Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit scan ruined starting Windows 7 Ultimate [Solved]

Rootkit scan Win 7 sign-in screen

  • This topic is locked This topic is locked

#76
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Short update--I hibernated the computer with IE still open to this page; however, while the computer came out of hibernation, IE didn't and wouldn't respond to any clicks or refreshes and then went into "Not Responding" so that I had to kill IE and start again.

To be honest the Hibernation feature with Windows is problematic at the best of times and what most likely occurred was when you woke up your machine it took some time to fully re-initialise from the what is known as the hiberfil.sys which Windows uses to store the contents of the system memory. Hence you encountered this problem, I doubt it is a major issue though and personally I would not use the aforementioned feature as it has a propensity to eat up valuable storage space on the system drive.

I have completed the uninstall of Avast! and installation and scan of MSE.

Good.

I don't know if I had a problem with starting in Safe Mode or not. I was attempting to Restart the computer and F8, but when that didn't work after a couple of attempts, I shut down completely, waited, then started and hit F8 to go into Safe Mode with no problem. I'm just not familiar with whether or not Safe Mode is supposed to be achievable from a Restart.

I do not think this is a cause for concern and probably just the vagaries of your machines make etc.

Install IE 11:

Go here to download the offline installer for Internet Explorer 11.

The version you will require is:-

English Windows 7 SP1 64-bit

Then click on the purple Download button and save the file to your desktop.

Once downloaded, right-click on IE11-Windows6.1-x64-en-us.exe and select Run as Administrator >> follow the prompts.

New Java Installation:

Go to this web-page --> Java Downloads for All Operating Systems

Scroll down to:-

Which should I choose?

Then click on Windows Offline (64-bit), save this file to the desktop.

Once downloaded, right-click on jre-8u45-windows-x64.exe and select Run as Administrator >> Install>.

Note: If the installer offers any third party software and or browser add-ons to be installed, decline/deselect etc.

When installed follow the advice below:-

How to Disable Java in your Web Browser

Next:

When completed the above let myself know and if any further issues remaining. If not we will remove all tools used during the course of the malware removal process and I will also provide some advise about online safety.
  • 0

Advertisements


#77
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

Before IE rollback--using X button to close doesn't close all tabs that were open in the IE window. When I restarted, I chose to restore session. Tabs opened including “home tabs” and Internet Explorer error box appeared, worked, offered to close program, which I selected, the box went away, and IE stayed open.

I used File/Exit to close IE but out of about 10 tabs 5 stayed open in Processes. I waited a few minutes then killed each one to make sure there was no interference with the IE 11 installation.

Installation went fine.

After reinstalling IE 11 and opening it:

IE error.jpg
 

 

 

Also IE won't start with tabs from last time. Is there a particular reason I can't just go back to IE 10 until maybe IE 12 arrives?

 

Java procedures completed as instructed.


  • 0

#78
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Lets check/try a few things first as follows...

Check for any Windows Updates again(I recall you mentioned prior some were waiting to be installed and since your machine appears to be malware free no harm doing so at this time) via Start(Windows 7 Orb) >> Windows Updates >> Check for updates, download/install all Critical Updates then reboot your machine etc.

Still problems with IE 11, create a new user account and test IE 11 again. If unsure how to, a very good tutorial can be viewed here.

Let myself know the outcome of the above in your next reply please.
  • 0

#79
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

 

Interim report: Important updates were installed, with a hitch re: cumulative security update for IE 11 KB3038314 giving many people an error code 80092004. After a Google Search and reading 7 pages here:

 

http://answers.micro...ab-420e45840077 and no solution I have decided to temporarily follow this advice:

KB3038314 fails today 2014.4.17

New today and is failing error 80092004
Heads-up - - I would defer attempting to installing this for a while.

btw: it's related to IE 11 on Win/7 sp1 32/64 bit

 

http://topusefulsolu...today-2014-4-17

 

I had the same error installing this update on my Asus as well. I still need to create and test a new user account for IE.

 

Thanks.


  • 0

#80
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged. :)
  • 0

#81
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

 

Still having the same issues with IE as before while using a different user account.


  • 0

#82
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Referring back to this you mentioned prior:

Is there a particular reason I can't just go back to IE 10 until maybe IE 12 arrives?

Actually you can carry out another rollback to IE 10 if you so wish since the above has made no changes and I doubt any future IE upgrades released that our Windows 7 compatible will make any difference in this particular situation. Overall sometimes some machines are just not suited to IE 11, however in this instance the underlying problem could very well be Operating System based rather than malware related. However taking into account the machine was unbootable to start with and all the other problems along the way encountered, the salient fact is after nearly seven weeks not much else I can advise/do at this point I am sorry to say.

Technically having a out of date version of IE in use(regardless still supported by Microsoft) can be deemed a security risk, so you choice to to continue forward merely using IE 10 or not. Though I do suggest you consider backing up all required then carry out a reformat and reinstallation of the Windows Operating System.

Next:

Please let myself know your decision, as in do you plan to perform a rollback again and continue using IE 10 or not ?
  • 0

#83
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Dakeyras,

 

I believe the IE 11 issue is indeed operating system based, but not in such a way as would make any difference by reinstalling my particular version of the OS, since the exact same problems are also experienced on my Asus machine, which has Win 7 Home Premium. For the present I will keep version 11; I simply do not plan to use it; rather I will continue to use Firefox as my preferred browser.

 

I realize this has been a long, drawn-out process and appreciate your willingness to stick with me to see things through. I did express my appreciation a couple of weeks ago via a donation to the site that is a token of my gratitude, even if I am unable to afford what is actually deserved.

 

I stand ready to receive any final words of advice you have to impart. Thanks.


  • 0

#84
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

All acknolwedged, I always respect the wishes of those I assist and you are most welcome!

Clean-Up with DelFix:

Please download DelFix to your desktop.
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select the three options denoted:
DF2.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser?

Also so is this:

What to do if your Computer is running slowly

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:
  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Check your third party software is up to date:

Certain software such as Adobe and Java related for example can be exploited by malware if it is not up-to date. I advise you consider downloading and installing Heimdal Free. Further information about this application can be read on the download page.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives at MajorGeeks.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advise is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#85
mtnester

mtnester

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts

Hi,

 

Wow. I have a lot of reading to do. Thanks for all the good information. As requested, here is the log for delfix:

 

# DelFix v10.9 - Logfile created 20/04/2015 at 21:27:15
# Updated 27/02/2015 by Xplode
# Username : DV7 - DV7-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.0.0.44_29.03.2015_00.31.18_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_29.03.2015_00.34.02_log.txt
Deleted : C:\Users\DV7\Desktop\Addition.txt
Deleted : C:\Users\DV7\Desktop\AdwCleaner.exe
Deleted : C:\Users\DV7\Desktop\Fixlog.txt
Deleted : C:\Users\DV7\Desktop\FRST.txt
Deleted : C:\Users\DV7\Desktop\FRST64.exe
Deleted : C:\Users\DV7\Desktop\FSS.exe
Deleted : C:\Users\DV7\Desktop\FSS.txt
Deleted : C:\Users\DV7\Desktop\JRT.exe
Deleted : C:\Users\DV7\Desktop\JRT.txt
Deleted : C:\Users\DV7\Desktop\MiniToolBox.exe
Deleted : C:\Users\DV7\Desktop\Result.txt
Deleted : C:\Users\DV7\Desktop\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #78 [Scheduled Checkpoint | 11/06/2014 06:11:15]
Deleted : RP #79 [Windows Update | 11/06/2014 21:28:00]
Deleted : RP #80 [Windows Update | 11/08/2014 02:40:00]
Deleted : RP #81 [Restore Operation | 11/14/2014 01:09:29]
Deleted : RP #82 [avast! antivirus system restore point | 11/14/2014 01:18:23]
Deleted : RP #83 [Restore Operation | 11/14/2014 02:50:08]
Deleted : RP #84 [avast! antivirus system restore point | 11/14/2014 03:00:46]
Deleted : RP #85 [avast! antivirus system restore point | 11/15/2014 16:58:47]
Deleted : RP #86 [Windows Update | 12/12/2014 20:55:08]
Deleted : RP #87 [Scheduled Checkpoint | 12/25/2014 07:05:10]
Deleted : RP #88 [Windows Update | 12/25/2014 07:10:42]
Deleted : RP #89 [Windows Update | 12/29/2014 04:05:20]
Deleted : RP #90 [Scheduled Checkpoint | 01/05/2015 05:24:11]
Deleted : RP #91 [Windows Update | 01/09/2015 19:01:20]
Deleted : RP #92 [Windows Update | 01/14/2015 09:58:11]
Deleted : RP #93 [Windows Update | 01/20/2015 19:44:03]
Deleted : RP #94 [Windows Update | 01/27/2015 22:21:30]
Deleted : RP #95 [Windows Update | 01/31/2015 07:15:07]
Deleted : RP #96 [Installed Adobe Reader XI. | 02/02/2015 21:56:40]
Deleted : RP #97 [avast! antivirus system restore point | 03/24/2015 19:40:21]
Deleted : RP #95 [Removed Java 7 Update 67 | 03/30/2015 07:27:31]
Deleted : RP #96 [Removed Java 8 Update 25 | 03/30/2015 07:52:20]
Deleted : RP #98 [Restore Point Created by FRST | 03/30/2015 08:50:33]
Deleted : RP #99 [Tweaking.com - Windows Repair | 04/10/2015 03:08:22]
Deleted : RP #100 [avast! antivirus system restore point | 04/10/2015 05:11:50]
Deleted : RP #99 [avast! antivirus system restore point | 04/11/2015 19:21:44]
Deleted : RP #100 [avast! antivirus system restore point | 04/12/2015 22:04:27]
Deleted : RP #101 [Windows Modules Installer | 04/14/2015 04:04:34]
Deleted : RP #102 [Windows Update | 04/16/2015 00:12:22]
Deleted : RP #103 [Windows Modules Installer | 04/16/2015 17:02:01]
Deleted : RP #104 [Windows Update | 04/18/2015 00:30:18]
Deleted : RP #105 [Windows Update | 04/18/2015 04:16:57]

New restore point created !

########## - EOF - ##########

 

 

Just an observation: when I created the new user account for Windows, I noticed that the look is quite different from that which I have been using; i.e., I now know what a Start "Orb" is. The original (administrator account) has the old square start button. Also IE looks very different In the two versions. What would be the cause for that, I wonder?

 

Now that I have run DelFix and posted the log I will clean up the leftovers (Tweaking.com, screenshots, etc), empty the Recycle Bin and go back to your post to read recommended pages and install recommended programs that I don't already have. Thanks so much!

 

 

PS: I can't remember--was Panda Cloud Cleaner something you had me download or did I already have it?


Edited by mtnester, 20 April 2015 - 07:57 PM.

  • 0

Advertisements


#86
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Just an observation: when I created the new user account for Windows, I noticed that the look is quite different from that which I have been using; i.e., I now know what a Start "Orb" is. The original (administrator account) has the old square start button. Also IE looks very different In the two versions. What would be the cause for that, I wonder?

You are probably using the Windows Classic View and the test account would have been the Windows 7 default, the below articles explain how to use both etc.

Change Windows to Classic view

Personalising your computer

PS: I can't remember--was Panda Cloud Cleaner something you had me download or did I already have it?

We used that during the course of the malware removal process and you may uninstall if you so wish.

Thanks so much!

You're welcome!
  • 0

#87
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Rootkit scan, Win 7, sign-in screen

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP