Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware /hidden boot partition HELP! [Solved]


  • This topic is locked This topic is locked

#16
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i cannot install MS security essentials.

i can run MS expression web buti need to activate. I've been using this on the infected computer for more than 3 years.

MS office is no longer available on my computer. it's there, i can see it in the programs folders. it is not available through windows and all of the icons were removed from the computer.

That's my desktop and primary computer. fortunately I can use another computer to do some work.

thanks,
Sally
  • 0

Advertisements


#17
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Activating Windows ...

Please try to follow these steps here. Tell me what exatcly happens. Did that work?

Question

What is exactly happened with the hidden boot partition? From where do you know there's a hidden boot partition? Please explain ...
  • 0

#18
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
when i try to activate windows i see the dialog box:
  • Activating Windows

    please wait

  • Windows Activation

    a problem occurred when windows tried to activate. Error code 0x8007000
    D

    The code apparently means the data i entered is invalid

  • There is a link to call microsoft but that just brings up a dialog for HP support
Activating Windows

I'm no longer sure it's a hidden partition - may be hp's system and boot partition.

I cannot find my "ultimate" disc and would consider downgrading to win 7 professional, because i have more than 1 copy of that and the product key.

i downloaded and attempted to install avast. it seemed to install but nothing works.

my full scan with malware bytes is finished in less than 10 minutes. past scans took more than a couple of hours.

Thanks for your help,
Sally

Edited by sallyw, 01 December 2013 - 10:29 AM.

  • 0

#19
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

There is a link to call microsoft but that just brings up a dialog for HP support

And what does this HP support windows display? A screenshot would be PERFECT! :)

may be hp's system and boot partition.

I think it is a recovery partition, or not?

Well done so far ... :)
  • 0

#20
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
dialog boxes attached as images.

Attached Thumbnails

  • screen shot after attempt to activate windows with  win7ULTIMATE key.JPG
  • screen shot after clicking contact microsoft by phone.JPG

  • 0

#21
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
In the opinion of my teacher and me it would be a better and faster option to make a complete reinstall of Windows 7 Pro. What do you think about it? Do you need help there?
  • 0

#22
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks. I think i have not rid the computer of the virus/malware because I still cannot run any anti-virus software. i would like to get rid of the virus/malware and then make the decision.

I have too many programs that have been through a lot of upgrades and the prep would be long.

Is it likely impossible to get rid of the virus?

thanks,

Sally
  • 0

#23
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.
  • 0

#24
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks so much for your help. I ended up at Microsoft a couple of hours ago and they were able to activate windows. My product key was good but something was interfering. It took direct intervention.

Although i think all the malware is gone (THANK YOU!) and things are working okay, i would like to run a scan. I had to uninstall malwarebytes because it wouldn't run. will reinstall and run but am not sure that's going to make me comfortable since it didn't stop whatever bug hit last week.

What do you recommend i run for a clean opinion? If you recommend that i follow the instructions above, I will.

Thanks,

Sally.w

Edited by sallyw, 02 December 2013 - 01:31 PM.

  • 0

#25
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
We will scan for remnants then. Now you can run AntiVirus Programs etc.?
  • 0

Advertisements


#26
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#27
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i could not run avast and ended up removing it using their removal tool because windows uninstall wouldn't work. after uninstalling i installed MS security essentials.

malware bytes still would no run so i uninstalled it. i plan to put it back because i've paid for it - pro version on all computers which is why i don't understand how something got into my system.
  • 0

#28
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thanks. I ran both and paste results here.


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Wizard Associates :: WIZARD [administrator]

Protection: Disabled

12/2/13 6:41:54 PM
mbam-log-2013-12-02 (18-41-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 302218
Time elapsed: 17 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Wizard Associates\Downloads\cole2k.media.-.codec.pack.v7.9.5.-advanced-.setup.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Users\Wizard Associates\Downloads\wzcourier35.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)


ESET Results:

C:\Users\Administrator\AppData\LocalLow\FCTB000061107\Toolbar\Toolbar.dll.new Win32/Toolbar.BHO.B application
C:\Users\Wizard Associates\AppData\Local\Microsoft\Windows Live Mail\Sallywillar 28\2012\22590D68-00000019.eml HTML/Phishing.Agent.A trojan
C:\Users\Wizard Associates\Documents\eFax\msgrplus.exe a variant of Generik.MZYNNXP Trojan
  • 0

#29
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
How is your computer running now? Any issues?
  • 0

#30
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
still a little slow to boot up. but the programs are running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP