That may be just the way e-machines does it's recovery. Did you try and install Avira? Did it install?
had trojan.agent, not sure what i have now but still probs [Closed]
Started by
pixillated
, Mar 31 2010 08:50 PM
#61
Posted 18 April 2010 - 01:06 PM
That may be just the way e-machines does it's recovery. Did you try and install Avira? Did it install?
#62
Posted 18 April 2010 - 03:50 PM
no, i didn't have the cd with me yesterday. i do today. but....should that command screen come up randomly when, before this, it never has? it comes up randomly even after install and that is what is creepy. i never saw it before things started going bad on my computer.
i do remember this: i wrote some things down during those last reformats (before i started getting your help!). one of the previous reformats i did, when i tried to use the cds that came with the e machine (earlier versions than the ones i am now using to reformat), they didn't work any more and the command screen started flashing randomly. this message came up:
WINDOWS\system32\config\SYSTEM is missing or corrupt. after two reformats with that message, i gave up on those cds and tried my other cds. then i got this message:
OAKCDROM.SYS is missing or corrupted. there is an error in your CONFIG.SYS. file on line 17. can't remember if it gave me an option to repair it or not. i think though, that is when it gave me a choice to make a new partition. durn it! wish i could make a new one. i don't trust the old one and maybe never will from now on. it's because i read THIS thread:
i will for sure try today to put the avira on the cd, and the norton removal tool again. anything else i should put on, like malwarebytes? if my friend saw me doing it he would freak. he doesn't want me using this computer any more so i better not risk doing anything more with my cds or flash drives after today.
i had a sandisk smart card reader plugged into my computer the whole time this mess was going on. i brought that with me today, and the flash drive i used to load tools. any chance that card reader is now infected? all i use it for is to read my camera card and load jpgs onto my computer. if so, could we please clean it and whatever we can, if that is possible? (one with my data and the one i used to install the cleaning tools onto my pc), or would you please steer me to a tutorial that can help me do that?
thanks, and let me know if there is anything more i should put onto that cd. if i have trouble i will contact you today again. if not, i'll write you from the library tomorrow sometime to let you know how it goes. i'll still be here for at least 3 more hours to do more on the other thread if possible.
thanks so much!
i do remember this: i wrote some things down during those last reformats (before i started getting your help!). one of the previous reformats i did, when i tried to use the cds that came with the e machine (earlier versions than the ones i am now using to reformat), they didn't work any more and the command screen started flashing randomly. this message came up:
WINDOWS\system32\config\SYSTEM is missing or corrupt. after two reformats with that message, i gave up on those cds and tried my other cds. then i got this message:
OAKCDROM.SYS is missing or corrupted. there is an error in your CONFIG.SYS. file on line 17. can't remember if it gave me an option to repair it or not. i think though, that is when it gave me a choice to make a new partition. durn it! wish i could make a new one. i don't trust the old one and maybe never will from now on. it's because i read THIS thread:
i will for sure try today to put the avira on the cd, and the norton removal tool again. anything else i should put on, like malwarebytes? if my friend saw me doing it he would freak. he doesn't want me using this computer any more so i better not risk doing anything more with my cds or flash drives after today.
i had a sandisk smart card reader plugged into my computer the whole time this mess was going on. i brought that with me today, and the flash drive i used to load tools. any chance that card reader is now infected? all i use it for is to read my camera card and load jpgs onto my computer. if so, could we please clean it and whatever we can, if that is possible? (one with my data and the one i used to install the cleaning tools onto my pc), or would you please steer me to a tutorial that can help me do that?
thanks, and let me know if there is anything more i should put onto that cd. if i have trouble i will contact you today again. if not, i'll write you from the library tomorrow sometime to let you know how it goes. i'll still be here for at least 3 more hours to do more on the other thread if possible.
thanks so much!
#63
Posted 18 April 2010 - 04:22 PM
Hello,
You will not need MBAM right now. I may ask you to download it later when everything is up to date. Did you get any of those errors during this reformat?
Your smart card reader will be ok. Nothing infects the unit itself.
You will not need MBAM right now. I may ask you to download it later when everything is up to date. Did you get any of those errors during this reformat?
Your smart card reader will be ok. Nothing infects the unit itself.
#64
Posted 18 April 2010 - 06:27 PM
bad news. i cannot get his dvd device to run and therefore cannot load these programs onto the cd-r. plus, he got home early and so my time here is done for my own computer, for now. can try again when he is gone, but won't know when that is. will try to remove combofix on other thread as per your instructions. thanks!
#65
Posted 18 April 2010 - 11:44 PM
Hello,
Ok, give it another try. If you can't get it to burn, you could put it on yor other flash drive you have not used yet, or try to download it from Avira's website from your computer. Make sure only to go to that site though to minimize the risk of infection.
Ok, give it another try. If you can't get it to burn, you could put it on yor other flash drive you have not used yet, or try to download it from Avira's website from your computer. Make sure only to go to that site though to minimize the risk of infection.
#66
Posted 19 April 2010 - 01:07 PM
will try putting avira on my remaining flash drive, next time friend is not home. he has a dvd drive, not sure if there are conflicts with burning a cd and don't feel like taking the time to investigate that.
are we quite sure i can't wipe that partition and make a new partition? i would really like to do that if at all possible.
the other option is that i have another emachines hd around that had an infection that the tech said was cured. i could put that into the computer and wipe it just to be sure, then go from there. i'm not very adept and that could take some days. will try to keep this thread open in the meantime.
thanks, jwang01, for everything. i really appreciate this. will be back in touch soon.
are we quite sure i can't wipe that partition and make a new partition? i would really like to do that if at all possible.
the other option is that i have another emachines hd around that had an infection that the tech said was cured. i could put that into the computer and wipe it just to be sure, then go from there. i'm not very adept and that could take some days. will try to keep this thread open in the meantime.
thanks, jwang01, for everything. i really appreciate this. will be back in touch soon.
#67
Posted 19 April 2010 - 01:49 PM
Hello,
I personally have never done a reinstall with recovery cd's yet. Most of my computers have original Windows cd's.
Did you see a screen similar to this? If so, did you select the already partitoned space and delete it and create a new one? If not, the recovery process may do it for you. Let's see how this fresh install goes and if any problems arise.
I personally have never done a reinstall with recovery cd's yet. Most of my computers have original Windows cd's.
Did you see a screen similar to this? If so, did you select the already partitoned space and delete it and create a new one? If not, the recovery process may do it for you. Let's see how this fresh install goes and if any problems arise.
Edited by jwang01, 19 April 2010 - 01:56 PM.
#68
Posted 20 April 2010 - 07:39 PM
jo jwang01;
well, when i start i just push F11 on boot up.
i never saw that screen, but i believe i saw something like that when i couldn't use the original recovery cds and it did give me a choice to make a new partition and i'll bet i didn't choose the new partition; just did the 'recommended'. darn! now it's locked into the pc angel screen that comes up and after that, i'm given no choice except for destructive or non-destructive recovery.; but even destructive doesn't make a new partition.
i can choose recovery without the cds, which takes about 7 minutes, or i can put in each of the 4 recovery cds which takes around 45 min. and then you have to install drivers and setup windows from there; that takes another half hour probably.
atm i am trying to figure out how to get avira and what i need onto a cd or the flash drive. my friend has not given me the ok to come and finish up his cleanup, so until that happens i may not be able to get to it. will try to post something every couple of days to keep the thread open. hopefully by this weekend i will find a way to get that program on there and clean up norton!
well, when i start i just push F11 on boot up.
i never saw that screen, but i believe i saw something like that when i couldn't use the original recovery cds and it did give me a choice to make a new partition and i'll bet i didn't choose the new partition; just did the 'recommended'. darn! now it's locked into the pc angel screen that comes up and after that, i'm given no choice except for destructive or non-destructive recovery.; but even destructive doesn't make a new partition.
