[jwang01]

Hello,

Since you cannot connect to the internet, you can skip my last instructions.


It is possible this could be a harware problem such as your hard drive going bad. It could also be a corrupt OS. When you did the recovery, did you do a destructive or non-destructive recovery?


Let's try one more tool. You can download and save it to a flash drive. Then we will run chkdsk and see if there are any errors with your hard drive.



Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

Next

• Click on Start, Then Run and ener in cmd and press enter.
• In the Command Prompt, type in chkdsk C:/f and press enter.
• You may get a message saying the disk is in use and will ask if you want to scheduale it on the next reboot. Say Yes.
• Then restart your computer and let it scan. Let me know if it found any errors.

[Advertisements]

hi jwang01; thanks, will try this. am i going to do checkdisk after this test or before?

how do i know whether i did a destructive or non destructive recovery?

don't have my flash drive with me today, will do this sometime tomorrow and get back to you.

thanks again, as always!

[pixillated]

hi jwang01; thanks, will try this. am i going to do checkdisk after this test or before?

how do i know whether i did a destructive or non destructive recovery?

don't have my flash drive with me today, will do this sometime tomorrow and get back to you.

thanks again, as always!

[jwang01]

Hello,


Go ahead and run AVP first, then chkdsk.

how do i know whether i did a destructive or non destructive recovery?

If you did a destructive recovery, you would have lost all data on the drive. Some machines give you the option to do a non-destructive recovery, so I just wanted to make sure.

[pixillated]

destructive;

all four times!

back later today with an update, i hope! thanks so very much. you're the best.

[pixillated]

just to check: for removable drives to scan, i have a smart card reader and two cruzer flash drives, both used on that computer (the first containing all of my (possibly infected) data, and the second containing programs and tools we've been using.)

so, should i also plug the flash drives into the usb ports before scanning?

i don't have a start menu or taskbar but think i can still get in somehow to run cmd. just not sure how yet. any suggestions? (control panel has many empty folders in it now).

thanks!

Edited by pixillated, 12 April 2010 - 01:16 PM.

[jwang01]

Hello,


Ok, try this.


When Windows boots up, Start the Task Manager. Then click on the file button and select New Task. In the box, type in explorer.exe. Let me know if that brings your desktop back.

[pixillated]

hey jwang01; thanks for a way in through task manager! will do this tonight when i get home. but .....

uhhhhhh ohhhhhh. new development.....very scary. i fear i have infected my friend's computer!

this friend's computer i am using now to load things onto my flash drive is showing worm infections! - more and more each time i use it! today is the absolute worst. i can look in the log files and tell you what but for now, here are the antimalware programs installed on it (dell, using windows 7 i think)


spybot s & d
malwarebytes
avg 8.5.

been running scans on those. all seem ok, or show no results.

also : ClamAV on she system tray, which keeps picking various trojans in various files; it seems to be the only one that does, and could be reporting false positives. but... could there be compatibility issues with clamAV and the other programs?

here's what clamAV picked up. last time i was here and several days before that, it kept picking up and quarantining -
W32.heuristic, in various files.

today, it picked W32,heuristic up (again) and it keeps trying to install in various files.
W32.worm. that one keeps trying to install on various temp files!
W32.Generic_Semper.

ugh! it's all in the clam AV history.

so i downloaded Flash Disinfector.exe onto my flash drive from this computer, which clamAV said installed W32worm onto this computer. agh! it detected that worm but said it could not quarantine it. what do i do now? i've just doubled the problems for me and for you, not to mention my gracious friend who trusted me NOT to infect his computer. at the moment, the flash drive is uninstalled. what a mess.

at the moment, the flash drive is unplugged from this computer but i hesitate to use it again in this way anymore.

now my top priority is cleaning up my FRIEND's computer.

so sorry for all of this.

update:
AVG scan just came back witbh 13 warnings. only one could be fixed, the other 12 are in quarantine. kinda running out of time today, and afraid for other users on this computer. my first instinct is to put flash disinfector on the desktop of THIS computer and then try to clean the flash, and get rid of all temp files. but will hold off, and will come back later today and see what you have to say.

should i be deleting browsing history every time i use a browser? using firefox right now, and some of the trojans came in on temp files from AVG, firefox, and flash disinfector (at least today!)

Edited by pixillated, 12 April 2010 - 03:02 PM.

[jwang01]

Hello,


Ok, this is not good. Go ahead and follow my instructions for your computer.

