desperately seeking help! malware removal guide not happening!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by oompa_l, May 16, 2007.

  1. oompa_l

    oompa_l Private E-2

    Hi

    I have been experiencing many problems with my computer. It started with the machine randomly shutting off, then with many of window's services being shut off (installer service, system restore functions, etc.). I can't install the software mentioned in the malware removal guide. I am also finding that windows updates, and online virus scanners are all somehow being blocked by the virus. I am not sure what to do at this point. I was using avast as a virus scanner, and I had spybot going. I have run cccleaner and spybot and safemode but I could not get counterspy installed and running.

    Please help!...Im not sure what to do at this point.

    thanks in advance
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    Please download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
      [*]It will create a folder named HostsXpert in whatever folder you extract it to.
      [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
      [*]Click the X to exit the program
    Now run this ChodeFix - How download and run


    Now please follow as much of our standard cleaning procedures (given below) as possible. These are necessary for us to provide you support. Try all steps, and note anything you cannot do and explain why when you come back but you must continue on thru ALL steps.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - only for Windows XP, 2K, & NT users
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
  3. oompa_l

    oompa_l Private E-2

    Thanks for the help.

    I downloaded and ran first the HostXperts files and then the chodefix file and now I can't even get into windows. I have tried to enter normally and through safe mode. My computer restarted on its own after the chodefix bit. It couldnt find many of the files. It asked to press any key to continue and now I'm hear. Please, let me know how to proceed.

    thanks
     
  4. oompa_l

    oompa_l Private E-2

    I was just able to get in to a safe mode with some sort of mention of services. But since it was safe mode I couldnt install or run software like counterspy.

    I then reinstalled and I was able to get in normally and some more of the task bar items have come back but not fully. I tried to run ccleaner and got a 'run-time error "0" ' message. now I can't install the software because the "windows installer is not correctly installed".
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Neither of those programs should cause a problem like this! You must have had some nasty malware hiding on your PC and possibly what ChodeFix did was remove some of it and with the malware missing, it may have cause other issues to show up. I'm not sure exactly what happen, but running ChodeFix will not cause problems like that. I have run it on many systems including totally clean PCs and no problems ever occur.

    Let's get a few logs from a couple of tools that do not require an install but a couple will need to be extracted from their ZIP files.

    Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended.


    Then follow this procedure Downloading, Installing, and Running HijackThis and then attach a log from HijackThis.
     
  6. oompa_l

    oompa_l Private E-2

    I have attached the three files you have requested. I feel I should give you a bit of background info . A week ago I had the same problem but I thought it was MY DOING because I was trying to optimise my system and limit the use of wasteful windows background services. I thought I had mistakenly stopped something important like "Remote Procedure Call" which apparently many other os features depend on. I couldnt figure a way around these impairments - my network connections were gone and I couldnt create new ones, I couldnt system restore, nor could I install software - so I re-installed windows. I slugged my way through all my software installation only to end up back atr the same place.

    one more minor note, I can't seem to even copy and paste within windows explorer....

    thanks again for all your guidance.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After the reinstall, did you start tweaking your system again?
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Were you working on another forum to fix your PC? Or were you fixing things on your own? I see signs of things like ComboFix and maybe other tools being run and I did not ask you to run them.
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You don't really show any malware problems! I do question why the below files are on your PC.
    Code:
    "C:\WINDOWS\system32\"
    haspvdd.dll    2007-05-15        6656  "haspvdd.dll"
    haspdos.sys    2007-05-15         383  "haspdos.sys"
     
    These appear to be related Hasp Driver for Radar 8 on Virtual PC which is for when Windows is run in emulation mode on a MAC. See: http://www.radar24-shop.de/assets/own/id10/Archibel%20Download%20Search%20Results.htm

    Why are they on your PC? Or is this MAC?

    Let's fix a few registry keys (a few of these where changed when ChodeFix as run just to protect you from a possibly infection).

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
     
  10. oompa_l

    oompa_l Private E-2

    no i did not tweak my system, though I did have tuneup utilities going which may have adjusted something.

    about those other "fixes"...last night I was feeling quite desparate and frustrated at finding myself in the same situation I had dragged myself out of. Without being able to comply with your very basic but structured instructions - like I said I couldnt get any of them going - I resorted to trying anything I could find.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That is not always a good thing to do! You should only run tools when advised and as instructed. Many of the tools we use can be very powerful and due to this, using them incorrectly or when not necessary can cause significant problems (many of which could result in a format/reinstall being required).

    What about those two files I questioned?

    And did you add the fixME.reg patch to your registry?

    What are your specific current problems?
     
  12. oompa_l

    oompa_l Private E-2

    i highly doubt that there are no "malware" on my computer. It is not possible that access to online virus scanners and windows updates are blocked just by coincidence....

    one more thing a virus was found by avast called w32:rbot-gen ....something like that....but it was deleted
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on the logs you have given me, there is no malware. If you could run some other scans perhaps we may see something. Are you still blocked from accessing antivirus sites or do you just mean that the scans do not work. As far as Window Update is concerned, there are probably several dozen non-malware reasons that cause problems updating Windows.

    Hence not a problem anymore. Also none of the symptoms related to this showed in your logs.
     
  14. oompa_l

    oompa_l Private E-2

    i have added fixME.reg and the only difference I noticed is that my taskbar and start button are gone...so it's worse.

    The current problems are that I:
    1-can't install any virus removal software, or any other software for that matter. I tried to run an online av scanner through firefox but I needed to install some java and I couldnt do that.

    2-any time I go to do an online virus can in iexplorer the proceed, or go button is either greyed out or when I go to click it nothing happens. very strange

    3-I can't configure my network connection. I have this intel pro wireless software which says I now dont have a wireless adapter available

    4-the system generally feels unstable - all sorts of things arent working - copy & paste, etc.
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Again that registry patch has nothing to do with your Taskbar or Start button. It just rmoved a few registry keys. Five of those keys were just null keys (things that did nothing) but needed to be removed.


    That sounds more like a problem with Windows Installer. What exactly happen when you try to install anything.

    Could just be browser settings or activex settings. Put them back to defaults.

    Not malware! Hardware related. You may need to delete the hardware and drivers, and then power down, and then reinstall but since you cannot install software this is really not an option right now.

    It really sound like you need to reinstall your OS. You seem to have significant problems that are not really malware related. And your symptoms seem to be constantly changing which indicates deep rooted problems in your OS.
     
  16. oompa_l

    oompa_l Private E-2

    when I try to install something it goes through the standard motions but then towards the end of the install it says something about being in safe mode or the windows installer service not installed properly. I am not in safe mode at that point and I try to start the installer service. There are many problems with msconfig including the extended panel not being displayed properly not being able to see the properties of each service etc. Also, sometimes the computer crashes and restarts when I open the run box and begin typing in msconfig. I believe many of the problematic services are actually caused by some problem with RPC (remote procedure call) though I dont know much about it. when I try to start up RPC I get some error message 0x91.....or something like that.

    I will try to reinstall again if you dont have any other ideas....

    i dont know what Im going to do if I end up in the same place again
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you had stop the Remote Procedure Call (RPC) service it can cause ALL kinds of problems and it can sometimes be quite difficult to get it working again.

    First give this a try: http://www.blackviper.com/AskBV/2k4.htm

    Also see this http://support.microsoft.com/default.aspx?scid=kb;en-us;241584 just incase you get this error message.

    Also see this which will sometimes be the fix: http://support.microsoft.com/default.aspx?scid=kb;en-us;838428

    Did any of that work? If not you may have to do the reinstall.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds