[rajinikanths]

while on eset, i tried to download Nod32 64bit antivirus. surprisingly it was able to begin setup. but it was unable to start ESET Service in service console with error 1053. i couldn't resolve that and had to abort installation.

[Advertisements]

hi, i happen to come across hiren's bood disk... can you suggest if i can try with that?

[rajinikanths]

hi, i happen to come across hiren's bood disk... can you suggest if i can try with that?

[rajinikanths]

update - I just tried to verify if my pc can load it and run anti malware. it is running. i'll let you know of the result(s).

[RKinner]

You can try Hiren's if you want.  There are several programs on there that can can completely wipe your PC so be careful what you run.  If in doubt, google the program and you will usually find instructions.

[RKinner]

For the ESET Online Scan.  After you download the scanner you have to run it.  (Click on the big Down arrow on the Firefox toolbar and then double click on the ESETSmartInstaller...)

[rajinikanths]

I tried firefox. It asked me to download. I downloaded that file. Then I went to the file and tried to run with 'Run as admin' option, but it didn't react as it did with our other programs. i tried in Safe mode with network option too.

[RKinner]

It can also run if you double click on it.

 

 

Let's do a test.  

 

Right click on the Chrome Shortcut on your desktop and select Properties.  Change the target line to add

--no-sandbox at the end

 

Looks like this on my PC:

 

"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox

 

Try to start Chrome.  If it works you will get a message about an unsupported option.  Not wise to run in this mode as it disables some security options but I want to see if it does work.

[rajinikanths]

i had uninstalled chrome long ago during our process. Now I reinstalled it. When it opened it stayed there for a bit but crashed.Then I've put in the command line arguments with sandbox and started. it opens up and then crashes. 

[RKinner]

Let's see if Process Monitor will work:

 

download Process Monitor http://live.sysinter...com/Procmon.exe

 

Right click and Run As Admin

 

This program creates gigantic logs so don't let it run too long or it will run out of memory.  Just want to know if it runs OK.

[rajinikanths]

Good news.

Update since last entry:

Since last update:

 

The antimalware in Hiren's CD ran and cleaned some files.

After that rebooted in normal windows. I tried to run Chrome. It stayed for few seconds and crashed again.

 

Again, I booted with Hiren's CD to run all the anti virus and anti malware. I was successful running only ClamAV. It did detect some files. (Attached below). I choose option to REMOVE all of them. However i couldn't run almost all of the rest. They just didn't run. I started combofix but due to powercut my machine switched off.

 

However, I started my PC directly in normal windows.

I opened chrome shortcut that you asked me to create with --no-sandbox option. It opened. I didn't browse anything. It stayed long. 

 

Then directly I tried to run previously downloaded malware bytes setup. Surprisingly it sarted and successfully completed setup. This never even reacted until now. It also scanned and detected some threats which I did delete. See the log attached.

 

Then I tried to unintall AVG 2014. It started (again surprised). Uninstalled. Your avg removal is 32 bit and when I tried to run it produced a log file stating version issue. Then I downloaded 64bit and uninstalled.

 

I installed avast antivirus free 2016 version.

 

At this time, seems PC is working fine.

 

I humbly thank you for your extreme support and assistance. It has been a great learning experience working this problem with you.

 

Thank you.

 

Now, I need your advise to decide which antivirus should I use? Should I download latest AVG ( I know I didn't update my AVG for sometime earlier) ? Or should I move to ClamWin (that is the remover from Hiren's) or Avast or anyother? Should I also use Antimalware like malwarebytes which I currently have as trial version? Should I have both Antivirus and Antimalware?

 

I'm confused.

Please advise.

 

Note: Process Monitor that you shared is also working.

 

Thanks you again.

 

ClamAV Log:

 

 

 

Scan Started Mon Nov 16 02:09:34 2015

 

-------------------------------------------------------------------------------

 

 

 

D:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Checkers.api: Removed.

 

D:\Program Files (x86)\LEGO Batman 3 Beyond Gotham\steam_api.dll: Removed.

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.3.2_30260.exe: Removed.

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe: Removed.

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe: Removed.

 

D:\Users\Rajinikanth\Downloads\flashget3.7.0.1203en.exe: Removed.

 

 

 

D:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Checkers.api: Win.Trojan.Vbkrypt-30197 FOUND

 

D:\Program Files (x86)\LEGO Batman 3 Beyond Gotham\steam_api.dll: Win.Trojan.Hacktool-1776 FOUND

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.3.2_30260.exe: Win.Worm.Chir-2195 FOUND

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe: Win.Trojan.12557267 FOUND

 

D:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe: Win.Worm.Runouce-502 FOUND

 

D:\Users\Rajinikanth\Downloads\flashget3.7.0.1203en.exe: Win.Trojan.Madangel-4 FOUND

 

----------- SCAN SUMMARY -----------

 

Known viruses: 4094044

 

Engine version: 0.97.6

 

Scanned directories: 28993

 

Scanned files: 190419

 

Infected files: 6

 

 

 

Data scanned: 108978.81 MB

 

Data read: 1124989.14 MB (ratio 0.10:1)

 

Time: 12576.610 sec (209 m 36 s)

 

 

 

--------------------------------------

 

Completed

 

--------------------------------------

 

 

Attached Thumbnails

• 

[rajinikanths]

Currently running Avast's First Time SmartScan.

[RKinner]

Glad it seems to be working.  Try Chrome without the --no-sandbox option.

 

I'm a big fan of Avast.  

 

After the next reboot they have been offering dropbox.  You can uncheck that.  Do not accept the offer for a free trial.  Stick with the basic service.

 

 Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)

 

They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.

 

If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.

 

 

 

I love their boot-time scan which has fixed several unfixable systems:for me.  It takes many hours which is why I let it run while I sleep.

 

 How to do a boot-time scan while you sleep:

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.

    After the new window appears select the View tab.

    Put a checkmark in the checkbox labeled Display the contents of system folders.

    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

    Remove the checkmark from the checkbox labeled Hide protected operating system files.

    Press the Apply button and then the OK button

 

If you can't find it then take a screen shot of the Detailed Report.

[rajinikanths]

Ok thanks. The first scan asked me to reboot. In dos mode it is still scanning. Only 44% is complete since my last post. When that is over, I'll rerun with boot scan.

 

Can you please advise on keeping malwarebytes or not?

 

Thanks.

[RKinner]

MalwareBytes is a good program.  The free version is about as good as the paid version - just doesn't update automatically if I remember correctly.

[rajinikanths]

Thank you. 

I was able to finish first scan and then ran boot scan. I checked detailed report and happy to see the 2 instances of viruses were cleared. The last one said no virus found.

I found the awsboot.txt in this path. C:\Users\All Users\AVAST Software\Avast\report.

 

Please see scan log below. It doesn't show the top entry had found 1 virus file that I saw in the GUI interface. However, in the interface, it said virus but when I tried to fix it -> it gave invalid handle. But after that the next scan cleared some 8 viruses per log below.

 

11/16/2015 20:33

Scan of all local drives

 

File C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Multimedia.api is infected by Win32:GenMalicious-MUY [Trj], Moved to chest

File C:\Users\Rajinikanth\Downloads\FLVPlayer-Chrome (1).exe is infected by Win32:Adware-gen [Adw], Moved to chest

File C:\Users\Rajinikanth\Downloads\FLVPlayer-Chrome.exe is infected by Win32:Adware-gen [Adw], Moved to chest

File C:\ProgramData\RogueKiller\Debug\physicaldrive0_LL1_vbr is infected by MBR:Cidox-E [Rtk], Moved to chest

File C:\ProgramData\RogueKiller\Debug\physicaldrive0_user_vbr is infected by MBR:Cidox-E [Rtk], Moved to chest

File C:\FRST\Quarantine\C\ProgramData\7B571D05.EX.xBAD is infected by Win32:Malware-gen, Moved to chest

File C:\FRST\Quarantine\C\ProgramData\taskhost.exe.xBAD is infected by Win32:Malware-gen, Moved to chest

File C:\MAMEWAH\music\KISS - Radioactive.wma is infected by WMA:Wimad [Drp], Repaired

Number of searched folders: 29477

Number of tested files: 194560

Number of infected files: 8

 

----------------------------------------

11/17/2015 00:40

Scan of C:

 

Scan of *STARTUP

 

File C:\Users\Rajinikanth\AppData\Local\Mozilla\Firefox\Profiles\iimzpnvd.default\cache2\entries\084B031E8804E560DA8D411BBFA888BAF76F1C93|>eme-adobe.dll Error 42125 {ZIP archive is corrupted.}

File C:\MAME32\artwork\invaddlx.zip|>invaddlx.png Error 42125 {ZIP archive is corrupted.}

File C:\MAME32\roms\all\samsho4.zip|>222-p2.bin Error 42125 {ZIP archive is corrupted.}

File C:\MAME32\roms\all\screwloo.zip|>drom1 Error 42125 {ZIP archive is corrupted.}

File C:\MAME32\roms\all\svcsplus.zip|>svc-c3.bin Error 42125 {ZIP archive is corrupted.}

File C:\MAME32\roms\all\ws.zip|>ws1_obj3.bin Error 42125 {ZIP archive is corrupted.}

Number of searched folders: 29000

Number of tested files: 3209941

Number of infected files: 0