Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected, but with what and what do I do??


  • Please log in to reply
5 replies to this topic

#1 rjstrauss

rjstrauss

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 17 June 2016 - 01:25 PM

Hi -

 

Some of my software stopped working, so I ran Rkill. Here is the part of the response that concerns me:

 

Checking Windows Service Integrity:

 

 * AeLookupSvc [Missing Service]
 * AllUserInstallAgent [Missing Service]
 * hkmsvc [Missing Service]
 * THREADORDER [Missing Service]
 * WPCSvc [Missing Service]
 * adp94xx [Missing Service]
 * adpahci [Missing Service]
 * adpu320 [Missing Service]
 * arc [Missing Service]
 * discache [Missing Service]
 * FxPPM [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * iirsp [Missing Service]
 * LSI_SAS2 [Missing Service]
 * LSI_SCSI [Missing Service]
 * nfrd960 [Missing Service]
 * viaide [Missing Service]
 * Wd [Missing Service]
 * AppMgmt [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]

 

 * napagent [Missing ImagePath]
 * CSC [Missing ImagePath]

 * MMCSS => \SystemRoot\system32\drivers\mmcss.sys [Incorrect ImagePath]
 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]

 

What exactly happened to me? Can I fix this, or do I have to reinstall the OS? What can I do to prevent it from happening again in the future (Kaspersky was up and running when this happened.)

 

I am running Win 10 (latest/greatest) on a new Dell box. If there is other info you need on my hardware/software, I am happy to supply it.

 

- Carl



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 17 June 2016 - 03:13 PM

Hello , first lets remove any other infections.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rjstrauss

rjstrauss
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 17 June 2016 - 06:52 PM

My system will not allow me to download ANY of these programs/installers. "Your current security setting does not allow this program to be downloaded." Also, can't verify the publisher bull ....

 

I have turned Kaspersky off. I have made bleepingcomputer.com a trusted sight. What else can I do???????



#4 rjstrauss

rjstrauss
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 20 June 2016 - 02:40 PM

So, the virus has corrupted Windows security and will not let me download any executable file. Even when I downloaded a ZIP with an executable in it, it will not let me run the executable. There is no 'blocked' file attribute for me to unblock.

 

I still have no heard any suggestion as to what this virus is. Kaspersky didn't detect it. In browsing the Microsoft KB, I see that there have been various worms that specifically attack/disable security features, don't let you download fix programs, etc. But the KB also says that these malware should be caught by good AV software.

 

Since this has been dragging on for 2 weeks now, I am tempted to just bite the bullet and reinstall Windows 10. This should take care of any/all problems, right ?????

 

This leads to the question, how to prevent it from happening again. A related question is this: I am the only user of this computer, so how should I set up accounts for myself. I always thought that an admin account and a 'normal' user account, both with separate passwords, was the way to go. I there a setup option that would offer me more security?



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 AM

Posted 21 June 2016 - 10:02 AM

The reinstall will wipe out all malware.. You can try downloading from another PC to a flash drive or CD (all but ESET).
You do have corrupt system files so it may be the fastest option to re install.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 vcolev

vcolev

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 21 June 2016 - 10:12 AM

Have you tried starting in safe mode with Networking to see if it will let you download?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users