Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Antivirus somehow de-activated resulting in infection

infection antivirus de-activated

  • Please log in to reply

#121
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I got it.  Now I just have to comb through and find what went wrong.


  • 0

Advertisements


#122
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Let's rule out a bad file structure on the disk while I work through the enormous file. 

 

 

Open an Elevated Command Prompt and type:

chkdsk  C:  /f  /r  /x

hit Enter.  It will tell you something about needing to reboot hit

y

 

It should reboot and start a disk check which may take a few hours to complete.  After it reboots, rerun sfc /scannow and see if anything changes.


  • 0

#123
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Thank you. Bummer. Stuck at 16% still.


  • 0

#124
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Just hoping.  Got to take the wife out now so don't expect anything until tomorrow.


  • 0

#125
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Enjoy yourselves.


  • 0

#126
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

open an elevated command prompt and type:

dir  \Windows\System32\catroot  /s  > "\Users\David Jackson\Desktop\junk.txt"

hit Enter

dir  \Windows\System32\catroot2  /s  >> " \Users\David Jackson\Desktop\junk.txt"

(Note the >> this time))

hit Enter

 

Open junk.txt which should be on your desktop.  Copy and paste the text to a reply or if it is too big you can attach the file.


  • 0

#127
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Thank you very much, Mr Kinner. 


  • 0

#128
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   340bytes   151 downloads

Run FRST and press Fix
A fix log will be generated please ATTACH as it may be rather large.  PC will not need to reboot.
 


  • 0

#129
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

 

Thank you very much. Weirdly, since it was there still yesterday, when I went to run FRST the icon had disappeared. However when I typed it into the shell thing, it appeared but then it said it couldn't be found so I re-downloaded. Log is attached. Thank you.


  • 0

#130
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Everything looks normal.  I'm afraid the sfc problem is related to your license problem.  Checked with Windows-Repair-All-in-one and it runs SFC too which is why it stopped on you.


  • 0

Advertisements


#131
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Guessed it might be. Is it the end of the line then? Thanks for all your help. It's much faster than it was.


  • 0

#132
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Is it still acting up with holes in websites?


  • 0

#133
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

No, it's really much, much improved. Thank you so very much.


  • 0

#134
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want Classic Shell:  http://www.classicshell.net/ This program will make Win 10 act like Win 7 with the same controls you are used to.



Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

 


  • 0

#135
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

You must be psychic or something. I was just about to ask you about ongoing maintenance and clean-up but you've pipped me to the post. Thank you very much. I'm running out the door soon but I'll get on this asap. Already removed some things earlier this morning. Thank you so much. 


  • 0






Similar Topics


Also tagged with one or more of these keywords: infection, antivirus de-activated

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP