Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't browse, locked out of System Restore and cmd functions


  • Please log in to reply
5 replies to this topic

#1 steelcaress

steelcaress

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 06 February 2017 - 04:54 PM

I posted initially in the Windows 7 forum. Apparently, this is the place to go.

 

My son got his Win 7 computer completely malware-ized.

1) When he opened his computer this morning, his date and system time were out of whack. I fixed that problem, but apparently not the cause.

2) I can't browse to any websites (it claims the security certificates are out of date).

3) I used ADWcleaner, which removed quite a bit of malware. Still can't browse.

4) I downloaded Hitman Pro and Malwarebytes 3 on a USB stick, activated the free licenses and removed more junk. Still can't browse.

5) I used Avast and it couldn't find a thing.

6) I "refreshed" Firefox. Still can't browse. Claims the server certificates are out of date.

7) Went to do a system restore and begin the malware removal from a couple days ago, when he could get on the internet. I got an *Access Denied* error.

8) Followed instructions to do an admin-level reset of winsock. *Access Denied*

9) Now the malware is turning off the real time protection functions of Malwarebytes 3.

 

So, is there a way to get this thing up and running again?

 

On a side note, his internet is not entirely trashed, as Internet Explorer gives him the server out of date error, but allows you to ignore and you can browse as usual. Supposedly Malwarebytes is up-to-date, and Steam can bypass all this and update (testing out the Net to see how far the damage extends).

 

UPDATE: I have lost the ability to browse the web completely. It claims it is "unable to initialize the Windows Sockets Interface" when I try to ping a server.


Edited by steelcaress, 06 February 2017 - 05:03 PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 February 2017 - 05:29 PM

Open an elevated command prompt and type:

 

net user administrator /active:yes

 

Does the command command complete without access denied. If so then logout and login to the enabled administrator account.

 

Run the winsock and tcp/ip reset commands I posted in the Windows 7 forum.

 

What is the make and model of the computer? Are you able to burn all your personal data to DVDs or copy it to a USB flash drive? Are you open to doing a factory reset if the administrator account does not work? Do you have a legible Windows 7 key on a COA sticker?



#3 steelcaress

steelcaress
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 06 February 2017 - 08:58 PM

Successfully opened an Admin account per your instructions and logged into it. Oddly, it still locked me out of resetting winsock.

 

The computer is a laptop, a Compaq Presario CQ56 Notebook PC.

 

We should be able to move what's on there to a USB drive.

 

I am open to doing a factory reset.

 

I have a legal, legible Win 7 cd key on the bottom.



#4 JohnC_21

JohnC_21

  • Members
  • 23,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 February 2017 - 09:13 PM

For Compaq, if the recovery partition is intact, tap F11 at boot. This should bring up the Recovery Manager. If you can boot to Windows 7 it may also be available in the HP programs listings. Be sure to also backup your browser favorites and any email if using an email client and not web email. All your personal data should be in the USERS directory. Does the computer have Office? Make sure you back up your Office key.

 

http://support.hp.com/us-en/document/c01867418

 

It may also be a good idea to back up your Windows 7 activation files. You can do this with Advanced Token Manager. Unzip the file to a folder on the desktop. Run the program and select the Activation Backup button. There is also an Office backup button. Copy the whole folder on the desktop back to the USB key.

 

http://joshcellsoftwares.com/products/advancedtokensmanager/



#5 steelcaress

steelcaress
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 09 February 2017 - 12:45 AM

I want to thank you for all your help.

 

I did all that you suggested. Had to burn the files to DVD-ROM, since it all of a sudden disabled USB drive access (I don't think it liked the antivirus scanners I imported that way). F11 didn't bring up the recovery screen, so it may lack a recovery partition.

 

But,on boot, Hitman Pro ran again before the welcome screen. Why this time, and not other boots, I'm not sure. Whatever it removed allowed it to update. I scanned again and removed the nasties that it found. Apparently that did it, along with a Malwarebytes 3 scan to be sure, including rootkits. It also unlocked the restore console, so I brought it back to a snapshot of Jan 27, ostensibly before his computer got infected. I ran new scans to be sure, but I have it up and running again. Had to delete the still-corrupted Firefox profiles and create a brand spanking new one, but he's back in the game.

 

How did he get infected? About the only thing we can think of is there was a friend's USB drive that he plugged in. Who knows exactly what he had on there and what sites his buddy visited?

 

Apparently Avast let that stuff in the door no problem. So I'm looking for a new antivirus. AVG became a resource hog a long time ago. Norton acts like an infection. Don't think much of Trend Micro and their stuff. I was thinking that Avira might be safe? Suggestions?


Edited by steelcaress, 09 February 2017 - 12:58 AM.


#6 JohnC_21

JohnC_21

  • Members
  • 23,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 09 February 2017 - 08:47 AM

How did he get infected? About the only thing we can think of is there was a friend's USB drive that he plugged in. Who knows exactly what he had on there and what sites his buddy visited?

 

That is very likely. Glad you are back up and running.

 

Something to think about. Consider doing a complete disk image to an external hard drive using a program in the below links. All allow you to create bootable media to restore the image should the computer not boot because of malware or a hard drive failure. This will allow you to be back up in minutes vs hours.

 

Macrium Free

Aomei Backupper

Easeus Todo Backup Free






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users