Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mystery malware attack; makes almost all applications disappear, leave


  • This topic is locked This topic is locked

#16
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Still having trouble turning off all anti-malware processes but got most of it. Still working!

Attaching the report from RogueKiller #6 per your request.
Attached File  RKreport1a.txt   1.04KB   52 downloads

Will have ComboFix report shortly...
  • 0

Advertisements


#17
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Attaching results of the ComboFix run. Unfortunately the system would not allow ComboFix to update itself so I let it run as it was. I am still unable to install Java on my machine. Internet Explorer still will not make any connections. Google Chrome and Firefox both work fine except that Java plug-ins won't install. iTunes works fine.

Log.txt from ComboFix:
Attached File  log.txt   44.02KB   55 downloads
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To restore the administrative tools shortcuts run the programme on this page

Then go to this page to restore the other shortcuts

Then to try and reset IE go to this page and run both fixits there



Once you have done all that I will run a deep analysis tool

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#19
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello again!

OK, here's what I've done so far...

1. I was able to remove Avast by using the installer. I am, however, now having problems with McAfee Security-as-a-Service which was previously installed and which I thought I had removed before installing Avast. I think McAfee is causing problems with the applications you're recommending I use being unable to communicate over the internet, as I will explain below.

2. I was able to download and restore the Start Menu shortcuts and the Administrative Tools Folder. I'm pretty sure those are working fine now.

3. I downloaded and tried to run (a) Uniblue Registry Booster and (b) the Microsoft FixIt but both programs refused to work. Registry Booster gave me a result that was like a '404'-type window in Internet Explorer. Wondering if this is directly related to IE's failure to launch? With MS FixIt, I got the error msg "Fix it troubleshooting cannot continue because an error occurred. We're sorry, but the program encountered an error trying to contact the server. Please try again later. [Code80072EFD]" The error msg was identical for both FixIt programs.

4. I launched IE and used the Network Diagnostic Tool, as the web page directed. The resulting 'Troubleshooting Report' error msg confirmed that McAfee Firewall is blocking connections, as I feared. Here's the message:

Diagnostics Information (Network Security)
Details about network security diagnosis:

Settings that might be blocking the connection:
Provider name: McAfee Inc.
Provider description: McAfee Firewall
Filter name: GUID_MFE_CONNECT_CALLOUT_V4
Provider context name: -

Network Diagnostics Log
File Name: 19AA3389-4422-4E3E-BBFF-CEB2BD191AE7.Diagnose.0.etl

Other Networking Configuration and Logs
File Name: NetworkConfiguration.cab

Collection information
Computer Name: ZINJA-WARRIOR
Windows Version: 6.1
Architecture: amd64
Time: Friday, August 19, 2011 5:56:26 PM


(The Geeks2Go site won't allow me to upload the 'diagnose.0.etl' file. However I am able to upload the 2 networkconfiguration logs, in case you think they may be of help.)

Attached File  ipconfig.all.txt   6.07KB   45 downloads
Attached File  route.print.txt   4.45KB   37 downloads


5. I attempted to go through WIndows Firewall to disable McAfee but the system wouldn't permit it. Here's the error msg:
"Windows Firewall can't change some of your settings. Error code 0x80070422"


That's as far as I've gotten, and I will continue working on it tonight.

I wonder, since RegistryBooster didn't work, would it make sense to try "Advanced System Care v.4"? I have used this program before. I ran a Deep Registry Fix just now and it showed 5549 'problems.' I have NOT taken any action to remove or fix these registry errors. It did generate a log file so if you think that would be helpful, please let me know and I will post it.

Thanks again for your ongoing help!

David Orr
Fayetteville, Arkansas
  • 0

#20
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I completed the Auto scan (first run) of Kaspersky, and am attaching that report now. Two malware files were caught and deleted. This is a 71 MB file so I used Winzip to compress and split it... This website says that max file size is 1 MB so I zipped this 3 MB file into three parts. Unfortunately the site won't let me upload these .zipx files. Nor can I get it to upload as a .zip! What would you like me to do with this?

I'm going ahead with the manual Kaspersky scan now...
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first priority is to uninstall McAfee

Remove McAfee as per here - McAfee removal tool this should remove the firewall element that is blocking you getting online with IE

For the reports file I only need the detected threats portion - that will be a lot smaller

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


  • 0

#22
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hello again, essexboy!

I was able (finally!) to disable McAfee and I think I now have entirely free access to the 'net! I am able to run Internet Explorer and I was able to update the ComboFix program, which I then ran and generated a new log from (2nd ComboFix log.txt)--see attached.

Attached File  2nd ComboFix log.txt   45.18KB   144 downloads

As to the previous Kaspersky scan log, I had closed the program thinking I got what you wanted so all I have is the full log. I searched that large file for occurrences of the word "detected" and found the following, which I remember was found and quarantined or deleted yesterday:

8/19/2011 7:03:57 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb

and

8/19/2011 7:17:17 PM Detected: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com

and in addition I found the following when I searched again for "trojan":

8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001aeb
8/19/2011 7:57:03 PM Backed up C:\Users\Zinja\Desktop\OTL (1).com
8/19/2011 7:57:03 PM Deleted: Trojan.Win32.Swisyn.bsgf C:\Users\Zinja\Desktop\OTL (1).com

So these were all that were found in that first scan.

I re-launched Kaspersky Virus Removal Tool and ran the Automatic Scan again on System memory, Hidden startup objects and Disk boot sectors. There were no threats detected. I began a full scan including the entire C drive but that took nearly 5 hours last night so I wonder if it's necessary to do that again? I'll let it run until/unless I hear from you that it's not necessary.
  • 0

#23
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was able to launch, update and run RegistryBooster! It reports 2088 registry errors. Here is the "latest scan results" file that RegistryBooster generated:

Attached File  latest_scan_results.txt   920.55KB   33 downloads


Shall I proceed to Fix those Errors?

Edited by ozarknature, 20 August 2011 - 11:00 AM.

  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To be honest I would leave the registry well alone, removing them will make no difference to the stability of your system. On the contrary it may make it unstable

What is the current state of play ?

What probems remain to be resolved ?
  • 0

#25
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hello essexboy,

Sorry to have been offline for several days. I have had some personal business to take care of. Now I'm back and ready to do battle with the malware once again. I hope you haven't given up on me!

Since I last messaged you, I have been able to re-install Microsoft Office, and for the most part it works ok.

I have had less success with Java. I have not been able to re-install the current version of Java 6; I keep getting an error message that the installer can't find the .msi file in the appropriate location. It disappeared along with all my apps in the malware attack. I was able to download and install Java 7, however, and it seems to work OK.

I have been able to re-install some of HP's proprietary software programs that come with the operating system, however some of these won't install. The installer starts but then quits with no error message or indication that it has shut down.

As to security, I was able to disable and/or remove all the conflicting programs and reinstalling McAfee security-as-a-service anti-virus and firewall. One problem I'm having, though, is Windows keeps telling me I don't have a firewall enabled but McAfee says I do. Is there an easy way for me to confirm that the McAfee firewall is working? the SAAS software is entirely web-based cloud software nowadays so I'm not familiar with how one tests it to be certain it's working properly.

I'm also continuing to have problems in these areas:

* Unstable installations of Adobe's shockwave player, and occasional problems with flash player and Adobe Air. The installations seem to complete properly but I am having unpredictable crashes within browsers, more with shockwave and Air than with Flash. This happens in all the web browsers I use: IE9, Firefox 6, Safari 5.1, and Google Chrome 13.

* Attempts to install some other software won't complete, some with error msg saying a necessary installer .msi could not be found, others giving error code numbers, etc.

* Several software programs I've successfully installed do not show up on the All Programs list (the 'back side') of the Start Menu, whereas normally the app would install the app's shortcuts there by default.

Do these issues indicate any obvious cause?
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first thing to do is confirm that the MSI is OK by downloading and installing the latest copy
Go to this MS page and select the download appropriate for your system - it will be one of these two:

Windows6.0-KB942288-v2-ia64.msu 3.0 MB Download
Windows6.0-KB942288-v2-x64.msu 2.0 MB Download


Then go to click start
Select All Programmes
Select Accessories
Right click Command prompt and select run as administrator
Type in the black box sfc /scannow

Once done reboot and let me know of the result
  • 0

#27
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Unfortunately, neither of those two programs worked. I got error messages from both saying that my system was not supported by those. I am guessing they aren't designed to run on Windows 7?
  • 0

#28
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here's something strange! I am running the "Hardware and Devices Troubleshooter" program in Windows 7. It identified 4 missing Microsoft drivers: ISATAP Adapter, ISATAP Adapter #2, Teredo Tunneling Adapter, and 6to4 Adapter. The program attempted to locate and install replacements but could not find them either on the hard drive or online. I'm wondering if I should try to find and download/install these?
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did the sfc scannow find any problems ?

Also how is the coomputer behaving now

Thos two programmes should run on windows 7
  • 0

#30
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
hi Essexboy,

I thought I'd sent my reply to you yesterday but apparently I forgot to hit Send. Sorry about that!

I ran the scannow program and came up with 100% clean report.

I'm still unable to install some of the HP proprietary software, e.g. HP MediaSmart Video. The installer in that case keeps failing before the process completes.

The system in general seems quite stable now. It appears that the anti-virus and firewall are working OK and MS Office seems OK too.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP