Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.zekos.patched has frozen my computer [Closed]


  • This topic is locked This topic is locked

#31
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I ran the IE browser as administrator with no luck, your link to BitDefender still doesn't bring anything up.  I tried to open Google Chrome instead but it didn't work at all and the computer then locked up.


  • 0

Advertisements


#32
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

 

the computer then locked up.

 

Hmm... I wonder... might not be malware.

 

Let's do this:

 

You could try System File Checker

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories  right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
 
2.At the command prompt, type the following command, and then press ENTER:
 
sfc /scannow

Note the gap between c and / it should be there.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Tell me if that finds anything.
 

After that

 

Please run Chkdsk:
 

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.
 
If you need further help go here for information on how to run Chkdsk in Windows 7
 
Come back and tell me how it went.

 

 


  • 0

#33
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I copied the shortcut from the BitDefender link that you provided while I was on my infected computer and this is what came up when I pasted it:

 

http:/ /api.viglink.com/api/click?format=go&jsonp=vglnk_143462964695815&key=bf4adfcbb328b51c165afd7f95bfc060&libId=ib25fepc010000j1000DAel6ygrfl&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F353211-trojanzekospatched-has-frozen-my-computer%2Fpage-2&v=1&out=http%3A%2F%2Fwww.bitdefender.com%2Fscanner%2Fonline%2Ffree.html&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F353211-trojanzekospatched-has-frozen-my-computer%2F&title=Trojan.zekos.patched%20has%20frozen%20my%20computer%20-%20Page%202%20-%20Geeks%20to%20Go%20Forum&txt=BitDefender%20Online%20Scanner

 

IE couldn't open any web page from this link.

 

When I copied the shortcut while on my uninfected computer I got the correct link:

 

http ://www.bitdefender.com/scanner/online/free.html

 

This seems like some sort of malware at work changing the link to something entirely different.

 

As I reported on my original post Malwarebytes detected a Trojan.zekos.patched7645P0 so there must be malware involved.

 

 

 

I ran sfc /scannow and it found no integrity violations.

 

I am attempting to do the disk check but I'm not sure if it is even running.  On the screen it says:

 

Checking file system on c:

The type of file system is NTFS.

 

A disk check has been scheduled.

To skip the disk checking, press any key within one second(s).

 

It's been like this for fifteen minutes, I'll leave it sit for a while.


Edited by Washetoo, 18 June 2015 - 07:35 PM.

  • 0

#34
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

To skip the disk checking, press any key within one second(s).

 

It's been like this for fifteen minutes, I'll leave it sit for a while.


I take you mean that you are not going to reboot and let Chkdisk run at this point?
 

As I reported on my original post Malwarebytes detected a Trojan.zekos.patched7645P0 so there must be malware involved.


Yes, it patches rpcss.dll which seems to be genuine (okay) on your machine (confirmed by running System File Check). My thought was that Malwarebytes fixed it but maybe there was some residual corruption hence these actions.

 

 

IE couldn't open any web page from this link.

 

I believe that api.viglink.com link is a click tracking service. Not malware as such, rather adware. It has been reported to cause problems on sites it links to.

Let's see if you can run this one:

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
 

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  •     Double click on zoek.exe to run.
  •     Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the box:

            Auto Clean
           
  •     Click on Run script button
  •     Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  •     Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"
 


  • 0

#35
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

MalwareBytes did not fix anything as it never was able to finish the heuristic scanning always stopping to advance just before the end.  By this time the computer was locked up anyway.

 

Now the computer is stuck in a disk check mode.  I set it to do the disk check as you suggested but I guess because I shut down incorrectly it won't work properly.  When disk check starts I am unable to stop it by striking a key.  Then it hangs at the start up screen without doing any disk checking.  All I can do is shut down incorrectly again to stop it.  How do I stop this loop?

 

I'll download zoek.exe.


  • 0

#36
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Why are you attempting to stop chkdsk?

 

 

I guess because I shut down incorrectly it won't work properly.

 

Why do you think it is not working?


  • 0

#37
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

It doesn't advance beyond the opening screen.


  • 0

#38
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Are you saying it freezes or that it just doesn't seem to be doing anything?

When you reboot it should go to a black screen and then go throught the chkdsk process, at times it will appear to be doing nothing... just wait and after a bit you should see it start again. You don't do anything... it is a very thorough check of the HDD... be patient. It can take over an hour to complete and may take considerably longer if it finds much amiss on the drive... it's important to let it complete.
 


  • 0

#39
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

What I mean when I say freeze or locks up is that everything has gone into non-responding mode.  If in Windows at the time then all of the open windows and anything in them has become unresponsive and any program progress bars stop advancing.  I can move the cursor around with the mouse but I can't select anything.  It normally starts to freeze up about 8 or 10 minutes after I boot up the computer.  The scans managed to work beyond the freeze up time but usually I could not access the logs until I shut off the computer wrong and rebooted.  Then I would have a few minutes to save the scan logs on a flash stick.  Running ESET on the internet worked the same as the scans meaning that the program operated beyond the time that the windows were all non-responding.  ESET takes hours to run however and the scans were finished in minutes.  After running for a while ESET apparently hit some sort of time limit and stopped working as well.  After the freeze ups I had to shut down wrong every time.  Most times I restarted and performed a clean shut down before I ran the various scans and processes.

 

With chkdsk I could not stop the check from starting by selecting any key as it says so it's probably frozen from start up.  After that I assumed it was frozen when the screen did not advance beyond the opening screen and I could not detect any activity on the computer.  If the hard drive is being accessed there is normally some sort of sound and a light blinks somewhere on the box.  I have left it running this way for hours and nothing changed.  I read that chkdsk does not run properly when the computer is shut down wrong so I need to find a way to do a clean shut down.

 

I left chkdsk run overnight, the last time I checked it, it still displayed the opening screen.  In the morning the computer was in sleep mode and when I started it the screen was black.  I could do nothing with it so I shut off the computer.  I started up with F8 and chose start up with last known best configuration and I got rebooted to windows.  I performed a clean shut down and left it like that.  Tonight I plan to start it up and see if it starts chkdsk again, if it does I will let it run.  If it does not run chkdsk and opens in Windows I will run zoek.exe.


  • 0

#40
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I ran Zoek.exe, the computer froze up again in a few minutes before a report was produces.  I let it sit with Zoek "running" for two hours then shut it down as it appeared to be stalled.  I restarted the computer and retrieved the report below.  The computer still freezes up after a few minutes.  Should I run Zoek again and see if it was stopped before it found everything?  Now that It is loaded I can start it quicker and give it more time to run before the computer freezes up.

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Steven on Fri 06/19/2015 at 16:46:27.04.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Steven.Steven-PC\Desktop\zoek.exe [Scan all users]  [Checkboxes used]

==== System Restore Info ======================

6/19/2015 4:47:17 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\stinger deleted successfully
C:\Users\Steven.Steven-PC\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Steven.Steven-PC\AppData\Roaming\ParetoLogic deleted successfully


  • 0

Advertisements


#41
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

There are some strange things happening.

I don't see rootkit infection on your machine. The malware zekos seems to be either a false positive or to have been fixed.

FSS said you didn't have internet access and yet you were able to connect through Viglink.com.

Zoek says you have no internet access but earlier you seemed to access the ESET site although you did found problems running the scan.

It normally starts to freeze up about 8 or 10 minutes after I boot up the computer.


Could be malware but also it suggests you might have an overheating or/and a hard drive problem. The hard drive is already suspect in that you don't seem to be able to run chkdsk. Chkdsk would run before any malware could interfere.

Here are some things to check:

Go to the link below for some information about symptoms of overheating.

http://www.ehow.com/...g-symptoms.html

Go to the link below for some actions you can take to reduce overheating

http://www.ehow.com/...-computers.html

Go to this link for understanding and trouble shooting your dell hard drive.

And here for Dell Diagnostics.

Come back and tell me how you got on.
  • 0

#42
Washetoo

Washetoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I took it offline for most of this.  I went online to run ESET.  I don't know about the FSS instance, I may have connected it after FSS started for some reason.

 

I don't think overheating is a problem.  The thermal controls read ambient temperatures around 23 degrees C after startup with nothing running.

 

I ran the PSA+ test on the hard drive and got this:

 

error code 0142

Msg: Error Code 2000-0142

Msg: Hard Drive 0 - self test unsuccessful. Status: 79

The given error code and message can be used by Technical Support to help diagnose the problem

Do you want to continue testing?

 

This looks like a hard drive problem.

 

I tried chkdsk again with no luck.

 

I'm going to try a Dell online hard drive diagnostic if I can make it work.


  • 0

#43
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

 

This looks like a hard drive problem.

 

My thinking too. :(

 

I think it would be good to backup whatever you want to keep. Those symptoms are a warning, time to make sure you don't lose something important.

 

I wish you luck. If you get time you might like to drop back and tell us what the outcome is. :)


  • 0

#44
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,016 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP