Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


System crashed on reboot of malewarebytes...SysWOW64

  • Please log in to reply
2 replies to this topic

#1 KarenLee


  • Members
  • 2 posts
  • Local time:06:43 PM

Posted 19 September 2014 - 02:39 PM

I have no idea how the malicious virus or trojan got onto my computer, but this thing wiped out my computer.  I found a new folder in my windows folder called SysWOW64, which I knew was not on there yesterday, because I had just cleaned up my computer from all the 'search snacks' crap.  However, I was not able to delete the folder, due to it taking over my administrative rights.  I couldn't even delete the registry key, which upon further review had a file linked to Malewarebytes and I knew as soon as I rebooted my laptop, which is necessary by Malewarebytes, that something was going to happen. 


Malewarebytes detected it, but sure enough upon reboot all I seen was a bunch of symbols and I was not able to access the desktop at all.  I attempted to reboot in safe mode, but it disabled the F8 keys, disabled internet access and I wasn't even able to use my restoration CD. 


How do I protect my computer from something like that happening again?  I notified Malewarebytes about the issue, just to simply iniform them.  I had to contact someone and pay to have it restored, which I never want to do again.  I am pretty computer literate, but this one was quite new to me.  The man didn't really fix the problem, but I learned that while holding down the number key "0" and starting up the laptop, that it took me to the menu where I was able to restore my computer, which I did, wanting to eliminate any trace of that SysWOW64 attack. 


Please let me know what I can use to protect me from such an attack again?  I am currently using my old desktop computer, while my laptop is being restored to it's original state.


Update:  Computer was restored, but the virus is still on the laptop.  It has highjacked my broswer, so that I can download anything at all on it. 

Edited by KarenLee, 19 September 2014 - 05:20 PM.

BC AdBot (Login to Remove)


#2 Scoop8


  • Members
  • 326 posts
  • Gender:Male
  • Location:Dallas TX
  • Local time:06:43 PM

Posted 20 September 2014 - 09:45 AM



Sorry to hear about your PC problems. 


What AV are you running on the PC that got infected?  I see you mentioned Malwarebytes.  I'm using that as well.  It's a good compliment tool to an AV product.



To try and help with your question about how to avoid a future malicious occurrence with your PC's, I'd suggest using a periodic backup plan, with 2 activities:



1) Full-HDD backup.  This will provide a fast way to recover from virtually any malicious incident and return your PC to normal operational status.


There are 2 main approaches to HDD backup plans:


- Cloning.  This process copies all content from your "C" (original) HDD onto another HDD of equal or larger size.  The advantage of cloning is that you have a complete plug-and-play HDD replacement with the OS, programs, and all of your personal content in a bootable spare HDD available on the shelf if needed to recover from various situations.


The requirement is that you need an additional HDD in order to clone.  I've never considered that a disadvantage since I like having a spare HDD in case my "C" HDD fails.


- Imaging.  This process accomplishes the same result as cloning but does it differently and doesn't require a spare identical HDD that's dedicated only as a cloned spare HDD.


Imaging will create a full-HDD file containing all content, the same as cloning.  The advantages of Imaging is that you can store multiple images (files) on an external HDD and can restore from the file that you select, so if you needed to restore your PC from an Image that was created 3 weeks earlier, you can select that file, etc.


Image-restoration, at least for me with my PC setup's, takes longer vs installing my cloned HDD.  However, that's a fairly insignificant inconvenience (my opinion) vs the security of having multiple HDD Images from which to choose, in the event of malicious infections, failed HDD, user error, etc.



Both provide the same result.  There are advantages to both tools which is why I use both backup types with my PC's.



2) Some kind of an incremental/daily backup of the items that you edit/change frequently.  My examples of such items are a few Excel files, my E-mail (Outlook) data file, etc.



Redundancy is important in my opinion.  It's always good to have a few HDD backups (Images) available in addition to several copies of one's "must-have" items.


It's always a good idea to have at least 1 backup storage device that's disconnected from the PC's except during backup processing.  This will help prevent an encryption-ramsomware attack (such as "Cryptolocker" or its variants) from affecting all of your personal data.



The last time I was affected by malware, I removed my HDD and installed one of my cloned HDD's and I was running the PC as normal within a few minutes.


I prefer to remove infected HDD's  vs seeking help with disinfection and restoring my affected HDD since it's faster for me to install a cloned HDD and then sanitize the original HDD at my convenience.



I'm currently running an unattended twice-daily backup of my frequently-updated specific items to one of my continuously-connected portable USB HDD's.  This HDD is vulnerable to malicious effects so I also backup those same items to a couple storage devices that are only connected to my PC's during my backup process.


I clone my Desktop and Laptop PC's every 2 weeks and Image occasionally.


#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,749 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:43 PM

Posted 20 September 2014 - 04:49 PM

Update:  Computer was restored, but the virus is still on the laptop.  It has highjacked my broswer, so that I can download anything at all on it.

If you need individual assistance with malware infection, you can start a new topic in the Am I infected? What do I do? forum OR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users