Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fell victim to "microsoft" scam and now system is infected and AVG can't cure


  • Please log in to reply
10 replies to this topic

#1 avatrx

avatrx

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 26 January 2014 - 08:50 AM

Windows XP pro.  SP3 Gigabyte Motherboard. 32 bit system.  500 GB drive
 
got call from "Microsoft" saying errors had been sent and they could tell me how to fix. them.  Yes, I had errors sent resulting from multiple tries of migrating 500GB drive to 1TB drive.  several unsuccessful attempts.
 
When I realized this MS call was a scam and they were IN my sytem - I disconnected from the net.  tried to find the logmein software and remove it.  couldn't find it.
 
I'm still not sure which drive they accessed because I had so many issues with my cloned drive not showing up properly.  Had multiple drives running.
 
cleaned and defragged with Glary utlities (big mistake) 
shut down system and tried to reboot with no luck'
 
couldn't use XP disk to repair.  would get to 'starting windows' and would get blue screen.
 
took out all drives except the original.
 
 dug out the motherboard install disk.  used that.  got system to boot into windows. no internet connection but did have AVG Pro trial installed.  Did a scan and found 28 items but said can't remove them.  IRC Hook was the one that showed the most.
 
I'm unable to copy files from that system to a floppy or CD.  I did a screen shot and could send that if it would help.  I can open desktop files but can't move them or 'send' them to USB drive
 
seems that the virus disabled all the normal services.  keep getting error messages that the configuration is corrupted causing me to not be able to do much of anything.
 
the issues seem to be in my Network.  Ran ESET and it found the same issues in every computer so far.  Not the IRC hook - but others.  I'm running that on this system at this writing.
 
not sure where to go from here.
 
been getting help from the TEch Support site.  Great people.  saw references to you on there so I came here.  I did run hijack but didn't include per the instructions on using this site.  I will try to get more info from the other system.  just not quite sure how as of this moment.
 
thank you in advance

Edited by Queen-Evie, 26 January 2014 - 09:45 AM.
moved from XP


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 27 January 2014 - 05:40 AM

(been getting help from the TEch Support site.  Great people.)

 

Hello avatrx -

Please tell us only when you have Fully finished with the other support people, and yes they are good.

Note that we do not help you while you are getting help at other places.

We would also like you to leave a link to the topic there when you are finished.

The advice may clash, with 2 versions of opinions from each site -

 

Thank You -



#3 avatrx

avatrx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 27 January 2014 - 07:00 AM

I haven't been able to connect with anyone at that site (so far) that can help me.  I'll give it until noon today and if nothing by then,  I'll close that issue over there and post here for help.  I know all of you are voluteers and I realize I'm not the only one with issues.  I just know my computer is necessary to run what's left of our small business (outsourced jobs) and i can't afford a new one right now...

 

thank you.

 

I'm unable to run anything from that system.  I can't get any of the available rescue disks to run.  system always defaults to the hard drive even though I have removed that as an option in the bios.

 

can't reinstall windows.

can't repair windows

tried several different hard drive available to me.

beginning to think the motherboard is trashed if that's possible to do with a virus?

 

I believe this is in my network and need to find out from someone how to prevent more damage from the other systems on the home network........

 

I've run virus software on all the other systems and altough it did find and remove stuff, I'm afraid to shut the systems down fearing a reboot will make it worse.  seems like virus software only finds some, so I've been trying to run a variety of them.

 

I've never needed to password my network.  I guess I'll have to do that now but don't know how.

I'll probably have to call my ISP.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 27 January 2014 - 03:40 PM

OK -

If you have no other reply, close that topic and mention that you are being helped here.

Note this is only a preliminary area, and many major tools are not used here, but your reply is quicker -

 

 

Try and start with these basic links. If they will not direct load to your system, try to transfer them with a clean USB Flash Drive.

Please run the scans in the order that they are given.

XP users should double click on programs, Vista / Windows 7/8 should Right click and select Run as administrator.

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please Copy and Paste the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. RKill.txt log will also be present on your desktop.

 

Next -

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Untick any items you wish to keep, or submit the R0.txt if you are not sure of anything.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

If you had Malwarebytes installed please try to use this MBAM Chameleon Link
The new link may work even if you did not have it installed.

 

 

Next -

Run ESETOnlineScanner Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2

Please read How To Temporarily Disable Your Anti-virus
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.

3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on esetsmartinstaller_enu  to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on esetsmartinstaller_enu on your desktop.

4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time. 2 hours or so is not unusual for a first scan
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

Note: No log is produced or expected here,

 

I would ask you to contact your ISP for their ideas also, as it may be their problem.

Do you have access to another computer / laptop, just to check your Internet connection ??

NOTE :Use Ethernet cable from the router, do not rely on Wireless at this time -

 

Thank You -


Edited by noknojon, 27 January 2014 - 03:47 PM.


#5 avatrx

avatrx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 27 January 2014 - 05:19 PM

thank you.  I contacted my ISP.  He gave me some suggestions.  The hard drive that was hit the worst I had to take out of the system.  I was able to load another one.  I just finished running Malware Bytes - now am running ESET.  Once that drive is clean I plan to use my USB hookup to connect my damaged system to that clean one and then run Malware and ESET again.  I'll also run what you suggested. 

 

I've run Malware Bytes on all my sytems and they all have tons of issues.  I"m addressing these as best I can.  I think it got into my network.

 

My ISP assured me that as long as I cable the bad drive to the good one using the USB method - it won't affect the drive that is hardwired in.  It will look at it as external storage and I should be able to run a scan on it. 

 

wish me luck,  this may take some time.

-susie

 

where should I post that I'm being helped?  the post on this site or on the other one 'Tech Support'?  or both?  I'm happy to oblige.  just let me know what to do.

 

thank you again.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 27 January 2014 - 06:00 PM

Hi -

where should I post that I'm being helped? <= That was to the other site so they will close your topic.

 

I have this on my watch, so I will be notified of any post.

Its 40C again today, so I will only check about once per hour.

If you get "stuck" try for Safe Mode, or Safe Mode with Networking.

 

When you get a "semi stable" hard drive, run a  disk check.

 

Also you mentioned Logmein. Often these scammers use iYogi or AMMY programs.

Check for those 2 listed programs also, and uninstall them.

 

Run a Disk Check on your C: (main) drive in Windows XP:

• Click Start and open My Computer

Right-click on C: (or your main hard drive) and select Properties

• Click on the Tools tab

• Under Error-checking click the Check Now... button

• Mark the 3 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors

• Click on the Start button

• When the message box pops up, click the Schedule disk check button and Restart your computer

• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.

It will look like Safe Mode, but this is required to keep you out while it scans and attempts repairs.
DO NOT force a reboot once started as you will lose data and may damage the computer

NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

Good luck -



#7 avatrx

avatrx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 27 January 2014 - 06:36 PM

thank you.  I had to check the temp.  you said 40C?  It's currently -10F here and supposed to get to almost 35 below zero with the wind chill.  tomorrow?  colder than today.

 

I hooked up an older 100gb drive that I was able to get working.  scanned that one to make sure it was clean and will hook up the damaged one and scan that with malware / virus software.  once I do that I'll report back.

 

I'm familiar with the chkdsk /f.  I had wanted to do that but couldn't get access to the drive.

 

I had download the AdwCleaner software and run it on all my working systems.  I"ll have to admit - when it said it had to shut down I feared I was toast, but it did a good job of getting TONS of stuff off and did help.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 27 January 2014 - 06:51 PM

 you said 40C? <= Yes it has been a touch hot this summer :rolleyes:

We did hit 46C about 2 weeks back, and no air-con.

 

Any of those logs that you get, you can Copy and Paste them back here so I can review them.

