Attaching the report from RogueKiller #6 per your request.
RKreport1a.txt 1.04KB
135 downloadsWill have ComboFix report shortly...
Mystery malware attack; makes almost all applications disappear, leave
Started by
ozarknature
, Aug 16 2011 05:27 PM
-
This topic is locked
#16
Posted 18 August 2011 - 08:59 PM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
Attaching the report from RogueKiller #6 per your request.
RKreport1a.txt 1.04KB
135 downloadsWill have ComboFix report shortly...
#17
Posted 18 August 2011 - 11:13 PM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
Attaching results of the ComboFix run. Unfortunately the system would not allow ComboFix to update itself so I let it run as it was. I am still unable to install Java on my machine. Internet Explorer still will not make any connections. Google Chrome and Firefox both work fine except that Java plug-ins won't install. iTunes works fine.
Log.txt from ComboFix:
log.txt 44.02KB
125 downloads
Log.txt from ComboFix:
log.txt 44.02KB
125 downloads
#18
Posted 19 August 2011 - 11:51 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
To restore the administrative tools shortcuts run the programme on this page
Then go to this page to restore the other shortcuts
Then to try and reset IE go to this page and run both fixits there
Once you have done all that I will run a deep analysis tool
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Then go to this page to restore the other shortcuts
Then to try and reset IE go to this page and run both fixits there
Once you have done all that I will run a deep analysis tool
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
#19
Posted 19 August 2011 - 05:43 PM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
Hello again!
OK, here's what I've done so far...
1. I was able to remove Avast by using the installer. I am, however, now having problems with McAfee Security-as-a-Service which was previously installed and which I thought I had removed before installing Avast. I think McAfee is causing problems with the applications you're recommending I use being unable to communicate over the internet, as I will explain below.
2. I was able to download and restore the Start Menu shortcuts and the Administrative Tools Folder. I'm pretty sure those are working fine now.
3. I downloaded and tried to run (a) Uniblue Registry Booster and (b) the Microsoft FixIt but both programs refused to work. Registry Booster gave me a result that was like a '404'-type window in Internet Explorer. Wondering if this is directly related to IE's failure to launch? With MS FixIt, I got the error msg "Fix it troubleshooting cannot continue because an error occurred. We're sorry, but the program encountered an error trying to contact the server. Please try again later. [Code80072EFD]" The error msg was identical for both FixIt programs.
4. I launched IE and used the Network Diagnostic Tool, as the web page directed. The resulting 'Troubleshooting Report' error msg confirmed that McAfee Firewall is blocking connections, as I feared. Here's the message:
Diagnostics Information (Network Security)
Details about network security diagnosis:
Settings that might be blocking the connection:
Provider name: McAfee Inc.
Provider description: McAfee Firewall
Filter name: GUID_MFE_CONNECT_CALLOUT_V4
Provider context name: -
Network Diagnostics Log
File Name: 19AA3389-4422-4E3E-BBFF-CEB2BD191AE7.Diagnose.0.etl
Other Networking Configuration and Logs
File Name: NetworkConfiguration.cab
Collection information
Computer Name: ZINJA-WARRIOR
Windows Version: 6.1
Architecture: amd64
Time: Friday, August 19, 2011 5:56:26 PM
(The Geeks2Go site won't allow me to upload the 'diagnose.0.etl' file. However I am able to upload the 2 networkconfiguration logs, in case you think they may be of help.)
ipconfig.all.txt 6.07KB
132 downloads
route.print.txt 4.45KB
132 downloads
5. I attempted to go through WIndows Firewall to disable McAfee but the system wouldn't permit it. Here's the error msg:
"Windows Firewall can't change some of your settings. Error code 0x80070422"
That's as far as I've gotten, and I will continue working on it tonight.
I wonder, since RegistryBooster didn't work, would it make sense to try "Advanced System Care v.4"? I have used this program before. I ran a Deep Registry Fix just now and it showed 5549 'problems.' I have NOT taken any action to remove or fix these registry errors. It did generate a log file so if you think that would be helpful, please let me know and I will post it.
Thanks again for your ongoing help!
David Orr
Fayetteville, Arkansas
OK, here's what I've done so far...
1. I was able to remove Avast by using the installer. I am, however, now having problems with McAfee Security-as-a-Service which was previously installed and which I thought I had removed before installing Avast. I think McAfee is causing problems with the applications you're recommending I use being unable to communicate over the internet, as I will explain below.
2. I was able to download and restore the Start Menu shortcuts and the Administrative Tools Folder. I'm pretty sure those are working fine now.
3. I downloaded and tried to run (a) Uniblue Registry Booster and (b) the Microsoft FixIt but both programs refused to work. Registry Booster gave me a result that was like a '404'-type window in Internet Explorer. Wondering if this is directly related to IE's failure to launch? With MS FixIt, I got the error msg "Fix it troubleshooting cannot continue because an error occurred. We're sorry, but the program encountered an error trying to contact the server. Please try again later. [Code80072EFD]" The error msg was identical for both FixIt programs.
4. I launched IE and used the Network Diagnostic Tool, as the web page directed. The resulting 'Troubleshooting Report' error msg confirmed that McAfee Firewall is blocking connections, as I feared. Here's the message:
Diagnostics Information (Network Security)
Details about network security diagnosis:
Settings that might be blocking the connection:
Provider name: McAfee Inc.
Provider description: McAfee Firewall
Filter name: GUID_MFE_CONNECT_CALLOUT_V4
Provider context name: -
Network Diagnostics Log
File Name: 19AA3389-4422-4E3E-BBFF-CEB2BD191AE7.Diagnose.0.etl
Other Networking Configuration and Logs
File Name: NetworkConfiguration.cab
Collection information
Computer Name: ZINJA-WARRIOR
Windows Version: 6.1
Architecture: amd64
Time: Friday, August 19, 2011 5:56:26 PM
(The Geeks2Go site won't allow me to upload the 'diagnose.0.etl' file. However I am able to upload the 2 networkconfiguration logs, in case you think they may be of help.)
ipconfig.all.txt 6.07KB
132 downloads
route.print.txt 4.45KB
132 downloads5. I attempted to go through WIndows Firewall to disable McAfee but the system wouldn't permit it. Here's the error msg:
"Windows Firewall can't change some of your settings. Error code 0x80070422"
That's as far as I've gotten, and I will continue working on it tonight.
I wonder, since RegistryBooster didn't work, would it make sense to try "Advanced System Care v.4"? I have used this program before. I ran a Deep Registry Fix just now and it showed 5549 'problems.' I have NOT taken any action to remove or fix these registry errors. It did generate a log file so if you think that would be helpful, please let me know and I will post it.
Thanks again for your ongoing help!
David Orr
Fayetteville, Arkansas
#20
Posted 20 August 2011 - 12:59 AM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
I completed the Auto scan (first run) of Kaspersky, and am attaching that report now. Two malware files were caught and deleted. This is a 71 MB file so I used Winzip to compress and split it... This website says that max file size is 1 MB so I zipped this 3 MB file into three parts. Unfortunately the site won't let me upload these .zipx files. Nor can I get it to upload as a .zip! What would you like me to do with this?
I'm going ahead with the manual Kaspersky scan now...
I'm going ahead with the manual Kaspersky scan now...
#21
Posted 20 August 2011 - 04:38 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK first priority is to uninstall McAfee
Remove McAfee as per here - McAfee removal tool this should remove the firewall element that is blocking you getting online with IE
For the reports file I only need the detected threats portion - that will be a lot smaller
Remove McAfee as per here - McAfee removal tool this should remove the firewall element that is blocking you getting online with IE
For the reports file I only need the detected threats portion - that will be a lot smaller
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
#22
Posted 20 August 2011 - 10:36 AM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
hello again, essexboy!
I was able (finally!) to disable McAfee and I think I now have entirely free access to the 'net! I am able to run Internet Explorer and I was able to update the ComboFix program, which I then ran and generated a new log from (2nd ComboFix log.txt)--see attached.
2nd ComboFix log.txt 45.18KB
224 downloads
As to the previous Kaspersky scan log, I had closed the program thinking I got what you wanted so all I have is the full log. I searched that large file for occurrences of the word "detected" and found the following, which I remember was found and quarantined or deleted yesterday:
8/19/2011 7:03:57 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
and
8/19/2011 7:17:17 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com
and in addition I found the following when I searched again for "trojan":
8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\Desktop\OTL (1).com
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com
So these were all that were found in that first scan.
I re-launched Kaspersky Virus Removal Tool and ran the Automatic Scan again on System memory, Hidden startup objects and Disk boot sectors. There were no threats detected. I began a full scan including the entire C drive but that took nearly 5 hours last night so I wonder if it's necessary to do that again? I'll let it run until/unless I hear from you that it's not necessary.
I was able (finally!) to disable McAfee and I think I now have entirely free access to the 'net! I am able to run Internet Explorer and I was able to update the ComboFix program, which I then ran and generated a new log from (2nd ComboFix log.txt)--see attached.
2nd ComboFix log.txt 45.18KB
224 downloadsAs to the previous Kaspersky scan log, I had closed the program thinking I got what you wanted so all I have is the full log. I searched that large file for occurrences of the word "detected" and found the following, which I remember was found and quarantined or deleted yesterday:
8/19/2011 7:03:57 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
and
8/19/2011 7:17:17 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com
and in addition I found the following when I searched again for "trojan":
8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\Desktop\OTL (1).com
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com
So these were all that were found in that first scan.
I re-launched Kaspersky Virus Removal Tool and ran the Automatic Scan again on System memory, Hidden startup objects and Disk boot sectors. There were no threats detected. I began a full scan including the entire C drive but that took nearly 5 hours last night so I wonder if it's necessary to do that again? I'll let it run until/unless I hear from you that it's not necessary.
#23
Posted 20 August 2011 - 10:42 AM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
I was able to launch, update and run RegistryBooster! It reports 2088 registry errors. Here is the "latest scan results" file that RegistryBooster generated:
latest_scan_results.txt 920.55KB
113 downloads
Shall I proceed to Fix those Errors?
latest_scan_results.txt 920.55KB
113 downloadsShall I proceed to Fix those Errors?
Edited by ozarknature, 20 August 2011 - 11:00 AM.
#24
Posted 20 August 2011 - 11:37 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
To be honest I would leave the registry well alone, removing them will make no difference to the stability of your system. On the contrary it may make it unstable
What is the current state of play ?
What probems remain to be resolved ?
What is the current state of play ?
What probems remain to be resolved ?
#25
Posted 23 August 2011 - 07:29 PM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
hello essexboy,
Sorry to have been offline for several days. I have had some personal business to take care of. Now I'm back and ready to do battle with the malware once again. I hope you haven't given up on me!
Since I last messaged you, I have been able to re-install Microsoft Office, and for the most part it works ok.
I have had less success with Java. I have not been able to re-install the current version of Java 6; I keep getting an error message that the installer can't find the .msi file in the appropriate location. It disappeared along with all my apps in the malware attack. I was able to download and install Java 7, however, and it seems to work OK.
I have been able to re-install some of HP's proprietary software programs that come with the operating system, however some of these won't install. The installer starts but then quits with no error message or indication that it has shut down.
As to security, I was able to disable and/or remove all the conflicting programs and reinstalling McAfee security-as-a-service anti-virus and firewall. One problem I'm having, though, is Windows keeps telling me I don't have a firewall enabled but McAfee says I do. Is there an easy way for me to confirm that the McAfee firewall is working? the SAAS software is entirely web-based cloud software nowadays so I'm not familiar with how one tests it to be certain it's working properly.
I'm also continuing to have problems in these areas:
* Unstable installations of Adobe's shockwave player, and occasional problems with flash player and Adobe Air. The installations seem to complete properly but I am having unpredictable crashes within browsers, more with shockwave and Air than with Flash. This happens in all the web browsers I use: IE9, Firefox 6, Safari 5.1, and Google Chrome 13.
* Attempts to install some other software won't complete, some with error msg saying a necessary installer .msi could not be found, others giving error code numbers, etc.
* Several software programs I've successfully installed do not show up on the All Programs list (the 'back side') of the Start Menu, whereas normally the app would install the app's shortcuts there by default.
Do these issues indicate any obvious cause?
Sorry to have been offline for several days. I have had some personal business to take care of. Now I'm back and ready to do battle with the malware once again. I hope you haven't given up on me!
Since I last messaged you, I have been able to re-install Microsoft Office, and for the most part it works ok.
I have had less success with Java. I have not been able to re-install the current version of Java 6; I keep getting an error message that the installer can't find the .msi file in the appropriate location. It disappeared along with all my apps in the malware attack. I was able to download and install Java 7, however, and it seems to work OK.
I have been able to re-install some of HP's proprietary software programs that come with the operating system, however some of these won't install. The installer starts but then quits with no error message or indication that it has shut down.
As to security, I was able to disable and/or remove all the conflicting programs and reinstalling McAfee security-as-a-service anti-virus and firewall. One problem I'm having, though, is Windows keeps telling me I don't have a firewall enabled but McAfee says I do. Is there an easy way for me to confirm that the McAfee firewall is working? the SAAS software is entirely web-based cloud software nowadays so I'm not familiar with how one tests it to be certain it's working properly.
I'm also continuing to have problems in these areas:
* Unstable installations of Adobe's shockwave player, and occasional problems with flash player and Adobe Air. The installations seem to complete properly but I am having unpredictable crashes within browsers, more with shockwave and Air than with Flash. This happens in all the web browsers I use: IE9, Firefox 6, Safari 5.1, and Google Chrome 13.
* Attempts to install some other software won't complete, some with error msg saying a necessary installer .msi could not be found, others giving error code numbers, etc.
* Several software programs I've successfully installed do not show up on the All Programs list (the 'back side') of the Start Menu, whereas normally the app would install the app's shortcuts there by default.
Do these issues indicate any obvious cause?
#26
Posted 24 August 2011 - 03:49 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK first thing to do is confirm that the MSI is OK by downloading and installing the latest copy
Go to this MS page and select the download appropriate for your system - it will be one of these two:
Then go to click start
Select All Programmes
Select Accessories
Right click Command prompt and select run as administrator
Type in the black box sfc /scannow
Once done reboot and let me know of the result
Go to this MS page and select the download appropriate for your system - it will be one of these two:
Windows6.0-KB942288-v2-ia64.msu 3.0 MB Download
Windows6.0-KB942288-v2-x64.msu 2.0 MB Download
Then go to click start
Select All Programmes
Select Accessories
Right click Command prompt and select run as administrator
Type in the black box sfc /scannow
Once done reboot and let me know of the result
#27
Posted 24 August 2011 - 10:55 PM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
Unfortunately, neither of those two programs worked. I got error messages from both saying that my system was not supported by those. I am guessing they aren't designed to run on Windows 7?
#28
Posted 25 August 2011 - 12:23 AM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
Here's something strange! I am running the "Hardware and Devices Troubleshooter" program in Windows 7. It identified 4 missing Microsoft drivers: ISATAP Adapter, ISATAP Adapter #2, Teredo Tunneling Adapter, and 6to4 Adapter. The program attempted to locate and install replacements but could not find them either on the hard drive or online. I'm wondering if I should try to find and download/install these?
#29
Posted 25 August 2011 - 03:22 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Did the sfc scannow find any problems ?
Also how is the coomputer behaving now
Thos two programmes should run on windows 7
Also how is the coomputer behaving now
Thos two programmes should run on windows 7
#30
Posted 26 August 2011 - 11:43 AM
ozarknature
- Topic Starter
-
- Member
-
- 21 posts
Member
hi Essexboy,
I thought I'd sent my reply to you yesterday but apparently I forgot to hit Send. Sorry about that!
I ran the scannow program and came up with 100% clean report.
I'm still unable to install some of the HP proprietary software, e.g. HP MediaSmart Video. The installer in that case keeps failing before the process completes.
The system in general seems quite stable now. It appears that the anti-virus and firewall are working OK and MS Office seems OK too.
I thought I'd sent my reply to you yesterday but apparently I forgot to hit Send. Sorry about that!
I ran the scannow program and came up with 100% clean report.
I'm still unable to install some of the HP proprietary software, e.g. HP MediaSmart Video. The installer in that case keeps failing before the process completes.
The system in general seems quite stable now. It appears that the anti-virus and firewall are working OK and MS Office seems OK too.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
