Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loss of access after virus removal


  • Please log in to reply
20 replies to this topic

#1 Shadowxsx

Shadowxsx

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 15 May 2015 - 11:58 PM

Windows defender detected an attack and after it has been removed I am unable to access "my computer, my documents, folders I have created etc". I still have access to things such as icons on my desktop that are for games and programs but anything for file access and viewing that I get that I do not have permissions to access.
 
I had my Primary Admin account disabled and went in and enabled it and rebooted to safe mode and tried going in and giving my "user account" (which is an admin also) full controll over my disk drives again and it came up with alot of errors doing so (do not feel like going in again at this moment, but if you ask I will do so as I really do not want to reformat again or use more extreeme measures that may force that)
 
If I go into file sharing my account only has read/write access (but I can not even access it) and there is another user "unknown contact" who is owner...
 
Apparently I got something nasty that I do not know how to deal with or bypass... I may just decide to download a bootable linux CD version and wipe permissions with it but I do not know how bad of adverse effects it may have with what is going on. So any help would be aprreciated before I go to extreemes...
 
Update: Did a Sys Restore and it worked temprorarily I tried changing sharing permissions and it gave errors on c:\Boot, C;\bootmgr, c:\hbierfil.sys, c:\pagefile.sys, c:\Program Files, c:\Program Files (x86), all of those are the errors I was speaking of earlier and all access denide or in use.. Any Ideas? Pretty sure I have gotten a rather nasty rootkit as I have made no changes myself that would cause this.
 
 
Also If I go into advanced security settings all of the listed show "not inherited" in the inherited form part (not sure if that has any meaning on this issue or not)

Edited by Queen-Evie, 16 May 2015 - 11:32 AM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 10:49 AM

Windows Defender in Windows 8/8.1 is an active antivirus.  Windows Defender in Windows 7 in an antimalware program.  I hope you have an antivirus running on this computer.

===========
 

 
Double click on the download and choose to run the program.
 
A screen similar to the one below will open, click any key to run the program.
 
securitycheck_zpscfb86945.png
 
When the scan is finished there will be a log, copy and then paste your log in your next post.
 
==========
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
===========
 
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.

Edited by dc3, 16 May 2015 - 10:55 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 11:10 AM

Well MS needs to say it is not AV on Win7 (figures as they made it sound like one when I read it and installed it as they made it appear that it was both anti malware and virus).

 

 Results of screen317's Security Check version 1.001  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (37.0.2)
 Mozilla Thunderbird 24.6.0 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Kaspersky Lab Kaspersky Security Scan kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

Is the result

 

If it takes me doing a format and starting from scratch is is not a huge issue as i can do it in a few hours, just hate having to do so. I know I can force ownership if I need to and I know other forceful measures beyond windows that removes permissions totally, not sure where exactly this came from but the issue defender found was in google chrome's auto update feature so I will never install that again

 

Odd though I have adobe and java to notify me of updates and I have not seen them recently so I thought I was up to date on them

 

 

Malwarebytes is installed (has been and does a scan every other day) and it found nothing, will try tdskiller (which found no threats)


Edited by Shadowxsx, 16 May 2015 - 11:18 AM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 11:17 AM

Please run the rest of the requested scans, then we will have a better idea of what is going on.

 

You need to install an antivirus, Avast free is a good one.

 

You need to update Java.  If you don't have any programs which require it you may want to uninstall it.  When it get out of date it become a potential security problem.

 

Your Adobe Reader is out of date as well and has the same problem with becoming a security risk when it is out of date.

 

You should update Thunderbird as well if you are still using it.  If you are not, you should uninstall it.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 11:21 AM

Hold the phone...  I just saw that you have Microsoft Security Essentials installed.  Please check to see if it is enabled.

 

Please do following first if you have not started the previously requested scans.

 

Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download. 
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 11:39 AM

Speccy gives me the error that I do not have permissions to run it and I can not access the location to run as admin

 

Even though I have been trying everything from "most downladed" links from the link to the other programs from your previous post and they have worked

 

Will give Avast free a shot, I know avast is good just did not know they had a free version as I have used it before but it was only a trial at that time

 

 

Odd thing on thunderbird is that I uninstalled it no clue as to why it is still there, and I only tried it so that i could access a former friends and potential employer's business email so I could work for him


Edited by Shadowxsx, 16 May 2015 - 11:47 AM.


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 11:48 AM

Even though I have been trying everything from "most downladed" links from the link to the other programs from your previous post and they have worked

 

I don't understand what you mean here.

 

Please run all of the scans one at a time and then post the logs for each scan.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 11:53 AM

Umm I uninstalled Chrome, and somehow it is back and just opened a window on it's own?????

 

Ok something is seriously wrong here, chrome I removed via your uninstaller pro and it even removed all registry keys associated with it so how the **** is it back again, after I removed it after a sys restore


Edited by Shadowxsx, 16 May 2015 - 12:03 PM.


#9 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 11:56 AM

 

Even though I have been trying everything from "most downladed" links from the link to the other programs from your previous post and they have worked

 

I don't understand what you mean here.

 

Please run all of the scans one at a time and then post the logs for each scan.

 

 

 

When I clicked the link it gave me a "most downloaded" category on the left for adwcleaner, combofix, junkware removal tool, Rkill, and tdsskiller so ran all of them

 

When I clicked the tdsskiller.

 

 

Currently running an avast scan atm so I will repost once it is done (and I will run all of the available scans)


Edited by Shadowxsx, 16 May 2015 - 12:05 PM.


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 11:58 AM

Unless you do what is requested I can not help you.  

 

If you want my help, don't make any more changes to your computer unless it is requested.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 12:14 PM

Unless you do what is requested I can not help you.  

 

If you want my help, don't make any more changes to your computer unless it is requested

 

Well no changes have been made, nothing has been found and nothing you have posted has found anything at this moment along with the programs I generally use such as spybot search and destroy, malwarebytes, trend micro av free scan, RUbotted, and pretty much everything I know of. That is why I am posting here as I am trying everything I know of and other alternatives before I am forced to the extreme.... If everything says nothing is wrong other than Speccy (which is a system error as it is a zip file as i can not access anything apparently related to explorer). I see no issue with trying things that have no affect other than giving "no issue found". If they had found something it would be listed in a reply and not kept from you

 

Avast is still running as I have 3TB of hard drive space and I expected it to take a while


Edited by Shadowxsx, 16 May 2015 - 12:17 PM.


#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 12:14 PM

When the TDSSKiller download site opens click on the 3.0.0.44 version, you want the EXE, 4.00 MB.  That is the only thing you want to download from that site.


Edited by dc3, 16 May 2015 - 12:15 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 12:26 PM

When the TDSSKiller download site opens click on the 3.0.0.44 version, you want the EXE, 4.00 MB.  That is the only thing you want to download from

 

I will try it again but it found nothing previously, "0 Threats"

 

As I am finding it seems I can access shortcuts not direct links, as if I right click a file and "open location" I get that I do not have permissions as my current user, but if I am logged in as admin I can access them (even my docs, and my computer just by opening them normally) but changing permissions I get the errors in my original post

 

2nd run no threats, no quarantined, no cleaned

 

Avast finished with no threats found


Edited by Shadowxsx, 16 May 2015 - 12:32 PM.


#14 Shadowxsx

Shadowxsx
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 16 May 2015 - 12:44 PM

Found it in my browsing history as I looked it up when it was found, kilim!rfn is the name of what defender found and removed...

 

Just thought of that


Edited by Shadowxsx, 16 May 2015 - 12:48 PM.


#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:16 PM

Posted 16 May 2015 - 01:10 PM

When I clicked the link it gave me a "most downloaded" category on the left for adwcleaner, combofix, junkware removal tool, Rkill, and tdsskiller so ran all of them.

 

I need to see these logs.  You just posted that nothing was found when you ran the TDSSKiller

 

What version of Malwarebytes Antimalware did you run?

 

We are trying to determine if this computer is infected.  So far all we have to go on is your belief that you have "something nasty".  


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users