Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected


  • Please log in to reply
19 replies to this topic

#1 58Custom

58Custom

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 04 June 2012 - 11:52 PM

Windows 7 Home Premium, Emachines E725 laptop.
Several times while browsing ordinary websites I will get the sudden display of "Windows Security Warning" and the usual message of infection. When this happened I closed the message box and the tab and ran Malware bytes. Nothing has ever been found.

Tonight it happened again so I investigated a little and found this in my IE history:

inspectorrescuereliability.in
http://inspectorrescuereliability.in/78dee9e271084cb2/465/

I decided this infection was real and got started looking how to remove it. I went to the "Remove Windows Safety Wizard Removal (Uninstall Guide)" page and downloaded the Rkill iexplore.exe and updated Malwarebytes. I restarted and F8ed my way to Advanced Boot Options and selected Safe Mode with networking. It started up normally, got to the Users page, I selected the main one, typed in my password and the puter restarted. Huh. So I tried again and typed faster. The puter at first started to start up in safe mode then restarted. I tried one more time but this time when it got to the Users page I left it alone and counted. 12 seconds later it restarted by itself. So, I can not enter Safe Mode to start the eradication of the infection.

I guess that confirms that this bug is on my laptop. I started normally and ran a full scan using Malwarebytes. It found nothing. What do I do next?

BC AdBot (Login to Remove)

 


#2 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 June 2012 - 04:12 PM

What do I do to be able to boot in safe mode at this point?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 05 June 2012 - 08:00 PM

Let us see if we can get Safe mode to run.
Vista users my need to save it to the desktop first then right-click the icon and choose "Run as Administrator".

Please download and run SafeBootKeyRepair.exe.

Once it has completed, please try booting into Safe Mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 June 2012 - 10:04 PM

SafeBootKeyRepair.exe says it will only run on Windows 2000 or XP. I have Win 7.

#5 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 08:36 AM

To clarify, attempting to run SafeBootKeyRepair.exe on my Win 7 machine does not work. the program warns that it is not compatible with Win 7 and can not continue, then instructs me to press any key to close the program. Two files that appear on the desktop when I activate the program dissapear. Attempting to reboot into safe mode after attempting to run SafeBootKeyRepair.exe results in the same problem as described in my forst post.

What do I do now?

On edit: Additionally, my Emachines laptop did not come with a Win7 setup CD. It was pre-loaded. Following setup after purchase I did take the option to make a set of recovery CDs. However, I am unable (or am being prevented by the bug) to boot from the recovery CDs. I'm just trying to be as descriptive of my situation as possible.

Edited by 58Custom, 06 June 2012 - 11:54 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 06 June 2012 - 01:19 PM

I am looking for a solution,but not having much success yet.. Sorry about safe boot,,, Do not force safe mode Either,it can halt the PC. I'll be back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 01:49 PM

I guess I got a tough one! Maybe it's new? Anyways, thank you for your help. I will not be able to attempt any more tests anyways until this early evening as the laptop is at home.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,887 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:02 PM

Posted 06 June 2012 - 02:20 PM

You can try SUPERAntiSpyware Free which has a built in "Repairs" feature to fix the safeboot key, policy restrictions and certain Windows settings which are sometimes targeted by malware infection.
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • From the Main Menu, click the Repairs button at the bottom.
  • Scroll through the Repairs list and click on (highlight) "Repair broken SafeBoot key"
  • Then click the Repair Selected Item button.
  • You may be asked to reboot your computer for the changes to take effect. If not, just reboot manually.
After that try entering safe mode and let boopme know if you were successful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 07:10 PM

I downloaded SuperAntiSpyware and installed it yesterday. So I went to look in the repair menu and the option you suggested was not there. This is starting to freak me out a little. So I go to help and search on safe boot and learn about BootSafe. I DL that, install, open BootSafe.exe, from the menu select Safe Mode - Networking, click Reboot, get confirm popup, click it and the puter reboots. But not to Advanced Boot Options. It did not stop for that. I repeated using BootSafe with same result. I tried a manual F8 Safe Mode start with the same result as in my OP. I can not start in Safe Mode.

This seems to be one smart bug.

#10 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 07:35 PM

Hokey Smokes! I only just now looked at the History tab of Microsoft Security Essentials, which I run on this puter. It shows 3 quarentined exploits. I removed them.

Posted Image

Edited by 58Custom, 06 June 2012 - 07:50 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 06 June 2012 - 08:05 PM

Still looking for other Safe mode ideas..
Can you run RKILL /MBAM in normal and post that log.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 08:12 PM

Below is an MBAM log from Monday. I shall now proceed with your instructions re: ESET.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: TOM-PC [administrator]

6/4/2012 7:03:36 PM
mbam-log-2012-06-04 (19-03-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 551306
Time elapsed: 2 hour(s), 27 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 06 June 2012 - 10:15 PM

Mid-scan update.
This scan is slow. After two hours it's about 25% done. But it just alerted that it has found java/exploit.cve-2012-0507.ah.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 07 June 2012 - 01:48 PM

Ok See if MSE is clean now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 58Custom

58Custom
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 07 June 2012 - 07:27 PM

ESET finished and removed the bug. Stupidly I did not secure the log before clicking finish.

I rebooted but was once again prevented from starting in Safe Mode. I am running MSE now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users