i can choose recovery without the cds, which takes about 7 minutes, or i can put in each of the 4 recovery cds which takes around 45 min. and then you have to install drivers and setup windows from there; that takes another half hour probably.
atm i am trying to figure out how to get avira and what i need onto a cd or the flash drive. my friend has not given me the ok to come and finish up his cleanup, so until that happens i may not be able to get to it. will try to post something every couple of days to keep the thread open. hopefully by this weekend i will find a way to get that program on there and clean up norton!
#69
Posted 20 April 2010 - 07:47 PM
Hello,
A destructive recovery does format the drive. Is that the option you went with? If so, we should be in good shape.
Let me know when you when you get Avita and the Norton Reomval Tool installed as well as the Windows Updates. I can leave this thread open for past the 4 days if needed.
A destructive recovery does format the drive. Is that the option you went with? If so, we should be in good shape.
Let me know when you when you get Avita and the Norton Reomval Tool installed as well as the Windows Updates. I can leave this thread open for past the 4 days if needed.
#70
Posted 21 April 2010 - 05:41 PM
hi jwang01; this is a very long post. my apologies for over explaining and repetition, but i want you to know what goes on when i reformat.
yup; i did destructive reformats every time. so it theoretically should NOT have reinfected with the same thing and behaviors, but it did every time. something changes the autoruns right away and shuts me out as administrator; creates a password that i don't know, so i can't take back ownership or control. it changes security protocol. it shuts down the internet access and all services dependent upon remote procedure call; so that's the end of my av and am protection. then it changes programs and files, overwrites them so that they either no longer exist or no longer work (at least for me). it's as though all those files are on another desktop somewhere that the remote attacker has access to, and i am not privy to those files. and then things stop working, like windows installer, disk check, and i am denied access to the security center, etc. this happens fast; then i'm toast again.
for instance, when i go into services > 'security' > advanced, i (administrator, even password-protected,) am no longer owner and someone has changed my permissions from total control to read only, and the user with the password (S- and a bunch of numbers and dashes) and 'creator', and 'administrators' are in charge. not me any longer. when i first format the drive, i, the administrator, the system, and the local users i invent are the only users. then there are many users after it does its thing. this thing - whatever it is - it's an evil doppelganger. then i start getting lots of 'access denied' messages, even as admin. in safe mode. so somehow through the network, someone gains control of my system. i know it seems impossible, but that is exactly what SEEMS to happen.
maybe a hd going bad acts like that, but when my friend's computer was showing some of the same autoruns at startup that i saw on my computer, that's when i panicked and enlisted the help of this forum (and your help) for the other thread i started, and why the all clean report still leaves me scratching my head and hoping we really don't have the same infection on his computer.
i read a thread, either here or on bleeping computer, that sounded like exactly what happened to my computer, and the responder of that said that the hard drive and even the box itself could never be trusted again unless the person used some kind of disk kill program and even then maybe not... i will see if i can find that thread and post the link. wish i had written down that link to the thread. but that person had a vundo-type virus.
when i reformat, i don't think it is making a new partition. pc angel screen comes up first, and it just says wait -- copying files -- which it does, rather quickly. maybe from partition D - pc angel, the recovery partition. e machines has drive c and the recovery partition, which is D - which is likely corrupt. then it asks for the disks. when i put in the disks, it will say 'copying xyz to xyz' for each file, etc. except - there is no user partition now, (that's a new thing the last couple reformats) so it creates a user partition each time i reformat. (that user partition gets altered and shut down quickly) so - if it were a new partition, wouldn't it have to make those files from the disks from scratch? would there be any copying, except from the disks? that makes me think it's just using the same ole partition and corrupted information over and over again. and then there's that weird random command.exe screen, which i have never seen before, until this infection.
so unless this infection(s) is hiding somewhere else -- bios? usb ports? -- ??? -- i don't know how it keeps reasserting itself, but it does, every time. it's under the radar of my anti virus and anti malware programs. more troubling.
i'm sorry to keep sounding like a broken record here! i want you to know about its behavior. the first time things happened, it took almost a week to wreck things. that seems to happen a lot faster now, sometimes within one internet session and then i can't get back online again. it's been 6 1/2 weeks of this. urgh. by now, just call me eeyore.
i hope i can get avira loaded soon. may need to enlist someone else for help with that. will let you know as soon as i have it but i wanted you to know all this first so you could decide if it's worth it for your time, even after another reformat. if you love a good challenge, fine, we'll do it! but if your time can be spent better, i want to give you that option.
okay, so if you still say "let's do it" after this, then the next post will be to say i have the avira, and have begun the windows updates, ok? will do that from the library. thanks! it may be more than 4 days so i appreciate your leaving the thread open if it takes longer. will check again within 4 days. if i get on my friend's computer again before that, it will be sooner.
my goal after that will be to write short posts and long logs!
thanks!
yup; i did destructive reformats every time. so it theoretically should NOT have reinfected with the same thing and behaviors, but it did every time. something changes the autoruns right away and shuts me out as administrator; creates a password that i don't know, so i can't take back ownership or control. it changes security protocol. it shuts down the internet access and all services dependent upon remote procedure call; so that's the end of my av and am protection. then it changes programs and files, overwrites them so that they either no longer exist or no longer work (at least for me). it's as though all those files are on another desktop somewhere that the remote attacker has access to, and i am not privy to those files. and then things stop working, like windows installer, disk check, and i am denied access to the security center, etc. this happens fast; then i'm toast again.
for instance, when i go into services > 'security' > advanced, i (administrator, even password-protected,) am no longer owner and someone has changed my permissions from total control to read only, and the user with the password (S- and a bunch of numbers and dashes) and 'creator', and 'administrators' are in charge. not me any longer. when i first format the drive, i, the administrator, the system, and the local users i invent are the only users. then there are many users after it does its thing. this thing - whatever it is - it's an evil doppelganger. then i start getting lots of 'access denied' messages, even as admin. in safe mode. so somehow through the network, someone gains control of my system. i know it seems impossible, but that is exactly what SEEMS to happen.
maybe a hd going bad acts like that, but when my friend's computer was showing some of the same autoruns at startup that i saw on my computer, that's when i panicked and enlisted the help of this forum (and your help) for the other thread i started, and why the all clean report still leaves me scratching my head and hoping we really don't have the same infection on his computer.
i read a thread, either here or on bleeping computer, that sounded like exactly what happened to my computer, and the responder of that said that the hard drive and even the box itself could never be trusted again unless the person used some kind of disk kill program and even then maybe not... i will see if i can find that thread and post the link. wish i had written down that link to the thread. but that person had a vundo-type virus.
when i reformat, i don't think it is making a new partition. pc angel screen comes up first, and it just says wait -- copying files -- which it does, rather quickly. maybe from partition D - pc angel, the recovery partition. e machines has drive c and the recovery partition, which is D - which is likely corrupt. then it asks for the disks. when i put in the disks, it will say 'copying xyz to xyz' for each file, etc. except - there is no user partition now, (that's a new thing the last couple reformats) so it creates a user partition each time i reformat. (that user partition gets altered and shut down quickly) so - if it were a new partition, wouldn't it have to make those files from the disks from scratch? would there be any copying, except from the disks? that makes me think it's just using the same ole partition and corrupted information over and over again. and then there's that weird random command.exe screen, which i have never seen before, until this infection.
so unless this infection(s) is hiding somewhere else -- bios? usb ports? -- ??? -- i don't know how it keeps reasserting itself, but it does, every time. it's under the radar of my anti virus and anti malware programs. more troubling.
i'm sorry to keep sounding like a broken record here! i want you to know about its behavior. the first time things happened, it took almost a week to wreck things. that seems to happen a lot faster now, sometimes within one internet session and then i can't get back online again. it's been 6 1/2 weeks of this. urgh. by now, just call me eeyore.
i hope i can get avira loaded soon. may need to enlist someone else for help with that. will let you know as soon as i have it but i wanted you to know all this first so you could decide if it's worth it for your time, even after another reformat. if you love a good challenge, fine, we'll do it! but if your time can be spent better, i want to give you that option.
okay, so if you still say "let's do it" after this, then the next post will be to say i have the avira, and have begun the windows updates, ok? will do that from the library. thanks! it may be more than 4 days so i appreciate your leaving the thread open if it takes longer. will check again within 4 days. if i get on my friend's computer again before that, it will be sooner.
my goal after that will be to write short posts and long logs!
thanks!
#71
Posted 22 April 2010 - 12:41 PM
Hello,
Thanks for the informative explanation.
This is definitly a hrd one to figure out. But let's see how this new install act's and if the problems still come back. Go ahead and get Avira on the computer and install the updates.
Thanks for the informative explanation.
This is definitly a hrd one to figure out. But let's see how this new install act's and if the problems still come back. Go ahead and get Avira on the computer and install the updates.
#72
Posted 26 April 2010 - 04:58 PM
hey jwang01;
this is my first chance to get to the library in awhile. still no luck getting what i need to continue with loading avira onto my computer. will have to start over with that download probably, and haven't asked anyone else for use of their computer on this.
i am thinking that rather than hold you up anymore, perhaps you should close this thread for the time being. one way or the other i will let you know what happens if i get avira.
can i send you a private message when/if i get up and running again?
hope to find someone who will help me get avira and norton removal tool soon, but things are not looking too hopeful atm.
this is my first chance to get to the library in awhile. still no luck getting what i need to continue with loading avira onto my computer. will have to start over with that download probably, and haven't asked anyone else for use of their computer on this.
i am thinking that rather than hold you up anymore, perhaps you should close this thread for the time being. one way or the other i will let you know what happens if i get avira.
can i send you a private message when/if i get up and running again?
hope to find someone who will help me get avira and norton removal tool soon, but things are not looking too hopeful atm.
Edited by pixillated, 26 April 2010 - 05:07 PM.
#73
Posted 26 April 2010 - 05:11 PM
Hello,
You could always just go to the Avira site and download the setup file and save it to your desktop, and then disconnect from the net. Then uninstall Norton normally for now and install Avira AntiVir. Then update Windows, then use the Norton Removal Tool. It's up to you though, let me know how you want to proceed.
You could always just go to the Avira site and download the setup file and save it to your desktop, and then disconnect from the net. Then uninstall Norton normally for now and install Avira AntiVir. Then update Windows, then use the Norton Removal Tool. It's up to you though, let me know how you want to proceed.
#74
Posted 28 April 2010 - 05:13 PM
hey jwang01;
i could try that, i just haven't had much time as of late. until after the 9th of may i am busy with volunteer stuff, incl a choir performance.
what about if i go to the geeks to go site and then this thread and download avira from there? or is it better to just go to their official site (whatever that is)?
should have time in the next 3 or 4 days to try that and keep this thread open. will let you know from here at the library.
i could try that, i just haven't had much time as of late. until after the 9th of may i am busy with volunteer stuff, incl a choir performance.
what about if i go to the geeks to go site and then this thread and download avira from there? or is it better to just go to their official site (whatever that is)?
should have time in the next 3 or 4 days to try that and keep this thread open. will let you know from here at the library.
#75
Posted 29 April 2010 - 01:23 AM
Hello,
Comeing back here and clicking on the link will bring you to the offical page for Avira.
Ok, I will keep this thread open for you.
Comeing back here and clicking on the link will bring you to the offical page for Avira.
Ok, I will keep this thread open for you.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users