Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Microsoft Security Essentials reports- Trogan:Win32/Dynamer!ac [So

Trogan:Win32/Dynamer!ac

  • This topic is locked This topic is locked

#16
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

here's the largest cabinet file....only the DeepClean file seems to be less that 5MB

I believe they are compressed so I am not sure what to do.


  • 0

Advertisements


#17
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Here's the DeepClean file

Attached Files


  • 0

#18
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Here's the DeepClean file

That log is from back in July, so it's not the one we want.  We need specifically the CBS.log file... 
 
Here is how we can do it indirectly:
 
Copy the SFC log to the Desktop Using an Elevated Command Prompt
  • Click the Start button (or Start Orb).
  • In the Search box, type cmd.exe
  • In the list that appears, right click on cmd.exe and select Run As administrator...
  • Copy the below text and paste it into the the Command Window by Right-clicking and selecting Paste:

    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

  • Close the Command Window
  • Find the cbs.txt file on your Desktop and attach it to your reply.

  • 0

#19
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

It's 671 MB 

I can't even open it

 


  • 0

#20
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Wow, that's huge!  It's supposed to be limited to around 50 MB and then a new CbsPersist<date><time>.cab file is created...

  1. Can you Zip/compress it at all, put on a file sharing site, DropBox, Drive, Copy, etc. and share the link?
  2. How many times have you run SFC before this, and is Windows Update working for you?
  3. Try rebooting and check the file size again of C:\Windows\logs\CBS\CBS.log 

In the meantime, I need to consult with my colleagues on this and get back to you.  Hang in there!


  • 0

#21
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

1.Should I compress it with winzip19.5?  The document is a 671 MB .txt file on my desktop simply labeled CBS. Do you think it will compress down to under the 5MB limit?

2. I have never used the sfc /scannow before this. However, I tried several times to copy and paste it (not knowing you can't).

     Afterwards I realized that each time I tried, it rescanned. So, probably 4 or 5 times.

3. Still 671MB after reboot.


  • 0

#22
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

OK, let's see if we can pull out just the SFC results from that mess...
 
Extract the SFC Scan Results from the CBS.log

  • Click the Start button (or Start Orb).
  • In the Search box, type cmd.exe
  • In the list that appears, right click on cmd.exe and select Run As administrator...
  • In the elevated command prompt, copy and paste the command below, and press Enter:
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
  • This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
  • Wait for the command to complete.  When you see a new line appear in the Command Window, you can close it.
  • Find the sfcdetails.txt file on your Desktop and copy/paste its contents in your reply.

  • 0

#23
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Ok, the sfcdetails.txt file is now on my desktop but it's blank (0 bytes).


  • 0

#24
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

The information we need may have been compressed to an archive already.  Let's try a broader approach then.

  1. Navigate to the C:\Windows\logs\ folder, and Copy/Paste the entire CBS folder to your Desktop
  2. Once the CBS folder is copied to your Desktop, try using your WinZip program to archive the entire folder to a zip file.
  3. Upload the zip file to a file sharing site (Google Drive, Copy, Box, DropBox, etc.), and share the link to the archive in your reply.  :)

  • 0

#25
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hope this works

 

https://drive.google...iew?usp=sharing

 

https://drive.google...iew?usp=sharing

 

https://drive.google...iew?usp=sharing

 

https://drive.google...iew?usp=sharing

 

https://drive.google...iew?usp=sharing


  • 0

Advertisements


#26
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Yes I can access those, thanks.  Can you zip up the current CBS.log file and any other files in that folder as well and upload the archive please?  There might be some worthwhile clues in there.


  • 0

#27
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I don't have a file anywhere labeled CBS.log

I do have a text document simply labeled CBS but for some reason I don't have access to it and it seems to be changing in size.

It was 900 MB one day, then 600MB, next 2105 KB, finally 2.05 MB on Google drive!  Still can't access- It tells me to get permission from it's owner.

https://drive.google...iew?usp=sharing

 

 

Zip:

https://drive.google...iew?usp=sharing

 

 

Thanks for helping me with this, if you need something else just walk me through how to do it.


  • 0

#28
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Interesting about the CBS.log.  Maybe Windows is archiving to make a new one? 
 
Your CBS logs indicate you have two corrupted system files, so let's see if we can fix them:
 

First

Create a restore point for Windows Vista, 7

  • Click on the Start Orb
  • Select Control Panel > System
  • In the left column, select System Protection
  • At the bottom right of the System Properties window, click the button labelled Create...
  • Enter a description for the Restore Point.
  • Click the Create button

 

Next

SFCFix Script

Warning: this fix is specific to this machine only.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop.
  • Download SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip – do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a file should be created on your Desktop: SFCFix.txt.
  • The results should return as Fixed:
  • Post the contents of this log in your reply.

Then

Run SFC /SCANNOW

  • Click on the Win7Orb_zps4dae3b32.jpg button. Inside the search box type in CMD
  • Right click on CMD => Choose Run as Administrator
  • Inside the Command Prompt windows copy and paste the following command
    SFC /SCANNOW
  • Please wait for this to Finish before continuing with any other steps.

Let me know if SFC still reports errors and post the message you get when it's finished.

 

After SFC is completed, also let me know how the computer is running (i.e. is it still slow?). :)


  • 0

#29
kriskringleali

kriskringleali

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Is this normal?  Under system properties, the available drives are:

Recovery (D:)  protection is off

Local Disk (C:) (System) protection is on

 

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-09-12 17:07:19.388
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\mike\Desktop\SFCFix.zip [0]

 

PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json

Successfully copied file C:\Users\mike\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json to C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json.
Successfully copied file C:\Users\mike\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json to C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json.

Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json
PowerCopy:: directive completed successfully.

 

Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-09-12 17:07:23.305
Script hash: Sz20Fv8jfGapU+nUI9JBWuyv8aCnEq2LnhycxfNs7JU=
----------------------EOF-----------------------

SFC/ SCANNOW:

Windows Resource Protection did not find any integrity violations


  • 0

#30
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Is this normal?  Under system properties, the available drives are:

Recovery (D:)  protection is off

Local Disk (C:) (System) protection is on

If you mean System Restore, then yes.  The Recovery partition is normally not protected by System Restore as it's meant to be read-only.

 

It looks like the System File Checker was able to complete successfully.  :thumbsup:

 

How is the computer running?

 

If it is still slow, please let me know the following:

  1. How old is the computer?
  2. What is the make/model number?
  3. Are there any other symptoms or information you can provide to help describe the slowness? (web browsing, opening programs, mouse "skipping" etc.)
  4. Is it as slow if left shut off for an hour or more and you power it on and start using it (cold start)?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP