Antivirus Vanished, Unable to install

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by fritz614, Aug 29, 2007.

  1. fritz614

    fritz614 Private E-2

    I saw a similar post like the problems I am having but did not want to use his "repairs" in case mine is a little different.

    Antivirus vanished! Can't install ANY new one! (Nor spybot or anything else to protect the computer)

    Please help me!

    Symptoms:

    1- AVG antivirus stopped. The shortcut in desktop points to nowhere. The exe file simply vanished!

    2- Windows defender stopped. The exe file disappeared!


    What I tried:

    1- Tried to reinstall those programs - Failed!

    2 - Tried to install the last version of those programs - Failed!
    "Local machine: installation failed
    Installation:
    Error: Action failed for file avgamsvr.exe: creating file....
    No such file or directory"

    3- Tried to install Norton antivirus - Failed!
    "Extraction failed - Can not open the output file"

    4 - Tried to install Spybot - The process seemed to work fine, but as soon the program is installed, the program exe file immediately vanishes!

    5 - Tried to install those programs in safe mode.

    a) Tried F8 method - Failed!
    It simply stops and starts booting again, but in normal mode.

    b) Msconfig method: apparently works. But it doesn’t let me install any of the programs above, anyway!

    6 - Tried to use windows restore feature - Doesn't work! No matter the restoration point I choose it says it made no changes, and doesn't

    7 - Tried the entire process of your Malware Removal Guide. - No success!
    - Couldn't run Spybot, because it doesn't install
    - Couldn't run CounterSpy. It says: "The service controller returned No Service. You may be running a schedule update", what of course, wasn't true.
    - AVG Antispyware don't install (couldn't open guard.exe)


    Let me know what you want me to attach. I have seen the srosa hidden on my computer, can delete for a short time but reproduces.
     
  2. fritz614

    fritz614 Private E-2

    Apologize, here are my logs
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please rename HijackThis as requested in the READ & RUN ME step 7. This is critical as mentioned.

    Then see if you can run the below.

    Now please download F-Secure's BlacklightBeta
    • Download fsbl.exe and save it to the Desktop.
    • Once saved... double click fsbl.exe to install the program.
    • Click accept agreement and Click scan
    • This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please attach the BlackLight log.
     
  4. fritz614

    fritz614 Private E-2

    Sorry about the misnaming, I have been so frazzled with this, I have been missing some important things. I will be more pt from now on. I know you guys have those post for a reason and I ignored it. Here is the hijack log with the rename. I ran Blacklight and it came back with nothing found. I had run Blacklight earlier, before making this post, and it had found some hidden files and I renamed and deleted those. I do not have a log of that to post. I am sorry if this messed things up. Believe me, I am trying hard to work with you!! :major
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I still don't see any malware reasons for your problems!

    Let's address a few things and see what happens.

    Uninstall the below software:
    J2SE Runtime Environment 5.0 Update 2
    Viewpoint Media Player

    Run this Disable/Remove Windows Messenger to remove Windows Messenger.


    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O9 - Extra button: (no name) - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - (no file)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\drivers\srosa.sys.ren

    Now run Ccleaner.

    Now reboot in normal mode

    Now attach the below new logs and tell me how the above steps went.

    1. ShowNew
    2. HJT


    Make sure you tell me how things are working now!

    Try downloading Spybot from the link in the READ ME.
    • Does it download?
    • If not, tell me exactly what happens.
    Try installing from the Spybot file just downloaded.
    • Does it install?
    • If not, tell me exactly what happens.
     
  6. fritz614

    fritz614 Private E-2

    OK, update. I rebooted my computer and things seem to be going smooth now. I dont know how or why..... I was prompted to unblock usual software thru the Windows firewall, I was now able to install AND RUN my Spybot and Antivir. Spybot found C-Dilla and I deleted that. I was then prompted for Windows updates and applied those.

    If you see anything in my hijack file, please advise. Again, Thankyou for your help thusfar.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Cdilla is protection software used by games someone is using. Many scanners detect it as malware due to what it is.

    I think you missed my last message.
     
  8. fritz614

    fritz614 Private E-2

    OK, I uninstalled the J2SE Java and uninstalled the Viewpoint Media Player. I then remove the line 09 - Extra Button from the HiJack file. I then rebooted and try to go into Safe Mode and I am still UNABLE to get into Safe Mode. It begins to load the drivers and then flashes to a black screen and then takes me back to the beginning Toshiba screen, as if I had just turned the computer on then takes me to the screen asking if I wasnt to go into Safe Mode, Last Known Good COnfig, Normal Restart, etc......

    So, I am not able to delete the "srosa" file. :(
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Can you delete it in normal boot mode. I would bet you can.
     
  10. fritz614

    fritz614 Private E-2

    Yes, I was able to delete it in normal mode but still unable to boot into safe mode.

    I will attach some new files:
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is more than like not a malware issue. Something within the OS is probably to blame like missing or corrupted files (and sfc /scannow run from a command prompt or the Start, Run box) may help. It could ask for your Windows CD. Also you could have a registry problem that is causing this problem. You would be better served trying to address this issue in the Software Forum.


    Your log is clean. If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Blacklight during your cleanup, you can delete any files related to it.
    2. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    3. After doing the above, you should work thru the below link:
     
  12. fritz614

    fritz614 Private E-2

    OK, I will follow the rest of your suggestions and search for my fix on the booting issue in the Software forum. I thank you for all your great help!!


    THANKYOU!!!!!!!
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds