Jump to content

Computer infection will not allow me to run malware programs


Recommended Posts

Hello,

 

I recently became infected with something that I cannot work my way around. I have tried installing malwarebytes, eset, roguekiller, etc. but whenever I click on them nothing happens. A few things I have discovered in the process:

 

-chrome hasnt been working for awhile, thought it was just weird so ive been running firefox but its reacting very slowly

-task manager is disabled everytime I restart my computer, have to manually change that in the registry

-all windows firewalls, defender, etc were disabled. had to go into services to manually change that

-when i got task manager working I had about 20+ copies of chrome.exe running but all were unresponsive (the little icon next to the process name was a windows box like when a program isnt working, not the usual chrome symbol)

-system protection and system restore was disabled in registry, had to change that - all previous restore points deleted

-certain programs will run and install, anything that deals with antivirus will be unresponsive (nothing even pops up to install other than the "are you sure you want to open this file" box) and chrome opens and immediately crashes

 

I ran combofix and here is my log. Thanks for your help!

ComboFix.txt

Link to post
Share on other sites

Hello,

 

I recently became infected with something that I cannot work my way around. I have tried installing malwarebytes, eset, roguekiller, etc. but whenever I click on them nothing happens. A few things I have discovered in the process:

 

-chrome hasnt been working for awhile, thought it was just weird so ive been running firefox but its reacting very slowly

-task manager is disabled everytime I restart my computer, have to manually change that in the registry

-all windows firewalls, defender, etc were disabled. had to go into services to manually change that

-when i got task manager working I had about 20+ copies of chrome.exe running but all were unresponsive (the little icon next to the process name was a windows box like when a program isnt working, not the usual chrome symbol)

-system protection and system restore was disabled in registry, had to change that - all previous restore points deleted

-certain programs will run and install, anything that deals with antivirus will be unresponsive (nothing even pops up to install other than the "are you sure you want to open this file" box) and chrome opens and immediately crashes

 

I ran combofix and here is my log. Thanks for your help!

Also, based off other users responses, I ran AdwCleaner which cleaned and restarted my computer. Then I tried running Zoek with the script provided by TwinHeadedEagle but it just sits on the "---Create Environmental Variables ...." screen. When I try to exit it or do anythign else it says "Zoek.exe already running" and reverts back to the "Zoek.exe is running! when this is done a log file will open, etc.." but I let it go for 30+ minutes and nothing ever opened.

Link to post
Share on other sites

Found another post from a year ago instructing someone to run OTL by Oldtimer with the following script:

:Commands[CREATERESTOREPOINT]:OTLO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)[2014/06/15 19:01:17 | 000,000,000 | ---D | C] -- C:\Users\Penny\AppData\Local\Idle-Crawler[2014/06/21 15:39:13 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job[2014/06/21 12:01:09 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2014/06/20 16:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job:FilesC:\Program Files (x86)\Google:Commands[resethosts][emptytemp][Reboot]

After it reset I got the attached log file and it worked, task manager was available right away without me having to edit the registry for it and all the chrome.exe's were gone from the processes. Then I ran AdwCleaner and it didnt detect anything and reset again. After it reset, back to the same old ways - no task manager, etc. Tried redoing the OTL and it isn't fixing anything now.

OTL.log

Link to post
Share on other sites

Not trying to bombard this post, just trying to update as I find new information. I found that if i enable task manager by going to gpedit.msc then when I restart it is enabled for the first minute or two, then something is disabling it. The virus must have a delayed startup whenever I start my computer. Just throwing information out here as I get it. Thanks and sorry again for numerous posts.

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

Okay, let's scan your PC again:
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Okay, let's scan your PC again:

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Addition.txt

FRST.txt

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

FRST.gif FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy MalwareBytes into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Link to post
Share on other sites

mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

 

That program will not run either, when I click Run as Administrator it doesnt do anything.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.