Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had a Trojan, computer still not working after removal


  • This topic is locked This topic is locked
150 replies to this topic

#1 Silverbirch1

Silverbirch1

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 08 February 2017 - 02:32 PM

Hi, I apparently got a Trojan: System32/Agent/neurex, according to the Kaspersky Labs Repair disk I made. I was unable to open some programs, and, when attempting to install the KL AV program, it stopped with a blank window at what should have been the finish screen. I couldn't close the screen and had to shut down my computer to get rid of it. Just prior to that I had been (and still am) having problems with the Windows Installer not functioning properly and either giving me errors or telling me that a program wasn't there to be uninstalled.

 

I still have internet, which my other laptop does not. Husband was trying to download a game and gave that one a virus which blocks the internet as well as all av programs. While I do have internet, I tried to upload the files requested by the KL tech and couldn't. I also can't attach them in an email. On this laptop, I was downloading BitTorrent and got a virus warning from Malware Bytes. Supposedly that program blocked it, but, I'm thinking it got through anyway, somehow.

 

Anyway, I'm running Windows 7 on an HP G62-140US. (yeah, it's a dinosaur, but, it still runs World of Warcraft, lol) I cannot open any program which could in anyway help my problem. I click on it, and nothing happens. I cannot install any new av programs, including Malware Bytes.

 

Please help!

 

Elizabeth



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 08 February 2017 - 03:04 PM

Hi Try to Run RKILL and the tools below.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
I'll be back in a couple hours
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 08 February 2017 - 03:37 PM

Ok, only one problem I see is that I have forgotten the admin password. :( I'll see what I can do. Thank you!



#4 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 08 February 2017 - 04:11 PM

Done and done. EEK Scan report opened in my open source office program instead of Notepad. It doesn't look like it did so correctly, but, I'll copy it here:

ÿþE#m#s#i#s#o#f#t# #E#m#e#r#g#e#n#c#y# #K#i#t# #-# #V#e#r#s#i#o#n# #1#2#.#0#c#e#r#.#M#O#O#N#D#A#N#C#E#R#-#N#B#\#A#p#p#D#a#t#a#\#L#o#c#a#l#\#T#e#m#p#\#i#n#5#5#F#2#C#4#5#B#\#3#0#4#D#6#5#3#4#_#s#t#p#.#E#X#E# #    #d#e#t#e#c#t#e#d#:# #A#p#p#l#i#c#a#t#i#o#n#.#I#n#s#t#a#l#l#A#d# #(#A#)# #[#2#8#5#4#2#4#]#p#p#l#i#c#a#t#i#o#n#.#I#n#s#t#a#l#l#A#d# #(#A#)#

 

Without all the #s: Emsisoft Emergency Kit - Version 12.0cer.MOONDANCER-NB\AppData\Local\Temp\in55F2C45B\304D6534_stp.EXE     
detected: Application.InstallAd (A) [285424]pplication.InstallAd (A)

 

It found 18 adware, but, no viruses, apparently.

 

Here is the RKill report:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/08/2017 12:37:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/08/2017 12:39:03 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)
 


Edited by Silverbirch1, 08 February 2017 - 04:14 PM.


#5 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 09 February 2017 - 02:50 PM

Just wondering where to go from here. I appreciate your time, btw. :)



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 09 February 2017 - 10:10 PM

Hi, had monster snow storm, clean up then fell asleep.

System appears clean. may have file corruption.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 10 February 2017 - 07:06 PM

Downloaded program. It installed, but said it couldn't create a shortcut for the uninstall file. There was no window with a 'finish' button. It just ended. Tried to run the program an it wouldn't start. I decided to shut down and retry in safe mode. When I turned it back on it began shutting on and off over and over again. Thankfully, I have a smartphone. ::sigh::

#8 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 10 February 2017 - 07:10 PM

No worries about the delay. I understand. We had a pineapple express here and our yearly flooding with roads blocked, etc. Water finally receding this afternoon.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 11 February 2017 - 10:35 AM

So it is still doing on/off?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 11 February 2017 - 12:44 PM

Yes. :( left it off all night and still doing it this morning

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 PM

Posted 11 February 2017 - 08:04 PM

I will ask for another to look here,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 12 February 2017 - 10:52 AM

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by JSntgRvr, 12 February 2017 - 10:53 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 12 February 2017 - 12:20 PM

I'm using Windows 7 (64). As soon as I can get another computer up and running or borrow one long enough to download this, I will. Hopefully before the end of the day.

The only problem I foresee is that the computer doesn't even get to the boot part before shutting down.

Tapping the F8 key to enter Safe mode is when this started. Can hitting the F8 key too soon cause this?

Edited by Silverbirch1, 12 February 2017 - 12:23 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:48 PM

Posted 12 February 2017 - 01:34 PM

On a Windows 7 machine you can make a repair disk and boot the affected computer with it.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Silverbirch1

Silverbirch1
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:03:48 PM

Posted 12 February 2017 - 01:49 PM

I have a repair disk. The computer doesn't stay on long enough to boot




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users