Flash Drive Disinfector is not a worm or a trojan. It is a legit program. Where did you download it from? It's most likely a false positive.


You can have your friend start a new thread here and I will jump in and help right away. Have your friend send me a PM with the address of the thread.

should i be deleting browsing history every time i use a browser? using firefox right now, and some of the trojans came in on temp files from AVG, firefox, and flash disinfector (at least today!)

Deleting your browsing history will not clean out temporary internet files. You will need a temp file cleaner to do that. TFC is a great program and will do just that. You do not need to run it daily though, just one in awhile.

[pixillated]

jwang01, i downloaded it directly from the link you provided in this thread.

can i start the new thread for my friend? i have not told him yet. dunno how to! he will be furious, plus he is not computer savvy. but others come in here and use this computer. can cancel plans for today and try to get this fixed but he is having dinner guests in several hours so not much time.

Edited by pixillated, 12 April 2010 - 03:22 PM.

[jwang01]

Hello,


Yes, you can do that. Follow the steps in the cleaning guide and post the logs in the new thread. I will be on for awhile.

Edited by jwang01, 12 April 2010 - 03:24 PM.

[pixillated]

i don't know how to do that, send you a link in a private, so will post it here and hope you read it. sorry for the confusion!

the owner of this computer is furious with me and impatient. he may take his own actions but he knows little, so not sure what will happen. if he does, i will close the new topic or request that it be closed. meanwhile, running tests. since all is quarantined in AVG and clamAV, nothing might show on next AVG scan.

oops; tried to send a private. so sorry. re read your simple instructions. now you know why i chose my username. duh!

Edited by pixillated, 12 April 2010 - 04:49 PM.

[jwang01]

Hello,




Ok, let me know how AVP and chkdsk go on your computer.

[pixillated]

jwang01, i feel just terrible. i also have had two AV on my computer. after avast became unusable, i downloaded clamAV on my next clean install of windows. but then i downloaded also a-squared. by that time i am sure i had malware but i know now that this made it worse. i am so sorry! you have spent so much time with me on this.

tonight i am going to remove clamAV. i think it's too late for me, since half of my system seems to not even exist, but will still do the kaspersky AVP and do a disk check. unfortunately, i have to plug in the infected flash drive to download the kaspersky, but hopefully it'll take care of it. or something!

i'm so very sorry i made this extra work for us both. will send the logs when i can. if no internet i will be back on here tomorrow to tell you so and maybe come up with some alternative; whatever you think i should do. thanks for being so great about communication and explaining things to me so well.

[jwang01]

Hello,


Ok, uninstall all but one of the Anti-Virus programs if you can.

I have a couple more questions for you.

Did you run Flash Drive Disinfector with the flash drives plugged in? If so, that should help stop the spread of infections.

How many times did you try and reformat to solve your issues? How long did it take for the problems to come back after the reformat?

[pixillated]

hello jwang01;

it turns out i only have one AV program on my puter so i'm not feeling so dumb; and that is a-squared free. i didn't have clam AV installed in this install. that must've been the last reformat, ha! i tried clamAV when avast went belly up for the third or 4th time. the last reformat i decided to try a new av and picked a-squared free. i also have a-squared anti-malware 30 day trial license and a few of their other freebies like anti-dialer.
--------
in re to your questions:

not sure which thread to answer the flash drive question on, since it involves both threads! but yes, i ran flash drive disinfector with my flash drive plugged in to my friend's computer that i am using, but i believe i ran it from the flash drive itself. it was not installed yet on his desktop. i now have it on both my friend's desktop now, and on my desktop at home. have not run it there yet. here, it said it could not quarantine the w32.worm infection that clam AV kept finding and quarantining. the clamAV worms that it kept finding and quarantining were all dropped by either firefox or AVG; that is when i suspected major compatibility issues with those two AVs and wrote you (yesterday). hoping TFC cleared them out. i left my flash drive at home for now.

i have reformatted my hard drive from the disks four times; three in one weekend! when i tried to use the disks for that e-machine for the second and third reformat, it kept saying the install was corrupt (!), it would not do a clean install. so i decided to try the disks from my old emachine. those reinstalled fine, but still same problem with shutting things down on the internet; so it may be a compatibility issue, even though those were also from my e-machine, which is newer than this one i am using.

each time, the white-screen internet problems came back within a day or two each time i reformatted; sometimes sooner. the only reason i got on the i-net at all is that i kept poking around and in my services and reclaiming ownership of services folders and permissions as administrator. my admin. priviliges and permissions got stripped every time. i have used passwords on my admin. accounts too, ever since the first reformat. somehow these malware get by those too. now it has gone farther, into windows and my disk files. there are less work arounds every time i reformat.

at the last reformat, the internet shut down within a day and malwarebytes was destroyed, as well as a lot of files this time. it shuts down the i-net so i can't update my anti malware programs, then goes after the program files. sometimes and in some cases, the files are still 'there', just not available for me, if that makes sense. it's like they are in another partition or memory or something. this is why i still feel i'm remotely hacked somehow. or just a mess of trojans that can do this sort of stuff because of my own idiocy and over-curiosity.
---------
RE: LOGS and findings:

i have no kaspersky logs to share with you because i am on same friend's computer, because my internet from home does not work. i ran kaspersky and it showed no important events or crucial events; there were about 25 password protected files, all the important ones (and i would wager not with my passwords!) and the same amount of locked files; big files that i need to have the computer run properly.

diskcheck would not run for long, kept stalling and going to totally black screen with a white blinking dash up in left hand corner. i have ran diskcheck before, it's usually a blue screen with things whizzing by that you can read. something shut it down 3 times so i gave up trying.
------

i'm very impressed with it and thinking of going for the paid license when my trial is up. on whatever computer i may have. tried from their interface to turn some services back on, but no luck. this morning, i set up something in a-squared anti-malware called hijack free. in the settings, you could set up the guard to be on at boot time, thus catching things as they load and reporting what is found. in there, you can look at all kinds of processes, autostart stuff, autoruns, registry stuff, services, hosts, active x, etc. and read what they say about it and where it came from or what put it there. the suspect files are in yellow and the really bad active-x ones in red. i got rid of all the active x in red with that program: most were aol (which i had deleted off my programs in the beginning of every reformat) and norton (also deleted, which i guess the cleanup did not get?)

but... many of my important services are controlled by something called Win32.Jeefo.a.
that doesn't sound good!
the event log and portable media were infected by Email-Worm.Win32.Sober.z.

the worm list goes on and on from there; either worms that dropped the files in, (BHARAT.A worm, RAIDYs, SPYHOAX-A, JUEGO-B, BRONTOK-BS, SMALL-EW, SILLYFDC-AP worm, SCLOG-AL, etc!!!)or were in some way involved.

after deleting some services that were dropped by these (ctfmon.exe, which it said was a parasite variant in the 'current user' files), i ran another a-squared anti malware scan and caught trojan Win32.Bagle which is in quarantine.

Before that, q-squared anti-malware wasn't picking up anything, except that every time i updated it, it says the junk in quarantine might false positives (trojan.vilsel files, mostly) and would i like to restore those? but i am keeping them quarantined; i already fell for that once and restored them the program just picked them up again in the scan. ugh!!! and i'm not sure how the program is updating; if i can't get internet, how can it update? maybe i am helping my computer self destruct and maybe malware is directing that program too by now. who knows? but i think not.

so.....

is it time to reformat or get a new hand-me-down 'puter? (i am at the bottom of the income barrel. i usually get hand me downs from someone. this could have been the problem all along with this one).
if i do reformat, even totally again, can i ever truly trust my hard drive again? and worse, could the infections be lurking somehow in the bios or bowels of the box, in usb drives or the cd drive or something?

ok well that is the entire report; i'm sorry it's novel length. trying to be thorough.

now i am going onto the other thread to run those scans you asked for. i think i will update mbam on friend's machine, run that and AVG and maybe even do a spybot boot scan (that is his only 'real time' protection). then on to the scans you asked for and hopefully at least save HIS computer. i figure mine is probably toast.

if you think there is any hope for my computer, i could reformat again and then just do nothing on there except to let windows download all the service packs, updates, and security patches while using my trial license of a squared to stop the perps. that would take awhile and then i could get back to you or start a new thread if you still wanna help me. i only made it up to service pack two with the last reformat. and java is ancient, etc. etc. what do you think? it's your time and i will do whatever you think now. nothing to lose anymore and don't wanna waste your time beating a dead horse. would rather save friend's computer and redeem myself in his eyes. so if you wanna close this thread we can do that too. whatever you say.

sorry for the small novella!

do you like windows 7? maybe i should upgrade to a more modern OS!