 

Thanks -



#9 avatrx

avatrx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 28 January 2014 - 12:43 PM

This is getter stranger by the minute.  Here is where I am so far:

 

scanned my system again last night with the damaged hard drive connected with usb cable.  I believe it should have shown up as a storage device, but instead it showed up as a standard 2nd drive.
system results this morning?  nothing found.

that did NOT seem right to me so I opted to format the drive completely so I could have a clean drive to start with.  It took 2 hours.  initiated the format from disk management.
when the format reached 100% I got an error message that the disk could not format successfully.
I then disconnected it from the main computer and rebooted.

at that point - once again - can't get in the main computer that HAD been working OK since it was a disk I pulled from my stash and hadn't been in the system.

tried running a rescue CD

in the bios I set all boot up sequences to boot from CD but it still bypassed the CD and went straight to the hard drive.
It did start up windows, but wouldn't let me do anything.  couldn't open malware - couldn't open adware
changed back to 'boot from floppy' which it did.

had to start with a msdos floppy which initially wouldn't work.  it seems that the section in the bios that HAD been set to recognize USB keyboards and mice had been disabled.  I DID not change that setting.  It got changed somehow.  
I changed it back and was able to get into a Dos prompt but couldn't go any further.

Something is planted somewhere that gets into everything.  The only solution I personally can think of it to get a set of virus rescue disks which will boot from A: I have hunted around the net and can't find any available that I can afford.  I"m sure there must be some freeware out there, but I can't find it.

On the system restore setting?  I believe I should have set it or backed it up when it seemed to be working OK, but then shut it off.  perhaps it is restoring the corrupted files.

this is what I think I need (and I don't claim to know much)
a boot floppy that contains the format command to format the 1TB drive from scratch.  I will put it in the system as the only drive and format it from A.
the chkdsk /f command
a path to the C: drive without having to go thru the Windows command prompt. I know there is a way, but I don't remember how to do it.

When I booted with my dos disk - it would not recognize my C: drive.

I also need a set of rescue disks which work from a floppy drive.  it seems that any other means seem to get corrupted.  my usb drives don't have write protects on them.

I realize a set of floppies may be quite a few, but I'm at a loss.  It's been a long time since I worked with DOS.  I remember how to change directories, remove directories, type out the contents of a file etc, but a lot of the other stuff I"ve forgotten how to do.

Is there a way to set windows back to default settings without reinstalling.  Is there a good way to backup the contents on that drive without backing up the virus with them in the event I have to reinstall windows.?

I looked thru the services area and found some things that didn't look right to me.  again - I don't claim to know too much, but a user account that I've never set up that has a bunch of digits as opposed to names seemed strange so I deleted them.  I really don't know how to decipher all of the info in the 'administrator tools' section under services.  I know just enough to really goof myself up.
 

on the reinstall windows topic?  It won't let me do that either.  I have to somehow get a full / clean format of that drive first.

11:43am  CST - USA

 



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 28 January 2014 - 03:53 PM

a path to the C: drive without having to go thru the Windows command prompt. I know there is a way, but I don't remember how to do it.

This is starting to get too teccy for my basic Repair / Reinstall history, so all I can offer is the Experts area, and their main area of expertise is Malware removal, with a bit of other stuff along the way ......

 

 

A clean install basically consists of booting from the original XP CD, deleting all partitions, recreating new partitions, and then installing Windows XP from CD.

It’s a fairly straight-forward process and you can read this tutorial from The Elder Geek for step by step instructions. Again, it’s important to note that you will lose all your data in this process.

Or you try a Repair Install only This one is from Tech Tips, but is the basic format.

 

If nothing here helps you, tell me and I will leave directions for the other area (but you may wait 3 days for a reply) -

 

Thanks -



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 28 January 2014 - 04:19 PM

Beyond the above, I have searched and used => Full / clean format of XP drive as my guide.

 

How To Format C - PC Support Very good basic instructions.
How To Wipe a Hard Drive but again there are bits that do remain
Windows XP Clean Installation - Partitioning and Formatting by windowsxp.mvps and this has other offshoots.

 

All other guides are repeats or offshoots from these few topics.

 

The real technical side of things is not even explained by any M/soft articles that I found.

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users