Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run any anti virus programs


  • Please log in to reply
32 replies to this topic

#1 roecityryder

roecityryder

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 17 July 2016 - 01:02 PM

Hello, I posted in the am I infected section and was referred here. Like the title says I can't open any anti virus programs or uninstall them. I have tried in safe mode too. I downloaded the FRST program successfully, but cannot get it to run. The scan button is grayed out. The OS I have is Win 7 if that helps. Any help will be greatly appreciated. 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 21 July 2016 - 07:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#3 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 21 July 2016 - 08:08 PM

Thanks for the reply. I downloaded the Zoek as asked, but it won't run. I can't even get the Avast to stop running. It is steadily popping up with a message saying threat blocked. Either http://novemberjean.com/x/ or http://octoberbeer.com/x/



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 22 July 2016 - 08:13 AM

If you can boot to safe mode and run the Zoek tool.

#5 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 22 July 2016 - 06:57 PM

I booted to safe mode and it still won't run. I ran rkill and it terminated the exe process, but when i right click and select run as administrator nothing happens.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 23 July 2016 - 06:36 AM

Rename the ZOEK.EXE file to svchost.exe and run it as and administrator in normal mode.

#7 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 23 July 2016 - 10:39 AM

I tried that as well and still no luck.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 23 July 2016 - 12:42 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

#9 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 23 July 2016 - 01:30 PM

I have Rkill and have ran it and it sometimes kills the program that's trying to open, but I still can't get the program you want me to run to open.


Edited by roecityryder, 23 July 2016 - 02:04 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 24 July 2016 - 06:55 AM

Did your run the .exe or one of the version I suggested.

Are you able to run any .exe programs at all?

#11 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 28 July 2016 - 04:58 PM

Sorry it took a while for me to respond, I have been out of town and yes I can open other programs. Just can't open anything related to anti virus or tools to remove a virus. It's as if it knows what the program is and blocks it, but anything else opens fine.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 29 July 2016 - 07:58 AM


Lets see if these are also protected.

Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

===

ttLR1ki.jpg
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------

#13 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 29 July 2016 - 11:23 AM

I tried running combofix. It starts running and does the registry backup and then it just goes away. I could only get it to open also in safe mode. Any other suggestions other than format and start over again which I hope I don't have to.

 

Thanks



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 AM

Posted 30 July 2016 - 07:00 AM

Did you try the OTL tool?


Do you have any restore point that you can go back to?

#15 roecityryder

roecityryder
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 30 July 2016 - 12:06 PM

No, what is the otl tool?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users