Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a Virus/trojan somewhere in my system


  • This topic is locked This topic is locked
116 replies to this topic

#106 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 06 January 2015 - 07:30 AM

Theoretically yes (but make sure you don't boot from this drive, only connect it). The bad thing on this method is that there will be orphaned services at the end.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


BC AdBot (Login to Remove)

 


#107 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 January 2015 - 08:35 AM

I started "repair your computer"  and got to a C promt  I ran Frst64 with the  edited Fixlist.txt file from a Thumb drive.

 

I clicked on Fix...  It broke windows....  I got blue screen and a repeating boot loop.... So I had to set the Pc to the Del-Fix restore point... to get back into a windows Desk top    So at the point I am not sure if we are getting the effects of Deep freeze or not.... I think the Deep freeze program is to badly damaged to repair... But I am going to try to obtain the Kill file from Faronics...Again I am not sure if it will Work or not.

 

my feeling is there might be 2 problems going on here.... 1 as you have maybe deep freeze somehow is running in the back ground

2 a virus running is still very active in the registry some where



#108 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 06 January 2015 - 09:03 AM

I found one line which is related to Adware and one entry I forgot to include which is related to Deep Freeze. If this will not solve the problems we won't do any FRST Fixes anymore I think, but trying something else.
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Winlogon\Notify\DfLogon: LogonDll.dll [X]
    S0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [227096 2010-02-08] (Faronics Corporation)
    S4 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [1070080 2010-02-08] (Faronics Corporation)
    S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
    C:\Program Files\OutfoxTV
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Edited by Machiavelli, 06 January 2015 - 09:04 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#109 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 January 2015 - 11:29 AM

Nope goes right back to Re start point From 2 days ago... Also the Frst64 log fill is gone and so is Frst64.exe


We need to break out of the restart point to save files



#110 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 06 January 2015 - 11:33 AM

I got a tip from a colleague: http://www.wikihow.com/Uninstall-Deep-Freeze

Try to follow this. We need to make sure that the problem isn't causing Deep Freeze.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#111 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 January 2015 - 02:48 PM

ok I opened task manager by ctrl alt Delete  as windows stated after debugging   NO REFERENCE TO ANYTHING DEEP FREEZE!



#112 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 06 January 2015 - 02:57 PM

Now, I ask you. I have some other ideas what we could do. I give you now two options.

1) We can try some other things. If they will solve the problem I can't tell you. It can be that we do everything for nothing.
2) The safest and fastest way to solve our problem is to reinstall windows.

What do you want to do?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#113 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 January 2015 - 05:20 PM

I have ordered a New hard Drive my Plan is this I want to re install the OS  but the drive hasn't arrived yet....

 

So here is my question to you.... I want too take out all references to Deep freeze but putting the drive on my other computer....BUT my other system is Windows XP  32 bit (FAT32)  will the system see my Win 7 64 bit NTST drive?



#114 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 06 January 2015 - 05:30 PM

I mean NTFS



#115 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 07 January 2015 - 10:47 AM

will the system see my Win 7 64 bit NTST drive?

I think it should. Let's try it out.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#116 Dimitri Deharak

Dimitri Deharak
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 07 January 2015 - 02:07 PM

 ok I guess I am going to Re install everything. The best way to cure this Deep freeze Maleware, Virus ,whatever  FORMAT!

 

thanks for all your help... I guess this one defeated us! 

 

thanks again



#117 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 AM

Posted 07 January 2015 - 02:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users