Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

black screen mouse issue


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,662 posts
  • MVP

Looks like it worked.  I'm going to be off line for a few hours.  I wonder if your PC has a reset to factory option.  Might be the only thing we can do but you would lose any data so would be wise to back it up while you can.


  • 0

Advertisements


#62
honnybee

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
With how my computer is do you I would be able to restore the registry, at this point I think there are still solutions to fix the issue I've been researching how to fix issues like this, the problem is either I don't understand what they are doing, or in to cautious to do any of it in fear of making the problem worse.

Edited by honnybee, 13 March 2016 - 01:24 AM.

  • 0

#63
honnybee

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hello Rkinner last night I booted into hiren again ran malwarebytes it found 12 virus most of them labeled effecting the registry, then I ran windows defender offline on another bootable usb and found nothing. I then when into command prompt through recovery options and tried to run sfc scannow, but said a startup repair was in process you have to boot computer and restart did that still same thing popped up. I then ran startup repair it said windows is booting successfully. I then did some research and found some suggestions one being to go into registry editor and see if the values of shell and userinit are correct they weren't so I changed it restarted, but with restart looked at task manager the values went back to what they were. Reading more on zeroaccess it says even if you get rid of it you have to repair the alterations that it made on your computer, somethings its does is putting bogus files in the registry from not booting. I ran another scan of frst for you to look at, at the bottom when listing the registry files Isee explorer.exe, but its on there twice like userinit I don't know if thats is correct and something else I found different is missing the line portion system32, I'm not sure if its suppose to look like that or not. I'm pretty sure the key to solving the issue is fixing the alterations zeroaccess made to my computer, is there a way from frst that it can fix my registry. On another site forum someone suggested using application systemlook.exe to search if its in my computer, I will try that send you the results also I will try another application easyre in hopes it can resolve the issue.

Attached Files

  • Attached File  FRST.txt   58.79KB   93 downloads

  • 0

#64
honnybee

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hello, I restored my computer to factory settings it's working now, could you give some advice on what anti-virus protection to get and other applications I might need so this and other issues of that severity don't happen again. Also thanks for the help now I have new tools whenever my computer is acting up.
  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,662 posts
  • MVP

Let's look at your hard drive to see if it's failing.  

 

 

 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
 

 

 

 

 

I run the free Avast.  It's a pretty decent anti-virus if you don't mind the little popups in the corner to get you to upgrade to the pay version.  These can be minimized.

 

Click on Download then choose the free version.
 
Do not let them give you the demo version.  Stick with the Basic.
 
You will need to register but they just want an email address and they don't sell it or annoy you with emails.
 
Click on the orange ball or open Avast then click on the gear.  Scroll down to Popups and click on the down arrow to the right.  Change the first one to 1 second.
 
You may also want to click on the down arrow to the right of Sounds and uncheck Scan Complete.
 
Now click on Tools (on the left).
 
If they are not already off, turn off Passwords, Browser Cleanup, Cleanup and SecureLine VPN
If you haven't registered yet, click on Registration.  Just follow the instructions and stick to the Basic Free.
 
One of the really good features of Avast is the boot-time scan.
 
It takes like 6 hours so I usually let it run at night.
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
If you prefer a paid anti-virus then get Kaspersky or BitDefender.  They are usually the two highest rated in test.  Avoid McAfee or Norton.  McAfee is weak and Norton will slow your PC down.
 
 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
 
.
 

  • 0

#66
honnybee

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Heres the speccy textfile, after this should I keep it downloaded to my computer, also whats a good way to be update on how to be protected from the latest big virus program.

Attached Files


Edited by honnybee, 14 March 2016 - 06:07 PM.

  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,662 posts
  • MVP

Two things we learn from Speccy:

 

Intel Core i3 330M @ 2.13GHz 58 °C

 

This is a bit hot.  Not going to do much more than shorten the life of the PC a bit unless it goes up when the PC is busy doing a scan or watching a video.

 

You can uninstall Speccy but you should get Speedfan to watch the temps.

 

Speedfan 
 
 
Download, save and Install it (right click and Run As Admin.).  Then find the shortcut on your desktop  click and Run As Admin.
 
The usual cause is dust clogging the heatsink.  Depending on the PC maker this can be easy to get to (some Dells) or nearly impossible (HPs).  It's OK to remove the fan to get to the heatsink but if you unscrew the heatsink (or the copper heat pipe attached to it) you will need to replace the thermal paste.  A cooler tray may help.
 
The hard drive is also looking bad.  The following attributes are ugly even if they say status Good:
 
 
 
0B
Attribute name Recalibration Retries
Real value 2,249
Current 98
Worst 98
Threshold 0
Raw Value 00000008C9
Status Good
...
 
BF
Attribute name G-sense error rate
Real value 65,508
Current 94
Worst 94
Threshold 0
Raw Value 000000FFE4
 
...
C8
Attribute name Write Error Rate / Multi-Zone Error Rate
Real value 1,191
Current 100
Worst 100
Threshold 0
Raw Value 00000004A7
Status Good
 

 

 

The G-sense error rate means the notebook has been dropped and hit the ground hard.  The Write Error Rate should ideally be 0.  Since it knows it made a mistake I assume it tries again until it gets it right so the files aren't being corrupted yet but this has to slow things down.

 

Speedfan can also monitor your hard drive.  Click on the S.M.A.R.T. tab then on the down arrow to the right of the empty box.  Select the hard drive (only one on your notebook).

 

It will show you the same info.  If the numbers get worse you can expect the drive to fail.  If it were me I would clone the drive now while it still works.

 

Any 2.5" 320GB or larger SATA II or SATA III drive will work.  I personally prefer the Western Digital Black series.  

 

http://www.amazon.co...e/dp/B00QFXOL5G

 

The Black series have a longer warranty and seem to be better quality.

 

To clone the drive you will need a USB to SATA adapter.  http://www.amazon.co...to SATA adapter

 

Western Digital has drive cloning software on their website.

 

http://support.wdc.com/downloads.aspx

 

My previous post should answer your question about how to be protected from the latest big virus program.


  • 0

#68
honnybee

honnybee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for the advice :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP