Do you still need help?
Windows update blocked, Norton detected Trojan [Solved]
#16
Posted 31 January 2010 - 09:45 PM
Do you still need help?
#17
Posted 31 January 2010 - 09:54 PM
By the way, while you're here, am I allowed to have two open topics for two different computers, or do I need to wait until this one is finished first before opening another thread? I didn't see anywhere that covered this, and my laptop's developing problems that I made another thread about (currently manageable, so it's not a pressing issue).
#18
Posted 31 January 2010 - 10:34 PM
OK, thanks for the update.
Yes, you can have more than one topic open as long as it is two different computers.
#19
Posted 04 February 2010 - 11:13 AM
Here's the OTL log:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Components\\PendingXmlIdentifier not found.
Registry value HKEY_LOCAL_MACHINE\Components\\NextQueueEntryIndex not found.
Registry value HKEY_LOCAL_MACHINE\Components\\AdvancedInstallersNeedResolving not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jessica
->Temp folder emptied: 89103573 bytes
->Temporary Internet Files folder emptied: 222998849 bytes
->Java cache emptied: 10487935 bytes
->FireFox cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 416081 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1372 bytes
Total Files Cleaned = 308.00 mb
OTL by OldTimer - Version 3.1.20.1 log created on 02032010_222830
Files\Folders moved on Reboot...
C:\Users\Jessica\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JETC995.tmp not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
#20
Posted 04 February 2010 - 02:08 PM
Ok, I found a possible solution for that error code as well. Let's see if it fixes it.
- Click on the Start Button
- In the search box, type in Command Prompt
- Right click on Command prompt and select Run As Administrator
- In the Command Prompt window, type fsutil resource setautoreset true C:\
- Now restart the computer.
Then try to Update Windows again. Let me know if it works.
#21
Posted 05 February 2010 - 02:56 PM
She also described two new symptoms that she forgot to mention before. The first one is that the laptop doesn't recognize its built-in webcam, although it did before the Trojan infected the system. The second is that when the laptop starts up, it asks to check the disk, and gets to 51% before it stops making any progress.
#22
Posted 05 February 2010 - 09:46 PM
The webcam may need to have its files reinstalled. I will look into that. What kind of computer is it?
Ok, please try to do that command in safe mode. To boot in safe mode, restart the computer and right when the computer restarts tap the F8. Then select Safe Mode. Then try that command again per my previous instructions.
Also, lets check the hard drive and make sure there is no bad sectors in it.
- # In the search box, type in Command Prompt
- Right click on Command prompt and select Run As Administrator
- Then type in chkdsk /f /r C: and press enter.
- It may say something like the disk is in use, and to schedule it on reboot. Say yes and restart the computer.
- It will then scan for errors and try to fix any. Let me know if it finds any bad sectors.
Edited by jwang01, 05 February 2010 - 09:46 PM.
#23
Posted 13 February 2010 - 03:16 PM
Do you still need help?
#24
Posted 13 February 2010 - 03:40 PM
#25
Posted 13 February 2010 - 05:23 PM
Ok, I was just making sure. Just to let you know, I will be away for 5 days or so starting on tuesday. I may ask another staff member to jump in here and help if you get to posting.
Edited by jwang01, 13 February 2010 - 05:23 PM.
#26
Posted 13 February 2010 - 05:51 PM
Alright, I got an email finally. She ran everything, safe mode and all, and it still came up with a blue screen of death. Chkdsk got stuck midway through. In stage 1, it said that there were 1205 large file records processed, 0 bad files, 0 EA records and 60 reparse records processed. In stage 2, it said it was "11% completed...208367 of 279474 index entries processed." After waiting a half-hour, it didn't continue.
Edited by EMDF, 13 February 2010 - 09:06 PM.
#27
Posted 15 February 2010 - 06:03 PM
Let's go this way. Let's go ahead and clean up the analysis tools we used here, Then head over the the Windows Vista Forum and create a new thread with the problems you are still exeriancing. Also, let them know you were working with me here and are clean of Malware. Please include a link to this topic. Then come back here and post a link to that thread so I can let them know you need help.
Congratulations!! Your logs look clean!
Now we need to do a little house keeping and remove the tools we have used.
- Click on OTL.exe
- Click the Clean It button
- If it tells you to reboot click Yes
It is always a good idea to have ONE Anti-Spyware program that runs in real time along with your Anti-Virus. You can have more the one installed, but all others should be used only as On Access scanners.
Now the next list is some programs I like to recommend to people to help keep your computer safer. Keep in mind that these are all optional.
MalwareBytes Anti Malware
This is an exellent On Access Anti-Malware Scanner.
SuperAntiSpyware
This is an Anti-Spyware program that will help protect your PC with Real Time Protection. You should have one Anti-Spyware program that scans in real time. This will help prevent your PC from picking up any more malware.
TFC
This will help delete all temporary files.
Opera
This is an alternative for Internet Explorer. Opera is a more secure browser.
You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.
Heres how to do it:
- Go to Start
- Click on the Control Panel
- Click on Security
- Then click on Windows update
- Then settings to turn Windows Update On/Off
You should check and make sure that you keep your Anti-Virus up to date. This is also a crucial part of your security. You can do this by clicking on your Anti-Virus and clicking on update. If your AV has an automatic update feature, i would recommend turning it on in the settings menu.
And finally a little How did I get infected in the first place? (by Mr. Tony Klein)
#28
Posted 15 February 2010 - 06:31 PM
This is going to be a problem, as Windows Update doesn't even work in the first place! I know this was copy-pasted from your training though, so I will follow these instructions when it starts working again.You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.
Heres how to do it:
- Go to Start
- Click on the Control Panel
- Click on Security
- Then click on Windows update
- Then settings to turn Windows Update On/Off
Thanks for all the help!
#29
Posted 15 February 2010 - 06:59 PM
Ok sounds good to me.
Edited by jwang01, 15 February 2010 - 07:00 PM.
#30
Posted 16 February 2010 - 11:03 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users