Author Topic: 4 days into the virus- really need some help!  (Read 13204 times)

0 Members and 1 Guest are viewing this topic.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: 4 days into the virus- really need some help!
« Reply #15 on: September 25, 2013, 08:11:47 PM »
Maybe your system is so infected that Windows cannot handle this anymore cause so many system files
have been modified.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #16 on: September 25, 2013, 08:15:30 PM »
ok combo made it a lot farther this time-
It ran though 50 steps and started deleting stuff-
Then it said that it had found something in a system file
then it tired to read from CD and went to bsod-
will run it again

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #17 on: September 25, 2013, 08:23:04 PM »
Steven-
Is there a way to tell if I'm really hosed? I hate to start all over again, especially knowing that I probably never killed whatever is living in my files-

Interestingly enough, the first crash was when I was running AVG- I switched to avast thinking that there is no way that  2 different packages could miss the same thing.

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #18 on: September 25, 2013, 08:25:25 PM »
btw, I haven't tried any system restore points- could it be worth going back and trying them or is it likely they are corrupted?

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: 4 days into the virus- really need some help!
« Reply #19 on: September 25, 2013, 08:28:15 PM »
Its a good idea to have restore points, i had to use them several times.

But maybe they got compromised. But you can try it out.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #20 on: September 25, 2013, 08:38:55 PM »
Hi there could you update on the current system problems also can you remember what Avast reported

I would like a different look at the system

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #21 on: September 25, 2013, 08:39:53 PM »
Even in safe mode, combo it crashed as soon as it reached-

system file is infected!! attempting to restore c:windows\syswow64\cftmon.exe

wondering about the idea of going back to a restore point- Have never done that before- Would it make sense to go back a few weeks/months and install combo again? On the other hand, I expect it has been in the back ground for years so it should be just as smart at the earlier stages?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #22 on: September 25, 2013, 08:41:22 PM »
OK select an early restore point and then run OTL.  Sometimes combofix will not work on a particular system

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #23 on: September 25, 2013, 08:42:18 PM »
thanks essesboy- will install otl now

first problem that avast reported is attached


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #24 on: September 25, 2013, 08:43:47 PM »
OK the rootkit that was detected was part of the Avast update files, so I would hazard a guess that it was updating when the anti rootkit scan was running

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #25 on: September 25, 2013, 08:56:39 PM »
So it's just a coincidence that the problem started soon after 9-15. Or maybe the the bad behavior when I downloaded malwarebytes that same day? It saw me coming?

OTL ran for 5 mins or so, but the bsod hit (I only have about 5 minutes each time I reboot)

I'll try to run it one more time as is, but after that, do you think I should try running it at restore points? I've never done that before, but the idea would be to go into windows, chose an earlier restore point, install OTL and run it?

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #26 on: September 25, 2013, 09:15:58 PM »
OTL didnt finish again-

It got to a specific file (I think it was the same as before) and seemed to hang for a few minute:

pattern search looking at file c\windows\winsxs\amd64_microsoft-windows-wow64.resources_31bf3856ad364e35_!

then I hear the DVD drive running (always proceeds a crash) and then OLT starts running again for about 30 seconds before bsod-

I'm assuimg there are no partial reports that we can recover when this happens?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #27 on: September 25, 2013, 09:22:42 PM »
No there is no partial. 

System restore and how to do it is here http://windows.microsoft.com/en-GB/windows7/products/features/system-restore 
Take it back to at least two days prior to the problems
Then download and run a fresh copy of OTL please

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #28 on: September 25, 2013, 09:26:51 PM »
ok, will do restore with otl-

also, I tried a quikc scan... same thing... otl froze at one point for a long time, then i heard the drive, then OTL ran but bsod followed soon after

much thanks!

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #29 on: September 25, 2013, 09:33:44 PM »
bad news-

all my system restore points seem to be erased because I usually do at least 1 or 2 a month and I did a ton of them a year ago when I first configured this computer- I assume the virus was smart enough to erase them?

The only ones showing up are from what the apps have done today- I checked the box for older points and didnt see anything, but I could be doing something wrong since I never have restored before-

So am I right in guessing that restore is no longer an option?