Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Scan Virus


  • This topic is locked This topic is locked
75 replies to this topic

#1 shoupdawg

shoupdawg

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 February 2012 - 01:28 AM

Hello,

My original post (http://www.bleepingcomputer.com/forums/topic439053.html/page__p__2563226#entry2563226) was closed and since it's been past 5 days after which time I was supposed to pm a Mod, I've decided to re-post with some additional info. I never received notification via e-mail, so I'll just check this post every day or so.

*********************************************************************original post from jan 19th with some updates*********************

Hello,

I attempted to follow these steps: http://www.bleepingcomputer.com/forums/topic34773.html

1.) Can't download any of those so was unable to back up data.
2.) It is malware...I got the virus as evidenced by what I've read online.
3.) I've created a free account...thank you!
4.) Did that.
5.) Windows 7 Firewall is on.
6.) Unable to download defogger.
7.) Unable to download DDS.
8.) Unable to download GMER.

I'm really sorry I can't download any of these.

I've tried in safe mode with networking and unfortunately I can't get to a browser. The browsers won't respond when I try to launch them. I was able to successfully download unhide.exe and run it and it showed my desktop and a few other things but after that, I'm stuck. I was also able to download tdsskiller on my desktop, but I am unable to launch the .exe. I am unable to launch many applications such as internet explorer, malware, avast, etc. The way I'm able to get online is by clicking on my Sony VAIO Care icon which has a link to a software download that launches IE.

I've tried all the steps here listed under FAQ - Malwarebytes' Anti-Malware won't run or failed to resolve my issues.

None worked. There are few that allow me to launch mbam.exe but once I click yes to allow it to make changes to my computer, it just disappears and nothing happens.

At the bottom of that Malwarebytes FAQ, I attempted to follow the steps listed under I'm infected - What do I do now?


Unfortunately no dice as it appears I can't download anything due to this virus.

I was able to download malwarebytes onto a jump drive, but even with running it as administrator, I am unable to get malwarebytes to launch either in standard or safe mode or safe mode with networking.

***********************************updates*******************************

Still can't run apps. I tried to do system restore and got an error (0x800700b7) and while I can see my desktop background (whereas before it was just black) I still can't open .exe's.

I cannot post a dds or gmer log as the virus won't allow me to download these DDS or GMER.

I have Windows 7 version 6.1. I tried to see if it was 64 or 32 bit but when I try to click on Properties under computer, it also will not open.

Unfortunately, the laptop didn't come with any disks at all!

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 06 February 2012 - 07:35 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 February 2012 - 11:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. no worries, thanks for helping!Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.

I cannot post a dds or gmer log as the virus won't allow me to download these DDS or GMER.

I have Windows 7 version 6.1. I tried to see if it was 64 or 32 bit but when I try to click on Properties under computer, it also will not open.

Unfortunately, the laptop didn't come with any disks at all and was pre-loaded with Windows 7!



Please include a clear description of the problems you're having, along with any steps you may have performed so far. I can't run executables and most applications such as word, my blu ray player, windows media, etc. as a result, i also can't run malwarebytes and other antivirus programs. i also can't download most things or when i can download them, they won't open even when i click on "run as administrator".

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.will do

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

i was able to successfully download this .exe to my desktop, but it won't run/launch even when i right click and run as administrator.[/b]

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine. done

[b]After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


regards myrti


Edited by shoupdawg, 06 February 2012 - 11:20 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 07 February 2012 - 08:06 AM

Hi,

it seems you only quoted my post without a word of your own.. Could you please try again?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 07 February 2012 - 11:28 AM

Hi,

it seems you only quoted my post without a word of your own.. Could you please try again?

regards myrti


Hi Myrti - Sorry, I put it in bold, italics right after where you asked the questions. I'll just cut and paste my responses here:

I cannot post a dds or gmer log as the virus won't allow me to download these DDS or GMER.

I have Windows 7 version 6.1. I tried to see if it was 64 or 32 bit but when I try to click on Properties under computer, it also will not open.

Unfortunately, the laptop didn't come with any disks at all and was pre-loaded with Windows 7!

