" Mcafee. When I click the activate button, a window pops up then dies right away.

I have the logs from TDSkiller, both runs of Combofix, and probably malware bytes. If someone can help, please let me know what to upload, and in what order.

Thanks a lot in advance!
--Carey

BC AdBot (Login to Remove)

 


#2 ejvariety

ejvariety

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 04 January 2012 - 01:40 PM

Buy a copy of Vipre anti virus. It is the best and they will fix problems like yours for free.

#3 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:36 PM

Posted 04 January 2012 - 03:26 PM

Please save your money, there are plenty of free alternatives.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#4 Jardon Tech Training

Jardon Tech Training

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:36 AM

Posted 05 January 2012 - 12:18 AM

Please save your money, there are plenty of free alternatives.


Agreed. There are plenty out there. Give Malwarebytes and SuperAntispyware a go. There are paid versions of these applications but the free ones will be fine to remove your nasties.

#5 ckk650

ckk650
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 05 January 2012 - 02:32 AM


Please save your money, there are plenty of free alternatives.


Agreed. There are plenty out there. Give Malwarebytes and SuperAntispyware a go. There are paid versions of these applications but the free ones will be fine to remove your nasties.


Hi all,

Thanks for the replies. I have a paid subscription to Mcafee, and I have done a full scan with both that and Malwarebytes (not to mention combofix and TDSKiller). All currently show the system as clean.

As I mentioned in my original post, I believe it was something done during combofix that has stopped windows update from working. Possibly some file was replaced, or something changed in the registry?

Thanks for any help,
--Carey

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:36 PM

Posted 05 January 2012 - 10:24 AM

Since you ran ComboFix without supervision...I suggest posting your CF log, along with the requested logs...following the directions reflected at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .

Please follow the instructions...totally, as they are provided. Note that the forum the logs will be posted in...is not this forum.

Louis

#7 ckk650

ckk650
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 09 January 2012 - 10:02 PM

Thanks Louis,

I will open a post in the malware forum when I have some time, and see if someone can help me even though I ran combofix on my own. To tell you the truth, I followed all of the steps in the instructions w/o creating my own malware post. I then ran combofix on my own after reading three or 4 posts with very similar symptoms, where the solution was to run combofix... Didn't want to bother the forum if the problem had already been covered. Possibly a bad idea in hindsight :-)

--C

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:36 PM

Posted 10 January 2012 - 07:26 AM

<<To tell you the truth, I followed all of the steps in the instructions...>>

Well...you overlooked/ignored an important part of the tutorial at http://www.bleepingcomputer.com/combofix/how-to-use-combofix :

"You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer."

That statement is part of the tutorial for very good reasons.

As for following in the path of other users/members...I always remember that each of us has a different experience/knowledge level...than everyone else. Example: I have formal training as an accountant, so I know (somewhat) how to analyze/interpret financial statements, even though the language is often phrased to be uninformative, rather than informative. The average person looking at a typical financial statement has no clue as to how to interpret the words and numbers it reflects :).

On a computer level...I have literally nothing to depend upon other than my brain, my experiences, and what I can read/interpret on the Web. I try not to venture into areas (like malware or hardware) where I have little understanding and/or experience and may not understand much of what is readily available on the Web.

I believe in the proper tool...for the proper job...I rely heavily on the knowledge of the members and BC Staff...to help me to be able to assist others...or myself :).

Louis

#9 dif

dif

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 12 January 2012 - 10:50 AM

I often see computers that won't do a windows update for one reason or another.

There is a Microsoft Fix it that usually fixes it.

http://support.microsoft.com/kb/943144




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users