Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus has disabled all of my security functions


  • Please log in to reply
12 replies to this topic

#1 GoTheBunnies

GoTheBunnies

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 20 November 2014 - 07:20 PM

Hi guys - great site!
 
Logged on to my PC yesterday (running Windows 7) to see a couple of 'Action Required' messages, one was that my anti-virus (Microsoft Security Essentials) was turned off.  Tried to turn it on without success.  Then tried to run my MalwareBytes, but it no longer runs either.
 
Tried a system restore a couple of time to earlier dates - didn't make a difference, Updated Windows patches to current but still no luck.
 
Not sure where to go next?
 
Thanks in advance

Edited by Orange Blossom, 20 November 2014 - 07:21 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 21 November 2014 - 07:25 PM

Welcome aboard p22002758.gif

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 GoTheBunnies

GoTheBunnies
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 21 November 2014 - 09:07 PM

Thanks for your reply.

 

I couldn't create the log.....DDS ran and said that it had created 1 log, the attach.txt - it didn't create the dds.txt. Ran it again, ensuring that the dds.txt box was checked, but same result.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 21 November 2014 - 10:12 PM

In that case please stay here in this topic for now.

 

Download TDSSKiller and save it to your desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 GoTheBunnies

GoTheBunnies
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 22 November 2014 - 02:32 AM

Ok, downloaded TDSSKiller, no problem, saved to desktop.  Tried to run (as Administrator)....nothing.  Same as what happens with Malwarebytes - it gives me the option to run the program, but then doesn't actually execute.



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 22 November 2014 - 09:03 PM

Try to run it from safe mode.

How to start Windows in Safe Mode


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 GoTheBunnies

GoTheBunnies
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 23 November 2014 - 02:02 AM

Can't run it in safe mode either. Nor from command prompt.  Nasty sucker this virus - seems to block everything designed to cure it. 



#8 AbsolutelyFreeWeb

AbsolutelyFreeWeb

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 23 November 2014 - 06:21 AM

as I understand the tool lists the running processes and you don't seem to be able to running the tool.

 

A suggestion, run windows own utility to at least get a list. Open a command prompt in elevated mode (right click and run as administrator)

 

then, in the opened black window, type: tasklist /V /fo csv > taskkilloutput.csv

 

post the created file taskkilloutput.csv in the logs forum and give a link here.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 23 November 2014 - 02:52 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 GoTheBunnies

GoTheBunnies
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 23 November 2014 - 08:38 PM

I haven't yet tried FixTDSS.exe, but I think what is happening is that this thing is not letting me run any .exe files.  It goes through the right motions, asking me if I want to run it etc, but once I click 'continue' nothing happens.  I opened Task Manager to see what was actually processing, but the .exe file never appears in the list - whether it was when I was trying to reinstall MalwareBytes or TDSSKiller.

 

I'll try to run FixTDSS.exe tonight and will report back.

 

Thanks again



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 23 November 2014 - 08:54 PM

What you can try is to rename tdsskiller.exe to tdsskiller.com or tdsskiller.scr.

Disregard any Windows warnings.

 

If that doesn't help run this first...

 

Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Then try TDSSKiller right away.

 

You can try renaming rKill.exe to rKill.com or rKill.scr as well if exe doesn't work.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 GoTheBunnies

GoTheBunnies
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 24 November 2014 - 04:02 AM

No success unfortunately - RKill won't run - tried safe mode, tried re-naming etc.  I get to the Windows warning, tell it to run, and nothing. Same with the TDSS files.

 

I've given up on it - have decided to ditch the HDD and install a new SSD with a fresh install of Windows. Figure I beat the virus problem and get a faster disk at the same time!

 

I really appreciate your help with this - I've been seeing on some other forums that others are having similar issues, and I'm yet to see a successful resolution. Another symptom is that Windows tells you that you have updates to download, including one for Windows Defender (and I don't use Defender) - you install them, and next time you turn the PC on it tells you that you have the same updates to download.

 

Weird!  Anyway, thanks again.



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 AM

Posted 24 November 2014 - 06:57 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users