Malware?: Win7 crashes when Anti-Malware Run

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Leofitz, Jan 24, 2015.

  1. Leofitz

    Leofitz Private E-2

    My ASUS (i7 quad/4GB) has become increasingly 'unfriendly', running slowly, and with Windows Explorer usually crashing on first opening before running the second time. I've been regularly running RogueKiller and SuperAnti-Spyware with Avast as my Antivirus and with Microsoft Firewall.

    Yesterday when I tried to run RogueKiller, Windows crashed. I downloaded Malwarebytes and it aborted before completion.

    I then tried to Restore but Windows was unable to complete. I thought I should make a recent backup before proceeding further, so I tried with Macrium and then with Windows Backup. In both cases there was an error number. I then tried to Restore the System again but after the Restore was finished and rebooted, there was an error message. I tried System Restore to six different past save points but all failed.

    I Googled the error codes that appeared after Backup and Restore were aborted for possible fixes. I tried the MS Fix-It tool, and changed permissions on System folder to Owner( a proposed fix for Backup not running). These didn't help.

    I then did a manual backup of document files and and created a Windows Recovery disk. I ran "Wise Care 365" software, which was to scan, repair and optimize the registry, as well as clean out unnecessary files. This process ran and completed with some improvement in boot time. I downloaded Malwarebytes and ran it but it crashed Windows. After rebooting I continued to work on the computer but noticed that MalwareBytes kept popping up every 15 minutes. I Googled this problem and someone had posted on your forum that it was designed to do this to indicate there were still unresolved problems. So I arrived at your site.

    I've followed all directions on your site page where you walk through the best steps for malware cleanup and analysis. I made the adjustments and got as far as Step #3, with RogueKiller, Malwarebytes, TDSSKiller, HitmanPro, and MGTools.on my desktop. As first part of Step 3 I ran Rogue Killer it completed the Pre-scan, but about 25% into the Full scan, Windows crashed. The black screen flashed a message ''Windows had to shut down as there was possibility of damage...." Then reboot using a disk or..." After Windows came up, there was no RogueKiller Report to forward.

    Could you suggest a next step for me?
    Thanks very much, LK
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This may not be a malware issues, but in the meantime, try to run the other tools and get the logs from Hitman, TDDSKiller and C:\MGLogs.zip ( from running C:\MGTools.exe.). Also attach the log from MBAM.
     
  3. Leofitz

    Leofitz Private E-2

    I've attached the log files for TDDSSKiller and MGTools. HitmanPro and Malwarebytes unfortunately only ran briefly, then aborted and Windows crashed. I couldn't find logs for them.

    I'll appreciate your review and advice.
    Thanks, LK
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am only finding some garbage to remove, but first I want you to try booting into safe mode and see if you can run RogueKiller, MBAM and Hitman and get me some logs.
     
    Last edited: Jan 24, 2015
  5. Leofitz

    Leofitz Private E-2

    The computer is still crashing when I run RogueKiller, Malwarebytes, and Hitman. It's not possible to log into Safe Mode as the computer ignores the F8 on restart. I did run the Malwarebytes Chameleon in an effort to get some log data and have attached those files. Also the log files for RK and Hitman.

    I've tried multiple solutions including the options on the Repair disk, but still get crashing.

    It would be great if you find a bug that when erased solves the problem. But if not, I think my next option is just to re-install Windows.
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.


    Download OTM by Old Timer and save it to your Desktop.


    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.


    Code:
    :Processes
    explorer.exe
    
    :files
    C:\Windows\system32\tasks\{08473F84-EC85-4A4B-A53B-4F79B7A4BE86}
    C:\Windows\system32\tasks\{0E3BAB2D-9E56-4173-B8BA-59F3AC5A801E}
    C:\Windows\system32\tasks\{0ECD21EA-E850-48CD-83DD-BEAF9376F32F}
    C:\Windows\system32\tasks\{16B5399A-B620-4809-8245-4221D2756AB7}
    C:\Windows\system32\tasks\{1928EB58-DFBE-4886-AA57-8834561032CC}
    C:\Windows\system32\tasks\{33ADB1F7-9D69-435C-B5C5-DDB2BE948B98}
    C:\Windows\system32\tasks\{35E788E6-A905-4361-88CE-0AB730E0A49C}
    C:\Windows\system32\tasks\{38848E24-CAD9-4FAF-A08E-E28C42D7E70F}
    C:\Windows\system32\tasks\{3D4BFAF1-86F2-4D3C-8A73-E96BB6B1A2A6}
    C:\Windows\system32\tasks\{4099D910-8E85-40C4-A579-5C86F8579026}
    C:\Windows\system32\tasks\{4525C8D0-96A4-4397-80D7-CAC08E7E2053}
    C:\Windows\system32\tasks\{6E25F616-420E-4FB5-A168-906F9709CFAA}
    C:\Windows\system32\tasks\{89462FC2-B65F-419B-8EF6-A921AEA20057}
    C:\Windows\system32\tasks\{A0D635A9-931A-491B-B8A5-FB5C78EE23DA}
    C:\Windows\system32\tasks\{A605FECB-1CB2-4A80-A6F4-83BBF7611A06}
    C:\Windows\system32\tasks\{ABE9CE65-25D7-4EE4-AD11-5958F02B654A}
    C:\Windows\system32\tasks\{AF0C6A1E-8677-4E5A-BEFE-7691D355D542}
    C:\Windows\system32\tasks\{BD257B14-F359-466B-87B0-EF525E33C313}
    C:\Windows\system32\tasks\{D054689E-EA31-4D39-B7A6-DB2729D7144C}
    C:\Windows\system32\tasks\{D273CDFD-4F3D-4762-8FC3-3A018614B197}
    C:\Windows\system32\tasks\{E53ED7A4-301B-400A-BBE1-9F6ED5528867}
    C:\Windows\system32\tasks\{F13AB759-C912-4242-BC6E-AE7DE17E217D}
    C:\Windows\system32\tasks\{F2869D1A-5481-43AE-83EE-89B34446A680}
    C:\Users\Lon Kaufmann\AppData\Local\Temp\*.*
    
    :Commands
    [purity]
    [ResetHosts]
    [emptytemp]
    [start explorer]
    [Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    No malware was found in either RogueKiller or Hitman. I am going to suggest you post in the software forum when we are done.
     
  7. Leofitz

    Leofitz Private E-2

    Below is the results from running OTM left on the desktop.

    Attached is the log file in Moved files folder.

    Thanks for your help!
     

    Attached Files:

    Last edited by a moderator: Jan 28, 2015
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are still crashing, I suggest you post in the software forum for further assistance. And to try to find out why you can't access safe mode.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds