Jump to content

Blank screen and virus shuts all function down.


Recommended Posts

I start my pc up and then when i go to open a program or if i get the program open the virus attacks my video then it stops all functions of my pc. 

I had Twin headed eagle remove it and i had malware-bytes installed but it was a trial once the trial was up the virus came back doing the same thing.

I know that reformatting the hard drive and restoring the pc to its factory state is best. But i have to much invested in my musical software and some of it i will have to wait to download from third party websites which take hours then installs can take half that but its a lot of work. Can you help please.

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Post those logs....

 

Thank you,

 

Kevin.

Link to post
Share on other sites

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.


 

Link to post
Share on other sites

I don't know.  The only virus install tools I installed where the ones told to me. If i did and i don't member a lot of them like tdsskiller and a avg_avct_st_all_2015. Most of this stuff comes from Cnet if i install it never install. When me and when i was trying to run malware-bytes chameleons that would pop up and it would terminate the scan on all 12 versions none of them worked but every-time that right there would pop up as the reason it wouldn't continue the scan.

Link to post
Share on other sites

I just do not trust that program, I see it was already showing installed in your last thread. Obviously if the issue you have has returned similar or the same as the last time then maybe we need to dig deeper... 

 

I see your AV program is disabled and outdated, any reason for that?

 

FRST was run from safemode with networking, why not normal mode?

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

I want you to boot to normal mode and re-install Malwarebytes:

 

Download and run  mbam-clean.exe ensure system is re-booted, then continue:

 

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin


 

Fixlist.txt

Link to post
Share on other sites

Every time I run from normal mode it blanks the screen out the only way i can get anything done on the pc is to run in safe mode cause what ever is running isn't running to disrupted pc operation. But sometimes it does effect the PC in safe mode too and i have to restart then it will work. I don't see the av program installed on my pc. In fact I uninstalled it when all this happened cause it wasn't working. I will run the scan now following your steps

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/6/2016

Scan Time: 8:44 PM

Logfile: malware.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.01.06.06

Rootkit Database: v2016.01.05.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Admin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 391267

Time Elapsed: 12 min, 53 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Did you run the FRST fix? can I see that log....

 

Ok I want you to run Windows Defender offline tool, you will need a USB flash drive (memory stick)

 

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.  It can also be run from a CD, just change to that option in the instructions…
It can be created from the PC with issues, but a different clean PC is preferred!


Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8/10 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

WD2.png

In the new window accept the agreement:

WD2a.png

In the new window select your USB Flash Drive, then select "Next"

WD3.png

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

WD3a.png

In the new window accept the formatting alert by selecting "Next"

WD3b.png

Files will be Downloaded:

WD4.png

Files will be processed and created

WD5.png

Flash drive will be formatted and prepared

WD6.png

Files will be added to the Flash Drive and the tool will be created.

WD7.png

The procedure is finished and the Tool created, click on "Finish" to complete.

WD8.png

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F2 or F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Microsoft Antimalware\Support\MPLog - mm/dd/yy - hh/mm/ss.Log"

Open with notepad and copy and paste it into a reply.

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

yes I did run the fix....The log is below and Im running the windows defender software right now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-01-2015
Ran by Admin (2016-01-06 20:26:18) Run:2
Running from F:\
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Run: [Virus Effect Remover] => C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe
C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe
C:\Program Files (x86)\Virus Secure Lab
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoUpdateCheck] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\MountPoints2: {020e7f30-d957-11e1-bc32-742f6835a9f3} - F:\iStudio.exe
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\...\MountPoints2: {dea5d45b-8a7e-11e5-8b75-fc0b6198b311} - F:\VZW_Software_upgrade_assistant.exe
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
S3 lmimirr; no ImagePath
AlternateDataStreams: C:\Users\Admin\Desktop\20130712_133748.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Admin\Desktop\FLPrecovery.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Admin\Desktop\insanity calendar.txt:com.dropbox.attributes
FirewallRules: [{81FE93CA-8D49-4271-AE49-E3D277D7D931}] => (Allow) D:\Av\avgmfapx.exe
FirewallRules: [{FDA7DB44-501B-4F82-9EBB-D61E48F13352}] => (Allow) D:\Av\avgmfapx.exe
EmptyTemp:
end
*****************
 
Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Virus Effect Remover => value removed successfully
"C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe" => not found.
"C:\Program Files (x86)\Virus Secure Lab" => not found.
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFileUrl => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetHood => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFileMenu => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskBar => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Nosecuritytab => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoUpdateCheck => value removed successfully
HKU\S-1-5-21-733214114-3496530890-3564253868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
"HKU\S-1-5-21-733214114-3496530890-3564253868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{020e7f30-d957-11e1-bc32-742f6835a9f3}" => key removed successfully
HKCR\CLSID\{020e7f30-d957-11e1-bc32-742f6835a9f3} => key not found. 
"HKU\S-1-5-21-733214114-3496530890-3564253868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea5d45b-8a7e-11e5-8b75-fc0b6198b311}" => key removed successfully
HKCR\CLSID\{dea5d45b-8a7e-11e5-8b75-fc0b6198b311} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
lmimirr => service removed successfully
C:\Users\Admin\Desktop\20130712_133748.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Admin\Desktop\FLPrecovery.zip => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Admin\Desktop\insanity calendar.txt => ":com.dropbox.attributes" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81FE93CA-8D49-4271-AE49-E3D277D7D931} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDA7DB44-501B-4F82-9EBB-D61E48F13352} => value removed successfully
EmptyTemp: => 103.1 MB temporary data Removed.
 
 
The system needed a reboot.
 

==== End of Fixlog 20:26:27 ====

Link to post
Share on other sites

It will not let me update the software it says that my wifi is not turned on and there is noway for me to turn it on not manually or other wises. Do you have a copy of the most update version so that i dont have to turn on the wifi in this dos mode? It needs to be the most uptodate version.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.