Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My mother's virus


  • Please log in to reply
16 replies to this topic

#1 PlaxicoCal

PlaxicoCal

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 02:25 PM

Hey, My mother, being the tech savvy person she is, has contracted what I believe to be a nasty virus. Any help with removal would just be grand.


Edited by hamluis, 09 August 2014 - 02:25 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 09 August 2014 - 02:39 PM

Please run the following scans.

Please run the ESET OnlineScan

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 02:52 PM

The problem with this is that no programs can open. I started up in safe mode to try to run Microsoft Security Essentials and most programs, when attempting to open, will instead open some sort of text file without any usable information in it. Is there a way to do this from an eternal HDD?


Edited by PlaxicoCal, 09 August 2014 - 02:55 PM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 09 August 2014 - 02:58 PM

The Eset is a online scan.  If you can boot into Safe Mode with Networking you may be able to run the scan.  If you use Internet Explorer you won't need to download the installer tool required if you use another browser.

 

Are you able to make downloads?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Uselesslight

Uselesslight

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:07:38 PM

Posted 09 August 2014 - 03:05 PM

Sounds like file associations might be broken..  I can`t say more.



#6 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 03:10 PM

I tried Safe Mode with Networking and the same text document came up in all browsers.



#7 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 03:18 PM

I tried Safe Mode with Networking and the same text document came up in all browsers



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 09 August 2014 - 03:31 PM

If you have another computer download RKill.  Open download and right click on RKill and send it to a flash drive.

 

You should be able to install it on you other computer.

 

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 03:43 PM

I ran rkill and it said it did not find any malware. When it checked Windows Service Integrity, COM+ Event system, Security Center, and Windows Update were not running. Other than that, it said things such as "No malware found" and "No issues found"



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 09 August 2014 - 04:05 PM

Remember the scan I asked you to run?

 

Remember where in the RKill instructions there is a sections in red which suggests that this is the time to run your security scans?  That is what you should have done.  If you have restarted the computer RKill will no longer be active.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 09 August 2014 - 04:18 PM

I have ran it and the text file still shows instead of the program. Should I still be in safe mode, or will that effect rkill's process?



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 10 August 2014 - 11:02 AM

If you can boot into Windows normally, yes, run the RKill in normal mode.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 PlaxicoCal

PlaxicoCal
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 August 2014 - 02:06 PM

I get the same result in normal Windows



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:38 PM

Posted 11 August 2014 - 10:07 AM

Let's try this from a different angle.  Let's do a Repair Installation.

 

Instructions for a Windows 7 Repair installation.
 
A Windows 7 Repair Installation will require a installation disc.
 
If you do not have a Windows 7 installation disc you can download a free legal ISO image of Windows 7 SP1 at  Windows 7 Forums.  You will need to download the same version of Windows 7 that you have installed,  This image is hosted by the Digital River store which is an official distribution partner of Microsoft.  This is a genuine untouched image which is safe to download. 
 
Attention:  If you do have a Windows installation disc, skip Part A and go to Part B, Step 1b.
 
Part A, Steps 1a - 6a
 
How to burn ISO image using Windows Burn Disk Image.
 
Notice:  This applies only to Windows 7 and Windows 8, earlier versions do not have this.
 
1.  Place a blank CD or DVD in the tray of your optical drive and close the tray.
 
2.  After you have downloaded the ISO image you want to burn right click on the Start orb, then choose Windows Explorer.
 
3.  When Explorer opens click on Downloads in the left pane.  Scroll down till you find the ISO file you want and double click on it.  Click on Burn Disk Image.
 
4.  In the image below you will see Dick] burner:, this should be set to the optical drive you want to use.  Click on Verify disc after burning if you want to Windows to verity the disc image after burn.  Click on burn.
 
burndiskimage1_zpsb502b181.png
 
5.  In the image below you can see that the green progress bar, when the image is finished burning the bar will be filled.
 
burndiskimage2_zps17a9d6ff.png
 
6.  After the image has completed being burned click on Close
 
Please note:  In order to boot from this DVD you may need to change the boot order in the BIOS so that the CD/DVD-ROM is the first device in the boot order, and the hdd is the second device.
 
 
Part B, Steps 1b - 10b
 
1b)  Place the installation disc in the tray of the CD/DVD drive, close the tray and restart the computer.
 
2b)  You will be prompted to press any key to start the installation, I find the space bar handy.
 
At this point the setup process will load files, this will take several minutes.
 
3b)  You will now need to choose the  Language, Time, currency format, and Keyboard or input method that you'd like to use.
 
After this is done click on Next.
 
w71_zps6dbda47e.png
 
4b)  Click on the Repair your computer link at the bottom-left of the Install Windows window.
 
This link will begin the Windows 7 System Recovery Options.
 
w72_zps2a656a0c.png
 
5b)  System Recovery Options will now search your hard drive(s) for any Windows 7 installations.  This will take several minutes.
 
No participation is required on your part at this time, wait till it has finished and the next window opens.
 
w73_zpsd5483f05.png
 
6b)  Choose the Windows 7 installation that you'd like to perform the Startup Repair on, then click on Next
 
w74_zps490f9a17.png
 
7b)  Click on the Startup Repair link from list of recovery tools in System Recovery Options.
 
w75_zps9941e858.png
 
For a future reference, there are several other diagnostic and recovery tools available in the Windows 7 System Recovery Options including System Restore, System Image Recovery, Windows Memory Diagnostic, and Command Prompt.
 
8b)  The Startup Repair tool will now search for problems in the system files.
 
If Startup Repair finds a problem with any system files the tool may suggest a solution which you will need to confirm, or may solve the problem automatically.
 
w76_zps3dd75d83.png
 
9b)  Startup Repair will now attempt to repair whatever problems it found with system files.  
 
Note:  If Startup Repair did not find any problems with system files you won't see this step.
 
w77_zpsd8be95eb.png
 
Important: Your computer may or may not restart several times during this repair process.  This is normal, you should allow it to continue until you see the Restart your computer to complete the repairs window. 
 
10b)  Click on Finish, this will restart your computer.
 
w78_zpsd49257fb.png
 
It is possible that the Startup Repair will not be able to fix the problem.  If the Startup Repair tool determines this, it may automatically run the the repair after your computer restarts.  If it does not automatically run the repair but you are still having problems with Windows 7 repeat these steps to run Startup Repair again manually.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 Uselesslight

Uselesslight

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:07:38 PM

Posted 11 August 2014 - 04:41 PM

I think you're jumping the gun with a repair installation, I strongly feel that a registry file fix to repair the shortcuts/file associations will allow repair this issue before performing the repair installation...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users