I can't run executables and most applications such as word, my blu ray player, windows media, etc. as a result, i also can't run malwarebytes and other antivirus programs. i also can't download most things or when i can download them, they won't open even when i click on "run as administrator".

I was able to successfully download this OTL.exe to my desktop, but it won't run/launch even when i right click and run as administrator.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 07 February 2012 - 11:43 AM

Hi,

now I see. I missed that and thought it was an unchanged quote.

What happens when you try to launch an application? Do you get an error message or does just nothing happen at all?

Since you were able to save OTL, could you try running it from safe mode?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 09 February 2012 - 12:47 AM

Been busy at work traveling. Will do hopefully on Thursday night!

#8 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 09 February 2012 - 10:47 PM

Hi,

now I see. I missed that and thought it was an unchanged quote.

What happens when you try to launch an application? Do you get an error message or does just nothing happen at all?

Since you were able to save OTL, could you try running it from safe mode?

regards myrti


Hi Myrti,

Until today, I've been able to log into safe mode. Tonight I tried to log into safe mode with networking and the system hangs at the "Loading Windows Files" screen with the top entry being, "Loaded: \Winddows\system32\drivers\fltmgr.sys" and the bottom the same exact thing with the last backslash having this after it: "CLASSPNP.sys".

I hard rebooted (hold down the power button till off)...waited about 20-30 seconds and tried again with the same results.

I hard rebooted again and tried just normal safe mode and that resulted in the same thing.

I hard rebooted (without hitting F8) to get into safemode and now a "Checking file system on C:" is running. Looks like a window checkdisk. I did this the other night before I posted here, and it ran for a few hours, so I will need to let it run tonight and see if I can #1 reboot normally and then secondly reboot in any safemode version.

I will check to see if I can run OTL.exe in safemode but I've had no success with running things in safemode either, but I will try any way!

As far as what happens when I open apps it varies:

*When I try to open ms excel it gives me an error message...i can't remember it now but can give it to you once i can get onto my laptop.
*When I right click on certain apps (like OTL) and malwarebytes and choose to run as admin, it pops up a message asking me if i want to and i say yes. the pop up disappears and my mouse pointer turns into a circle where a light moves around it (as if to indicate it's thinking) and that lasts a second or 2 and then it disappears and nothing else on the screen as if i never tried to run it at all.

By the way, I'm posting on a separate laptop.



Thanks for the patience.

Edited by shoupdawg, 09 February 2012 - 10:49 PM.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 10 February 2012 - 05:46 AM

H,

if you can't get OTL to run, I would like you to try running this tool before launching OTL:

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Afterwards try running OTL again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 12 February 2012 - 10:32 PM

Hi - I was able to download Rkill using the second link, onto my desktop. However, when I double click on it, a pop-up asks me if I want to allow the following unknown program to make changes to my computer, so I click on yes. The pop up disappears, and nothing happens.

#11 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 12 February 2012 - 10:42 PM

Just finished trying it in safemode with networking and neither OTL nor RKill launched.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 13 February 2012 - 04:58 PM

Hi,

ok, two more things we can try from within your OS, if that doesn't help I'll ask you to make a bootable flash drive and we'll try to battle the infection from there.

Let me know if you can run either of these tools successfully:
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Or:
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 13 February 2012 - 09:54 PM

Well exeHelper flashed a small black window for about half a second and disappeared. No fix nor .txt file. When I ran it in safemode, a black window pop up but did nothing for about 10 seconds at which time, it too disappeared with no .txt file.

RogueKiller did not launch either in normal nor safe mode. I used run as admin as I have windows 7 but no luck.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:46 PM

Posted 14 February 2012 - 07:46 AM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbrbackup.zip bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbrbackup.zip
  • Remove the USB drive and insert back in your working computer and navigate to report.txt and mbrbackup.zip and attach them to your next reply.

    Please note - all text entries are case sensitive
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 shoupdawg

shoupdawg
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 15 February 2012 - 01:10 AM

I have a 512MB usb drive. I am looking to borrow my friend's laptop tomorrow. My other laptop that is a work laptop and our security does not allow us to use usb drives.

Thanks for the patience!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users