Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Services Not Functioning Correctly After Trojan Removal


  • This topic is locked This topic is locked
24 replies to this topic

#16 D-Drop

D-Drop
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 18 May 2013 - 11:49 PM

Still getting an error "Windows Resource Protection could not perform the requested operation" during verification. Stops at 58% each time during verification.

Should I proceed with the remaining steps?

BC AdBot (Login to Remove)

 


#17 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 19 May 2013 - 12:07 AM

It's my bed time here so I'll check on you tomorrow morning.

What does exactly happen?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#18 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 19 May 2013 - 12:10 AM

Still getting an error "Windows Resource Protection could not perform the requested operation" during verification

Are you running the tool as administrator?

 

 

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".

 


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#19 D-Drop

D-Drop
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 May 2013 - 12:14 AM

Here too no rush! Appreciate all the help today!

Yeah made sure that I did run as admin by right clicking. It seems to error out and references an "echo" folder on my desktop but I have no such folder. I'll try to get a screen capture of the exact message tomorrow after work.

Thanks again.

#20 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 19 May 2013 - 01:29 PM

Skip that step for now and we'll see what the final outcome is.

There is definitely some issue with system files.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#21 D-Drop

D-Drop
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 May 2013 - 10:57 PM

The log from Step 4 has so far cleared out the errors about missing files and the Antivirus firewall has yet to shut itself off again.

 

Here's the details

 

   Running Repair Under System Account
Starting Repairs...
   Start (19/05/2013 8:44:44 PM)

Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (19/05/2013 8:44:44 PM)
   Running Repair Under Current User Account
   Done (19/05/2013 8:44:51 PM)

Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (19/05/2013 8:44:51 PM)
   Running Repair Under System Account
   Done (19/05/2013 8:46:12 PM)

Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (19/05/2013 8:46:12 PM)
   Running Repair Under System Account
   Done (19/05/2013 8:46:56 PM)

Register System Files
   Start (19/05/2013 8:46:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:47:19 PM)

Repair WMI
   Start (19/05/2013 8:47:19 PM)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (19/05/2013 8:48:43 PM)

Repair Windows Firewall
   Start (19/05/2013 8:48:43 PM)
   Running Repair Under Current User Account
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

   Running Repair Under System Account
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

   Done (19/05/2013 8:48:48 PM)

Repair Internet Explorer
   Start (19/05/2013 8:48:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:49:09 PM)

Repair MDAC/MS Jet
   Start (19/05/2013 8:49:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:49:18 PM)

Repair Hosts File
   Start (19/05/2013 8:49:18 PM)
   Running Repair Under System Account
   Done (19/05/2013 8:49:21 PM)

Remove Policies Set By Infections
   Start (19/05/2013 8:49:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:49:25 PM)

Repair Icons
   Start (19/05/2013 8:49:25 PM)
   Running Repair Under System Account
Could Not Find C:\Users\DJ\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\DJ\AppData\Local\IconCache.db
   Done (19/05/2013 8:49:28 PM)

Repair Winsock & DNS Cache
   Start (19/05/2013 8:49:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:49:43 PM)

Repair Proxy Settings
   Start (19/05/2013 8:49:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:49:48 PM)

Repair Windows Updates
   Start (19/05/2013 8:49:48 PM)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (19/05/2013 8:50:05 PM)

Repair CD/DVD Missing/Not Working
   Start (19/05/2013 8:50:05 PM)
   Done (19/05/2013 8:50:05 PM)

Repair Volume Shadow Copy Service
   Start (19/05/2013 8:50:05 PM)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (19/05/2013 8:50:10 PM)

Repair MSI (Windows Installer)
   Start (19/05/2013 8:50:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:19 PM)

Repair bat Association
   Start (19/05/2013 8:50:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:23 PM)

Repair cmd Association
   Start (19/05/2013 8:50:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:28 PM)

Repair com Association
   Start (19/05/2013 8:50:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:33 PM)

Repair Directory Association
   Start (19/05/2013 8:50:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:37 PM)

Repair Drive Association
   Start (19/05/2013 8:50:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:42 PM)

Repair exe Association
   Start (19/05/2013 8:50:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:47 PM)

Repair Folder Association
   Start (19/05/2013 8:50:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:52 PM)

Repair inf Association
   Start (19/05/2013 8:50:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:50:56 PM)

Repair lnk (Shortcuts) Association
   Start (19/05/2013 8:50:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:01 PM)

Repair msc Association
   Start (19/05/2013 8:51:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:06 PM)

Repair reg Association
   Start (19/05/2013 8:51:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:11 PM)

Repair scr Association
   Start (19/05/2013 8:51:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:15 PM)

Repair Windows Safe Mode
   Start (19/05/2013 8:51:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:20 PM)

Repair Print Spooler
   Start (19/05/2013 8:51:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:33 PM)

Restore Important Windows Services
   Start (19/05/2013 8:51:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:38 PM)

Set Windows Services To Default Startup
   Start (19/05/2013 8:51:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/05/2013 8:51:43 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (19/05/2013 8:51:43 PM)
   Total Repair Time: 00:06:59

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account



#22 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 19 May 2013 - 11:09 PM

OK, we're dealing here with brand new type of an infection I wasn't aware of when we started this topic.

Here is the indication from FSS log:

 

[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

 

You'll have to get elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#23 D-Drop

D-Drop
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 May 2013 - 11:17 PM

Thanks again for all the help! I'll work my way through the additional steps there.

#24 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 19 May 2013 - 11:18 PM

thumbsup-thumbs-up-approve-ok-smiley-emo

 

You can include a link to this topic.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#25 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:53 AM

Posted 20 May 2013 - 10:31 PM

New topic in Malware Removal Logs. http://www.bleepingcomputer.com/forums/t/495271/infected-windows-defender-mpsvcdll-file/

This one is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users