Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sony vaio laptop infected with malware [Solved]

Malware Baidu

  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run this to reset the network and then try again

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#32
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Ran FRST then ESET but same result as before

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Ellen (2015-09-26 18:47:47) Run:5
Running from C:\Users\Ellen\Desktop
Loaded Profiles: Ellen (Available Profiles: Ellen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

*****************


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::31d0:163c:4244:e172%3
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : Home
   Link-local IPv6 Address . . . . . : fe80::31d0:163c:4244:e172%3
   IPv4 Address. . . . . . . . . . . : 192.168.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 64.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:47:55 ====


  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try this one ..

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#34
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-09-26 19:43:50
-----------------------------
19:43:50.095    OS Version: Windows x64 6.2.9200
19:43:50.096    Number of processors: 4 586 0x3A09
19:43:50.097    ComputerName: ELLEN  UserName: Ellen
19:43:51.585    Initialize success
19:43:51.674    VM: initialized successfully
19:43:51.675    VM: Intel CPU BiosDisabled
19:44:03.073    AVAST engine download error: 0
19:44:03.077    AVAST engine error: 11003
19:44:15.481    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
19:44:15.485    Disk 0 Vendor: TOSHIBA_MQ01ABF050 AM0G4H Size: 476940MB BusType: 11
19:44:15.723    Disk 0 MBR read successfully
19:44:15.731    Disk 0 MBR scan
19:44:15.739    Disk 0 unknown MBR code
19:44:15.748    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
19:44:16.009    Disk 0 scanning C:\WINDOWS\system32\drivers
19:44:31.676    Service scanning
19:45:06.837    Modules scanning
19:45:06.854    Disk 0 trace - called modules:
19:45:06.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:45:06.900    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e4fe6480]
19:45:06.914    3 CLASSPNP.SYS[fffff800eeeb46c5] -> nt!IofCallDriver -> [0xffffe001e4c871f0]
19:45:06.926    5 ACPI.sys[fffff800edf81361] -> nt!IofCallDriver -> \Device\0000002c[0xffffe001e4c7f060]
19:45:06.939    Disk 0 statistics 137396/0/0 @ 5.11 MB/s
19:45:06.954    Scan finished successfully
19:46:01.558    Disk 0 MBR has been saved successfully to "C:\Users\Ellen\Desktop\MBR.dat"
19:46:01.590    The log file has been saved successfully to "C:\Users\Ellen\Desktop\aswMBR.txt"

 


  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Apart from the inability of Kaspersky to install how is the computer behaving ?


What I would like to try now as an interim position is to load Avast anti virus... Run a full scan and then see where we stand

This will determine whether the main problems are solved or whether ther is an additional problem that we need to locate
(there is no need to register Avast as this is only for the short term)

DOWNLOAD AND INSTALL ANTIVIRUS

Download Avast - direct link Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the all the middle column elements as you will not need them :
avasttools.JPG


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine


Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

pups.JPG
  • 0

#36
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

The main issues are still pop ups constantly appearing on the browser and the lack of a connection for certain applications.

 

I'm not sure if i'm doing something wrong but when I click the link on my desktop, after allowing the application to make changes, a small Avast pop up appears with a loading wheel then disappears and nothing happens?


  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have a USB drive as there is something on your computer that I am not seeing

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    liveusb_ru.jpg
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Live%20boot%20screen.png
  • Use arrow keys to select DrWeb-LiveCD (Default)

    drwebselect.JPG
  • Press select objects for scanning

    drwebfolders.JPG
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    drwebscan.JPG
  • When it has completed

    drwebscancomplete.JPG
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

#38
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi

 

Sorry the delay in responding, I havn't had much time recently. Thanks for sticking with the issue I appreciate the help

 

I'm having a couple of problems carrying out the instructions from your last post. I installed the program from the link but the options that appeared seemed different

 

Screenshot (6).png  

 

 

I ran the scan but there was no option I could see for a report, I did take a screenshot of the threats detected and it appears to have removed them

 

Screenshot (5).png


  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the main ones were in quarantine...

When you try to install an antivirus what exactly happens ?
  • 0

#40
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

The problems seem to arise when connecting to networks to update or download databases on installation. The adware seems to have been removed as the popups and redirects appear to have stopped. I tried downloading firefox to test a different browser and the download completed fine, but then stopped during installation when trying to connect to their server


  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try some relevant repairs

Download Windows All In One Repair from  Tweaking.com to your desktop
Install the programme
Reboot to safe mode with networking
Run Windows All In One
Select Step 2
Select open Pre-repairs scan then click scan
Let that complete
Save the results to a text file on your desktop
waioprescan.JPG
Next select Step 5 and back up the registry
waioregback.JPG
Open the Repairs tab
waioopenrep.JPG
Select the following repair numbers :
3, 6, 7, 10, 13, 15, 26, 27
Set the system to reboot on completion
The press Start Repairs

waiorepair.JPG
  • 0

#42
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Hi

 

Followed the steps above and the scan completed fine

 

Attached File  Tweaking.com - Windows Repair - Pre-Scan.txt   5.88KB   60 downloads

 

The repairs however tried multiple times to start but did not complete

 

Screenshot (7).png


  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

It looks as though you may have to do a reset .. Do you know how to do that ?


  • 0

#44
Confused Dave

Confused Dave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Would you mind walking me through it? I ran the program in safe mode so I'm not sure why it's telling me to do it from there?
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Windows all in one works better from safe mode as only basic windows services are running :)

Have a look at this page http://www.tenforums...ndows-10-a.htmlit will show what a reset entails if you have any questions then please ask. You will keep all your personal data
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP