Author Topic: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates  (Read 17026 times)

0 Members and 1 Guest are viewing this topic.

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #15 on: September 08, 2012, 05:03:39 AM »

Could you tell me exactly the problems that you experience in normal mode.  As this will all have to be done manually

Dear essexboy,
Sorry, don't really know what else to tell you except what I originally posted on Aug. 13th. The only other things I can think of that have appeared in about the same timeframe are: when the laptop starts up, it doesn't produce a series of beeps which it has been doing ever since I added 256 MB of memory [over a year ago] ('Googling' tells me it has to do with a failing power supply but I don't really believe that). It has also started keeping enabled the PCMCIA card (laptop does not have built-in wireless capability) even though the driver (wirelesscm.exe) has been stopped by an error condition and it has started requesting to check for hard drive consistency every time it boots (in order to maximize my chances of getting something useful done until the laptop eventually 'freezes up', I have been bypassing this). It has also not been going to 'sleep' after a period of inactivity, instead the fan starts running continuously, which tells me that the CPU is working very hard (100% according to Task Manager) and generating lots of heat. Hope this helps you provide me with some guidance.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #16 on: September 08, 2012, 02:16:56 PM »
Do you have the ability to burn a CD ?

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.


  • Use arrow keys to select  DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.


  • The programme will now scan for and cure/delete any malware that it finds.  Allow it to do so 
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #17 on: September 09, 2012, 04:20:56 AM »
Do you have the ability to burn a CD ?

I can burn a CD on my uninfected desktop computer but NOT on the infected laptop (only CD drive, no CD-RW). Should I go ahead and download the two programs you suggested to the desktop of my desktop computer and burn the CD, then adjust the laptop Bios for CD to be first boot device and insert the CD in my laptop optical drive and follow the rest of your instructions?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #18 on: September 09, 2012, 01:34:30 PM »
Yes it would be better to burn the CD on a different computer, just in case any infection interferes with the burn 

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #19 on: September 09, 2012, 08:38:15 PM »
Yes it would be better to burn the CD on a different computer, just in case any infection interferes with the burn

And, as I said, I don't have the ability to burn a CD on the infected laptop, which has a CD read-only drive.

I see that Dr. Web LiveCD is a 190 MB download and the disc created is an Emergency Recovery disc for systems that have become un-bootable (which point I'm not at yet). While I can access the internet wirelessly from my laptop, I  am only on a dial-up connection for my desktop computer, and therefore, a 190 MB download will take a very long time (and may require several attempts to complete). Is it possible that the Dr. Web CureIt! product which, being based on an on-line scanner, would do at least as good a job as Dr. Web LiveCD and won't require such a very large download?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #20 on: September 09, 2012, 09:17:00 PM »
Most online virus scans are quite large, this is the smallest I could find


Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: 
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • [color="#FF0000"]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.[/color]
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #21 on: September 10, 2012, 07:51:23 PM »
Sorry just noticed win2k  I have never seen that on a laptop before.  Unfortunately that severely restricts the tools I can use

Could you tell me exactly the problems that you experience in normal mode.  As this will all have to be done manually

By the way, did the logs I provided earlier from MalwareBytes and OTL not provide at least a hint of what is going on with my infected laptop and/or what to do about it?

Am I right in assuming from your recommendation of the ESET on-line scanner that you prefer it over the Dr. Web CureIt! As far as the on-line scanner goes, I'm not quite sure what you mean about "most on-line scans are quite large" - I thought that one of the benefits of on-line scans is that they don't need to be downloaded to the users' computer. Also, to add another 'wrinkle' to this whole adventure, while I have been running Firefox on the infected laptop for the past couple of years, I am running Chrome on my desktop computer (although I do still have a copy of Internet Explorer 6 on it). Since you don't mention the Chrome browser with respect to ESET and your instructions (and we are trying to stay away from doing this work on the infected machine), what would you suggest that I do?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #22 on: September 10, 2012, 08:31:07 PM »
Unfortunately all online scans nowadays will download the full virus definitions

I do prefer Dr Web over Eset but it is bigger

The thing with online scans is that the infected system must be connected to the net to do an effective job

All I am looking for now is any possible file replicators, I do not believe that you have one, but they will mess with safe mode.  Otherwise I am seeing no malware signs on the initial logs

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #23 on: September 11, 2012, 10:34:40 PM »
Unfortunately all online scans nowadays will download the full virus definitions

I do prefer Dr Web over Eset but it is bigger

The thing with online scans is that the infected system must be connected to the net to do an effective job

All I am looking for now is any possible file replicators, I do not believe that you have one, but they will mess with safe mode.  Otherwise I am seeing no malware signs on the initial logs

O.K., so with an online scanner, I need to be running it from the infected laptop. As long as I can accomplish it before the laptop freezes up again on me, that would seem to solve the problem with the Eset on-line scanner apparently only working with Firefox or Internet Explorer since Firefox is exactly what I am using on the Dell Latitude C610 laptop. When you say that you "prefer Dr. Web over Eset" are you talking about the Dr. Web LiveCD emergency recovery disk program or the Dr. Web CureIt on-line scanner program or both? Which one should I now attempt to run on the infected laptop connected wirelessly to the internet (fast connection)?
Just to repeat, I don't seem to have any problems while in Safe Mode except that the laptop seems to be running slower - at least it doesn't freeze up on me!
I recognized a file listed in one of the logs, tcpwamlib.exe, which I have had dealings with before and had to send to the AVAST Virus Chest.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #24 on: September 11, 2012, 10:48:16 PM »
That is a stopped service, which I can remove for you.  With Win2k though there are a lot of older files that are no longer used on XP and beyond

I prefer both versions of Dr Web, the AV itself is only average for detection but the removal tools are good

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\tcpwamclib.exe -- (WamcSvc)

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #25 on: September 18, 2012, 04:27:34 AM »
O.K., so I followed your instructions, starting in 'Safe Mode'. As soon as I began, I received a series of 3 instances of the same error message: "WinMgmt.exe. has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created." After determining which directory this file resides in (C:\WINNT\system32\wben), I found 3 logs which had been updated today and I have attached copies of all three (results to this point). During this effort, I received another 12 notifications regarding the WinMgmt.exe program. When the computer rebooted from OTL, I wasn't fast enough to select 'Safe Mode' so it went to a normal boot. Once re-booted, I started OTL and then clicked the 'Quick Scan' button and the program took off, with a series of file names and Registry entries flashing by in the Status Bar. During this time, another 6 notifications were received regarding the WinMgmt.exe program. Unfortunately, when the OTL 'Quick Scan' was about three-quarters done, the laptop froze (as it has been doing for weeks now).
So, I shut it down and restarted in 'Safe Mode' and re-ran OTL 'Quick Scan'. One thing I noticed was that, although when I first opened OTL, the selection boxes were as shown in your screenshot above, when I clicked on 'Quick Scan', the 'Use Company-Name WhiteList, Skip Microsoft Files, LOP Check and Purity Check all became selected. OTL 'Quick Scan' finished its work (much quicker than the first time I ran it - before the laptop froze) and I have attached the OTL log that it created (it did not create an 'Extras' log file this time). During this time, I received the initial sries of 3 plus 5 more notifications regarding the WinMgmt.exe program.
I have not yet run either the Eset or Dr. Web CureIt! on-line scanners on the infected laptop and I await your comments/further instructions.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #26 on: September 18, 2012, 03:48:35 PM »
OK lets cure the winmgmt problem first

What has happened is a system config file has been corrupted...

go to:

C:\WINNT\system32\wbem\Repository

in there you will find a file named:

$WinMgmt.CFG$

DELETE IT... or if you don't want to, rename it to $WinMgmt.CFG.OLD or something...

SHUT DOWN... and Power Back Up again... when you log back in it will give you the same message once... wait till the OK button appears (this should restart WinMgmt.exe)...
CLICK OK... and you should be good to go...

if for some reaspon WinMgmt.exe doesn't automatically start you can double-click it at:

C:\WINNT\system32\wbem\winmgmt.exe

balls69bc

  • Guest
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #27 on: September 21, 2012, 12:24:45 AM »
Hi essexboy,
    In 'Safe Mode', I followed your instructions regarding WinMgmt to the letter (except for the second '$' on the $WinMgmt.CFG file but it has made not difference. Did some looking around on my own and found what I believe is your source for those instructions (techspot.com?) and there is a process further down the page there (#20) that purports to be from the original Microsoft support Knowledge Base article (Q298130) and which involves stopping the WinMgmt service, deleting/renaming all the files in the Repository directory and then re-starting the service. Tomshardware has a forum item which seems to agree with this advice.
I also came across a Knowledge Base article (830075) which deals with excessive use of CPU resources and requires the user to reduce the 'Logging' action of Windows Management Instrumentation (WMI) to 'Errors only'. However, I tried this procedure and was unable to access the 'Logging' tab (clicking on it does nothing) with the following message 'Failed to connect to <local computer> because "WMI: Initialization failure"'. Is it possible that this is what has slowed my laptop down to a crawl, eventually 'freezing' right up and, if so, any ideas on how to fix?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware Sent to Chest - Now No Boot-Time Scan/AVAST updates
« Reply #28 on: September 21, 2012, 02:36:35 PM »
There is a batch file here that may solve the problem  http://www.pcreview.co.uk/forums/wmi-problems-t1898592.html  post 2