Jump to content

Emergency Help - can't work until safe. Virus/Malware issues


Recommended Posts

I did it twice because you told me to. (ETA - my mistake, I did do it one time to many)

Yes, when the command prompt flashed open and closed (prior) it was more like a half of second. If I had blinked, I would have missed it.

As far as the last instruction, the first command did indeed change the drive successfully. The second one says it succeeded.

Link to post
Share on other sites
  • Replies 219
  • Created
  • Last Reply

Sorry for the delay in getting back to you. My system ran into a problem and I was fixing it.

Since it appears that the vbgrid control is successfully registered, would you now see if you can start MBAM and do a Quick scan?

If yes, I'd like you to post a copy of the mbam scan log.

Re-verify that you can still start your antivirus.

Tell me if the Task bar has re-appeared.

Link to post
Share on other sites

Forgot to say....

I am getting the RPC error again in Paint. I know you're not concerned about Paint, but I do think the RPC error is playing a part in some of these problems. I did some Google searching and found that many programs rely on RPC service to run. I checked services in both modes and RPC service was set to manual and not running. I attempted to start the service (in both modes) and got..

"Unable to start RPC. Error 5: Access Denied"

I found numerous posts, even on this site from years ago, where people had my same issues. I wasn't able to find any posts with resolutions, but I at least feel confident we can fix this, and it's not some obscure thing.

Link to post
Share on other sites

Remember we talked about whether you made backups a regular practice, and that you do not have an external drive for backups (iirc).

Please make plans to purchase a USB external drive, as large as you can afford, from maybe a local electronics store, or perhaps online like at newegg, amazon, cdw, compusa, tigerdirect, etc...

Please get one soon.

If you get one large enough to accommodate this system, plus your other systems, that would be good.

Having that external drive will in the future make regular backups possible.

It can also serve as a backup vehicle for storing this computer's important documents, personal files & such .....in case you have to wipe/erase this system and rebuild from scratch.

The latter case is becoming more & more likely. It would be the safest thing to do long term. It would be the only way to "know" that you have a clean system.

Also, this may be faster to get this system working normally than us continuing the "saga that we have been on".

A wipe/erase & new windows install is do-able within a few hours, one day.

To re-install your add-on apps, like Antivirus, MBAM, Turbotax, quickbooks, quicken, word processing, spreadsheet, etc will require the original setup media & product keys, etc

and those would be additional time.

So take a moment, make a new decision, and let me know what you decide.

Just as memory refreshers:

This is a Dell computer ? what is the model number? desktop system, right? {e.g. it is not a notebook ? }

Do you have the Windows XP CD ?

I wanted for the system to still be in Safe mode, and, logged in with Administrator account.

Download and save to your system these reg files

http://download.blee.../RpcLocator.reg

http://download.blee...es/xp/RpcSs.reg

For each one of these, do a Right click on the reg file and select Merge and allow to merge into registry.

BTW, do not go hunting for other fixes to RPC service, as I do not need any. We had previously done 1 attempted fix for RPC, and these are another try.

Now, remember the xp_tasbar_desktop_fixall.vbs I had you get before.

While in Safe mode, double click that vbs file to start it and run it.

Take notes on the result, and provide detail.

We are goind to do that one time, and whether it works or not, we are done for now on the taskbar issue.

Now, Logoff and Restart Windows in Normal mode.

I want to know IF the Taskbar shows.

IF it does not show, move your mouse pointer all the way down to the bottom. Do you see any visible "edge" of the top of taskbar? If so, drag the visible edge upward to redisplay the taskbar.

Let me know all results, from all that I have outlined here.

And answer the questions I noted above.

I have just spent the past hour / hour & a half re-reviewing all of this thread. My head is spinning.

We have cured the spurrious restriction policy issues, which is great.

But we have a number of issues remaining, plus, the "integrity" & "security" of this Windows system is up in the air, and we are on the edge right now ---of facing a wipe/delete all and a rebuild of Windows.

Link to post
Share on other sites

I missed quite a bit of work because of this, so there's no way I can get an external drive right now. Maybe in a few weeks.

This is a Dell E521 Desktop. I don't have the original Windows XP CD, only the Drivers and Utilities disk..

I do, however, have..

a Windows Vista Home 32BIT SP1 disc from our Dell Laptop

a backup copy I made of Windows XP Pro SP3 for a friend's pc (a long time ago)

I'm not 100% against wiping this sucker and restarting. My biggest problem is I have NO cash to buy a drive big enough, and I can't wipe until I get a few files off of it. I can't even burn files to dvd because it won't let me. I can't drag/drop and I can't remember the errors it gives me. I can try again. If we could get it, in good enough shape to burn disks, so I can save a few things, I'm all for wiping.

Those 2 files were successfully merged into the registry.

The taskbar script wouldn't do anything. Nothing happened at all when I double clicked it.

Rebooted in normal mode - still no taskbar.

If you want to give up, I understand.

Link to post
Share on other sites

Knock on wood for me..... somehow, I got it to start backing up my pictures and all the taxes. It looks to be actually writing the disk...

When it's done, I'm going to put the dvd in the laptop and verify that they're there. If so, we are good to go for wiping.

Link to post
Share on other sites

The cd would now have the stuff you saved.

In what sense do you mean by "use one of the cd's" ???

You will want to scan those files with antivirus program before copying them back onto a computer.

Understand that a wipe / erase/ clean Windows install means that this computer will be set back to Day 1 as it came out of the factory.

All your personal files & documents will be gone.

All the programs you ever installed on this computer will be gone.

I asked this just earlier..... need your answers:

This is a Dell computer ? what is the model number? desktop system, right? {e.g. it is not a notebook ? }

Do you have the Windows XP CD ?

This next part is just to see if the computer hard drive has a factory restore partition.

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Link to post
Share on other sites

I answered you earlier :)

This is a Dell E521 Desktop. I don't have the original Windows XP CD, only the Drivers and Utilities disk..

I do, however, have..

a Windows Vista Home 32BIT SP1 disc from our Dell Laptop

a backup copy I made of Windows XP Pro SP3 for a friend's pc (a long time ago)

I already scanned the items on the dvds (2) I created, with antivirus software. I burned only the files that are a necessity (wasn't too much). I know it will be original factory settings and my stuff wiped. I'm okay with that.

When I asked about using "those cd's" I meant the ones bolded below.

This is a Dell E521 Desktop. I don't have the original Windows XP CD, only the Drivers and Utilities disk..

I do, however, have..

a Windows Vista Home 32BIT SP1 disc from our Dell Laptop

a backup copy I made of Windows XP Pro SP3 for a friend's pc (a long time ago)

I'm not 100% against wiping this sucker and restarting. My biggest problem is I have NO cash to buy a drive big enough, and I can't wipe until I get a few files off of it. I can't even burn files to dvd because it won't let me. I can't drag/drop and I can't remember the errors it gives me. I can try again. If we could get it, in good enough shape to burn disks, so I can save a few things, I'm all for wiping.

Those 2 files were successfully merged into the registry.

The taskbar script wouldn't do anything. Nothing happened at all when I double clicked it.

Rebooted in normal mode - still no taskbar.

If you want to give up, I understand.

brb with the results from Listpart

Link to post
Share on other sites

How does this look?

ListParts by Farbar Version: 10-03-2013

Ran by Mom (administrator) on 11-04-2013 at 17:58:57

Windows XP (X86)

Running From: C:\Documents and Settings\Mom\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 3070.42 MB

Available physical RAM: 2507.81 MB

Total Pagefile: 4349.56 MB

Available Pagefile: 4020.13 MB

Total Virtual: 2047.88 MB

Available Virtual: 2001.92 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:145.96 GB) (Free:23.88 GB) NTFS ==>[Drive with boot components (Windows XP)]

The disk management services could not complete the operation.

============================== MBR Partition Table ==================

****** End Of Log ******

Link to post
Share on other sites

First, you cannot use those CDs you mentioned just earlier.

a Windows Vista Home 32BIT SP1 disc from our Dell Laptop

a backup copy I made of Windows XP Pro SP3 for a friend's pc (a long time ago)

{The Vista cd belongs to that laptop & only that laptop}.

{You cannot use any friends' or any other CD to install Windows on this Dell computer}.

And I did not mean in my question to in anyway imply that you could use any o.s. cd that is not licensed for use on this system.

Usage of those cds would be against the MS EULA & would be considered piracy.

I intended to mean if you had a Windows o.s. XP CD from Dell when you purchased this system.

The Lisparts report is not clear. Maybe your antivirus blocked some part of it.

Please make very sure antivirus is OFF completely. {in any event, the system is NOT now connected to the internet}.

Then run Listparts just 1 more time. Copy > Paste the report.

Also, for safety sake, do this too:

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

That will give me a second "view" to see if the DELL Recovery partition is on the hard drive.

IF after all this, a factory recovery partition is not present, you would need to seek help at DELL customer support to see if they can provide a Windows XP o.s. CD ....even if they charge you some amount ....

and if not, you would need to anticipate buying an XP SP3 CD at eBay or the like.

Link to post
Share on other sites

The Listparts scan was exactly the same. I can't right click on the orange ball to disable Avast, because I have no taskbar. Hopefully, the ASW scan will tell you what you need to know.

NOTE: The results of this scan are VERY interesting. One thing I noted was one of the "suspicious" files: atapi.sys. I Googled this and found good info here, maybe you can peek at it?

http://www.bleepingcomputer.com/forums/t/279883/google-search-engine-hijacker-atapisys-rootkit/

I should have elaborated about the XP Pro cd I have. My friend bought it online and I made a copy of it for her. She never used it, instead bought a new computer. It's not my original, but couldn't we use it since she didn't?

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-11 18:37:59

-----------------------------

18:37:59.250 OS Version: Windows 5.1.2600 Service Pack 3

18:37:59.250 Number of processors: 2 586 0x4B02

18:37:59.250 ComputerName: FAMILY UserName:

18:37:59.640 Initialize success

18:38:01.187 AVAST engine defs: 13032901

18:38:43.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d

18:38:43.656 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3

18:38:43.656 Device \Driver\nvata -> MajorFunction 8b1531f8

18:38:43.671 Disk 0 MBR read successfully

18:38:43.671 Disk 0 MBR scan

18:38:44.062 Disk 0 unknown MBR code

18:38:44.078 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

18:38:44.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149464 MB offset 80325

18:38:44.968 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306198900

18:38:45.078 Disk 0 scanning sectors +312496380

18:38:45.421 Disk 0 scanning C:\WINDOWS\system32\drivers

18:38:59.500 Service scanning

18:39:17.968 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

18:39:22.171 Modules scanning

18:39:23.187 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**

18:39:24.828 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**

18:39:25.656 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**

18:39:26.203 AVAST engine scan C:\WINDOWS

18:39:33.953 AVAST engine scan C:\WINDOWS\system32

18:41:16.828 AVAST engine scan C:\WINDOWS\system32\drivers

18:41:25.406 AVAST engine scan C:\Documents and Settings\Administrator

18:41:29.968 AVAST engine scan C:\Documents and Settings\All Users

18:43:52.156 Scan finished successfully

18:45:02.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Momfix\MBR.dat"

18:45:02.421 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\Momfix\aswMBR.txt"

18:45:20.750 Disk 0 MBR has been saved successfully to "E:\MBR.dat"

18:45:20.984 The log file has been saved successfully to "E:\aswMBR.txt"

Link to post
Share on other sites

It is safest to do a wipe & clean install.

Providing the Windows XP cd is the original, has the Microsoft logos on it, and you have the product key to go with that, then a clean install can be started. Remember that you will need to boot off this cd.

Make sure you have at hand a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).

When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.

Remember that when you do this you will need to have the installers for all your software, along with all the information for configuring your system, such as license keys and passwords.

See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP

Also Clean Install Windows by Michael Stevens, MS-MVP

I would urge you to follow the directions very carefully.

You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

I will have 2 later posts to make for you, later, relating to future safer practices, plus a relevant admonition.

Link to post
Share on other sites

Nicely installed without a hitch! I've never been so happy to see a taskbar...

I'm done for tonight. That whole process made me a nervous wreck!

The computer hasn't been connected to the internet at all as it doesn't have wireless and it's far away from my modem. That will be my next task. I will save Avast to the flash drive and install that tomorrow. I'll be watching for additional instruction and suggestions.

PS - I won't be using this PC for work anymore. It will basically just be a family pc for Facebook & perhaps games. I have a new tower for work, but I still want your recommendations for both please.

Link to post
Share on other sites

Very well. Kudos.

Your next priority on this system is to install your Antivirus program. {granted you have no internet connection. Maybe in the future (if your Dell hardware & XP Home does not allow for a wireless connection, you can look at getting a low cost USB based wireless connector and connect to your router. That way you'd have internet connection.)

The next highest priority is to connect to Windows update and to get all the critical security updates from Microsoft.

Also to get the latest Internet Explorer.

The admonition:

You have stated way at the start that you had run a number of tools on your own.

Malwarebytes (found nothing), Combofix, Hitman Pro (2 threats), TDSS Killer (found 1), and Rogue Killer (found 2).

Never ever run Combofix on your own, without the guidance of an expert at our forum.

Combofix is never intended to be used as a front-line tool. We usually will run other diagnostics before it.

Plus your having run that and also all those other tools made things complicated.

Using your antivirus and MBAM is ok. Resorting on your own for the other tools is not ok.

Using online virus scanners is ok. But again, not the advanced tools such as TDSSkiller or roguekiller.

I believe you early on had a "ransomware" infection. It was at that point that you should have stopped and got help at this forum or one of our sister forums (such as Bleepingcomputer or Spywarehammer, for example).

Please do not take this as a personal affront. I am just being very frank.

You need to get MBAM Pro license for each of your computers.

I would also suggest getting & installing WinPatrol 2013 for each of your systems so you can have a bit more control over what gets installed on your system.

For MBAM Pro license see http://www.malwarebytes.org/products/

The license is for one computer. But is good for life; no annual renewal.

WinPatrol will assist you in keeping your computer safer

http://www.winpatrol.com/

Tutorial here http://www.winpatrol.com/features.html

Link to post
Share on other sites

Backups are your best friend. Make sure to get an external drive to save your backups. {remember my ealier note on a backup drive}

Make a system backup at least once a week. That way you have something to fall back on if you get in a bad jam.

Make use of Windows' System restore on your own on a frequent basis to make new restore points on some regular basis.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.