Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanWin32Repexit


  • Please log in to reply
27 replies to this topic

#1 wayne937

wayne937

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 August 2015 - 04:24 PM

I have a problem here with a virus I cannot figure out. I completely restored a Toshiba windows 7 starter mini computer with windows 7 to factory defaults. The computer is several years old according to it's owner - possibly five to seven years old. As soon as I got it restarted, I deleted the old Norton Virus from the add/remove, then downloaded and installed Microsoft Security Essentials as quick as I could. I did a quick scan with Microsift Security Essentials and it found the TrojanWin32Repexit on my system. It was in quarantine. In fact, I reinstalled it to factory defaults, complete factory restore, again and it done the very same thing and I found it on my system again. I am beginning to wonder if it was possible in the factory restore defaults. The factory restore is on a portion of the hard drive. When I ran it the full scan with MSE it got about three quarters through the scan and I lost windows explorer. I could not get it back and this is the reason for the second factory restore. I am now in the process of doing a full scan again so I am keeping my fingers crossed I don't lose my windows explorer again. Without windows explorer I just have a blank desk top. If I lose my windows explorer again, I may need help on getting it restored.


Edited by hamluis, 17 August 2015 - 04:59 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 17 August 2015 - 07:29 PM

What file is being indicated by MSE?

Maybe some false positive?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 August 2015 - 09:06 PM

Broni, it has been a long time since I have heard from you. I remember your name from the Smartcomputing forums I used to use. Broni, you may be right about that. I really don't know what file it is, but after running MSE, I saw it in the quarantine file. It happened twice after a factory restore. I wish I could tell you what file was effected, but I am sorry I can't. Thanks for your response.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 17 August 2015 - 09:13 PM

Nice to see you :)

 

Are there any current issues with your computer?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 August 2015 - 09:26 PM

I am still getting MS Udates installed on it tonight. I left the virus in the quarantine of MSE. I have not noticed anything wrong in particular on the computer, but I will continue to watch it for a few days. It is a mini Toshiba notebook. 32 but. I noticed that one update that came down did not install but after checking this file it was s 64 bit, not a 32 bit, so I am glad it didn't install. Thanks Broni.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 17 August 2015 - 09:30 PM

I left the virus in the quarantine of MSE

 

You should be able to check what's the file name and location.

https://grok.lsu.edu/Article.aspx?articleId=13991


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 18 August 2015 - 07:08 AM

Broni, all I see under history is the file TrojanWin32/repexit which is in the detected items box. It says that this Trojan is dangerous and executes commands from an attacker. I feel that this virus may have been in the original files when I used the factory restore disk because as soon as I restored the computer, and ran MSE it was located. I restored the same computer twice within a couple of days and it found the same virus. This is what makes me think it was in the factory restore. One more question, if I may. This mini computer does not have a slot for a CD. It only has USB slots. Are there any place I can get a windows repair disk on a flash drive. I want to do a system file check, but I know if I run it, and it finds a missing or damaged file, it will want me to install the windows 7 disk to get that file. I am certainly not an expert on computer repair. I am sorry I can't give you the name of the file you asked about above.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 18 August 2015 - 08:19 PM

1. How exactly is factory restore done on that mini laptop? Is there some recovery partition.

2. Windows 7 has a lot of backup files and it's very unlikely that something like "sfc" will ask you for Windows DVD.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 18 August 2015 - 08:53 PM

Broni, yes, the recovery files are on a small portion of the hard drive. I would like to do a SFC but I know if it finds a missing, or a damaged file, it will ask me to put in the windows 7 disk and I do not have one. Toshiba wants around forty dollars for a flash drive with a windows 7 starter disk. I am working on it for a friend so I don't want to spend that kind of money. I was hoping there was some place on the Microsoft Website to download windows 7 starter with 32 bit. I may have to look around at local computer shops to see if they have this disk. I am thinking I do have something wrong as after I had an update it said that the powershell had stopped working and window would look for a fix. I don't believe it was fixed though.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 18 August 2015 - 09:16 PM

yes, the recovery files are on a small portion of the hard drive

 

In that case recovery partition can't be infected because it's set to "read only".

I strongly suspect whatever MSE detected was FP.

 

I would like to do a SFC but I know if it finds a missing, or a damaged file, it will ask me to put in the windows 7 disk

 

As I said Windows 7 has plenty of backup files and it's very unlikely it'll ask you for a disk.

If you don't believe me search your computer for any system file and you'll see a long list.

 

If you think your installation got somehow corrupted...

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif


Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif


Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif


Go to Repairs tab and click Open Repairs button.

p22012124.gif

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif

 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 18 August 2015 - 09:40 PM

Thanks for your help Broni. I really appreciate it. I assume that this tool will work on windows 7, 32 bit, and a few others as well. I will give it a try as soon as possible.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 18 August 2015 - 09:52 PM

Yes, it runs on all Windows.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 18 August 2015 - 09:56 PM

Thanks Broni. I read that again and realized that it said, "all in one". I will run it, hopefully tomorrow.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:53 AM

Posted 18 August 2015 - 10:03 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 wayne937

wayne937
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 19 August 2015 - 10:21 AM

Broni, after I sent you that last message I had received 11 more Microsoft updates. After I received the updates I could not do anything on the computer. I could not get on line, nor would it accept a flash drive to run the portable info. you sent. I had to start all over again by doing another factory restore. It seems like it is the Microsift updates that screws up the computer. I am currently running a dskchk to see if there are any bad sectors on the hard drive. I marked it for locate and repair any bad sectors it finds. I can't understand why the updates would screw up the computer. I ran MSE again but it did not find any viruses this time. I never had this much trouble with any other computer. I got to thinking that maybe the hard drive had some bad sectors which was messing up the computer files. Any how, this is the third time I have had to do the factory reinstall. I hope everything works out this time around.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users