Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with DOS/Ronvix.W It won't go away


  • Please log in to reply
7 replies to this topic

#1 richez2000

richez2000

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 31 March 2014 - 07:34 AM

My PC is infected with the above virus.  MSE identifies it but won't cure the issue.  I also used defender offline, but that didn't help.  My lreports are below and attached.  Thank you!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2010 1:20:30 PM
System Uptime: 3/30/2014 10:16:35 PM (9 hours ago)
.
Motherboard: Gateway |  | WG43M
Processor: Pentium® Dual-Core  CPU      E5500  @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 616.33 GiB free.
D: is CDROM (CDFS)
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&24B7B7D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP703: 3/19/2014 10:20:21 PM - Windows Update
RP704: 3/22/2014 3:00:40 AM - Windows Update
RP705: 3/22/2014 9:37:11 AM - Windows Update
RP706: 3/22/2014 9:41:27 AM - Installed Microsoft Fix it 50123
RP707: 3/22/2014 9:57:23 AM - Installed HiJackThis
RP708: 3/22/2014 10:03:09 AM - Windows Update
RP709: 3/22/2014 10:18:29 AM - Windows Update
RP710: 3/23/2014 3:00:36 AM - Windows Update
RP711: 3/24/2014 3:00:33 AM - Windows Update
RP712: 3/24/2014 9:20:26 PM - Windows Update
RP713: 3/26/2014 3:00:37 AM - Windows Update
RP714: 3/27/2014 3:00:35 AM - Windows Update
RP715: 3/28/2014 3:00:34 AM - Windows Update
RP716: 3/29/2014 3:00:31 AM - Windows Update
RP717: 3/30/2014 3:00:48 AM - Windows Update
RP718: 3/31/2014 3:00:35 AM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 PM

Posted 03 April 2014 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 richez2000

richez2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 03 April 2014 - 11:40 AM

I completed the Malware step and restarted my computer. It restarted with a message about repairing. I don't recall exactly what it said because it started while I was still reading it. There appears to be some kind if startup repair running. I know have a window onscreen indicating that Startup Repair cannot repair this computer automatically. I honestly believe I followed the above steps including restart. Please help.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 PM

Posted 03 April 2014 - 01:25 PM

Can you run the Farbar Recovery tools I suggested last in my first post.

Post the logs if you can.

#5 richez2000

richez2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 03 April 2014 - 01:58 PM

I can run anything. Once I ran MBAM and quarantined the 2 items, it had me restart my computer. When I restarted my computer, it brought up DOS looking screen that says Windows Error Recovery in a grey bar at the top. I can choose to Start Windows Normally (which brings me right back to the Windows Error Recovery screen. Or I can choose to Launch Startup Repair (which tells me that it cannot be repaired and forces me to shutdown my PC. Am I hosed?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 PM

Posted 04 April 2014 - 06:50 AM

You may be able to get out of the loop with these instructions.
You will need the Windows Installation disk or the startup disk that you have created when you first used your computer.

What are the system recovery options in Windows 7?
http://windows.microsoft.com/en-IN/windows7/What-are-the-system-recovery-options-in-Windows-7

Create a system repair disk.
http://windows.microsoft.com/en-in/windows7/create-a-system-repair-disc

Keep me posted.

#7 richez2000

richez2000
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 04 April 2014 - 07:15 AM

I think the pc is toast. I tried to run System Repair several times, each time was told it could not be repaired. Then I tried to run my system restore disks from CD drive. It appeared very promising and completed but also did not work.

I'm glad I backed all my data up. Is there any point in trying to salvage the hard drive? If the virus is still there I won't touch it.

I plan to find the lowest cost tower this weekend. It was a good 4 years....

Please share your thoughts and I appreciate your help.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 PM

Posted 04 April 2014 - 07:33 AM

It may not be a virus infection but a Hardware problem.

Start a new topic here and see if someone can help you find out.
Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users