Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus programs, Malwarebytes, SpyBot, AVG, RKill, etc. will not st


  • This topic is locked This topic is locked

#31
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I have downloaded the new utility, rebooted into safe mode, unzipped the files, started the program and it's running.

 

Will get back to you with results when it's finished...

 

BTW, have I said thank you for all your help, yet?

 

If not, thank you for all your help...


  • 0

Advertisements


#32
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

BTW, have I said thank you for all your help, yet?

 

No problem at all. You appear to have something very nasty...possibly a new rootkit. We'll keep digging. Thanks for your patience.


  • 0

#33
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
Brian,
 
It completed and said nothing was wrong (at the bottom of it's window). Though, it didn't leave a text file.
 
I rebooted, tried to use Chrome and got a blue screen.  It rebooted, Chrome now works, but it won't display the VIPRE website again, lol.
 
I can open other websites, like my e-mail, geeks to go, etc.
 
I still can't start any of the other virus utilities, either...

  • 0

#34
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Thanks for the info. Please do the following.

 

Step#1. Retrieve Memory Dump

1. Can you copy C:\Windows\Memory.dmp to your desktop and then zip up and attach? You may need to upload the memory.zip file to a service such as SendSpace or Dropbox if it's too large to attach.

 

Step#2 - Dr Web CureIt
1. Go to the link below and follow the instructions to run Dr Web CureIt.

www.freedrweb.com/cureit

2. Dr Web will scan your computer. When finished a report is generated.
3. Please open and copy and paste the contents back here.
Note: If the log is too long for one post just use as many as necessary or zip and upload as an attachment.

 

Other people are starting to get this same malware so it would be nice to solve it.


  • 0

#35
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

The windows/memory.dmp file is here:

www.desktophud1.com/Brian/MEMORY.zip (copy & paste)

 

I clicked the Dr Web CureIt link, went to the website and clicked on "Start scanning".

 

A window popped up that read, "Start scanning", I clicked it, that window closed and nothing happened...


Edited by carolinachris, 01 September 2015 - 01:56 PM.

  • 0

#36
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Thank you. The link for the Memory Dump doesn't work.


  • 0

#37
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Thank you. The link for the Memory Dump doesn't work.

Brian,

 

The zip file is hosted at that exact address, you may need to copy and paste the link.

 

It works on my PC...


  • 0

#38
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Brian,

 

The zip file is hosted at that exact address, you may need to copy and paste the link.

 

It works on my PC...

 

 

My bad. Thank you.


  • 0

#39
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

Please do the following.

 

Step#1 - Dr Web CureIt
Note: Please boot your machine into Safe Mode With Networking before attempting these steps. I know you have previously tried Safe Mode with other tools but would like to try with this.

1. Go to the link below and follow the instructions to run Dr Web CureIt.

www.freedrweb.com/cureit

2. Dr Web will scan your computer. When finished a report is generated.
3. Please open and copy and paste the contents back here.
Note: If the log is too long for one post just use as many as necessary or zip and upload as an attachment.

4. Boot back into normal mode.

 

 

Step#2 - Enable Driver Verifier
1. Click the Start button, type Verifier and hit enter on the keyboard.
2. Make sure Create custom settings (for code developers) is selected as show below.
     Capture.JPG
 
3. Click Next.
4. Select Select individual settings from a full list.
5. Click Next.
6. Check all of the options except "Force pending I/O requests" and "Low resources simulation" as shown below.
     Check.JPG
 
7. Click Next.
8. Choose Automatically select all drivers installed on this computer.
9. Click Finish.
10. Reboot your machine when prompted.
 
Note: Windows will place extra stress on your drivers so you may notice that your machine is a little less responsive at times but this is normal while we are doing this. The goal is to cause a BSOD that may point us to the culprit. Let's see if you do get a BSOD and if you do please record down as much information as you can from the screen.


  • 0

#40
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

1.  I clicked the Dr Web CureIt link, went to the website and clicked on "Start scanning".

A window popped up that read, "Start scanning", I clicked it, that window closed and nothing happened (same as last time).

 

2.  I followed your instructions, the window simply closed when I clicked "finish", I was never prompted to "reboot" and didn't get a "blue screen of death".

 

 

Follow up: I wasn't "prompted" to reboot, but I did anyway. Now it won't (start up) reboot, unless I use system restore.

 

Do I "Restore" or "Cancel"? 


Edited by carolinachris, 02 September 2015 - 02:38 PM.

  • 0

Advertisements


#41
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

You don't need to use System Restore. Is it giving you a BSOD error when trying to boot?


  • 0

#42
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

I have to leave for a couple hours so wanted to post the following. This should resolve your issue of not being able to boot. It would be great if we could see what the error is on your screen when trying to boot however.

 

Reset Driver Verifier
1. Start your machine in Safe Mode With Networking.
2. Open an elevated command-prompt. To do this, Click your Start button and type cmd in the search box. Right-click the command prompt that shows in the search results as select Run as administrator.
3. Once the command prompt is open, type verifier /reset and hit enter.   Note: There is a space before /reset.
4. Reboot your computer normally now.


  • 0

#43
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

You don't need to use System Restore. Is it giving you a BSOD error when trying to boot?

Brian,

 

No, it is a "Startup Repair" screen, not a BSOD.

 

I pressed "cancel" and it's running the "Startup Repair" program now.

 

I will run the Reset Driver Verifier when it's finished...


Edited by carolinachris, 02 September 2015 - 02:57 PM.

  • 0

#44
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

So "Startup Repair" can't fix the problem. It states, "Unspecified changes to system configuration might have have caused the problem".

 

When I restart, it doesn't fully restart, then I get a BSOD, then it goes into "Do you want to Restore or Repair" again.

 

So I rebooted into "Safe Mode with Networking", ran cmd - verifier /reset, said nothing was wrong and it rebooted normally again.


Edited by carolinachris, 02 September 2015 - 03:47 PM.

  • 0

#45
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,590 posts

That's what I would have expected. Thanks for the info. Did you happen to record any info on the BSOD?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP