Multiple problems related to Antivirus XP 2008

Discussion in 'Malware Help (A Specialist Will Reply)' started by eerie_eric, Aug 22, 2008.

  1. eerie_eric

    eerie_eric Private E-2

    Hello,

    About three weeks ago while I was surfing, Symantec AntiVirus produced a pop-up saying that a virus had been detected. Then I started getting all those annoying pop-ups to purchase AntiVirus XP 2008. I followed instructions on other sites but nothing cleared the problem. Most of the pop-ups were gone but I was left with the following problems:

    1. Task Manager has been "disabled by the administrator"
    2. Can't boot into Safe Mode
    3. Symantec AntiVirus fails to update. Nothing I can do will remove the program either--Add/Remove Programs produces an error.
    4. Whenever I boot into Windows it says that I'm missing "wpx120.cpx" and also "unable to find a version of the runtime to run this application" (referencing lxdkamon.exe).
    5. AntiVirus XP 2008 is in my Start menu

    We paid for a computer doctor to look at the computer. He installed and ran Malwarebytes Anti-Malware which found a bunch of infections (I've got three logs from that day, which I attached to this post). He tried installing and running CCleaner but that failed. I think he also tried an anti-spyware program that also failed. Since the problems continued, he said I should back everything up and wipe the system clean, which I have not done...yet.

    I found your site and began following the instructions from another thread. I ran HostsXpert.exe, though I didn't really know what I was doing with it. Then I started going through your Malware Removal Guide:

    1. I've been unable to uninstall or delete malware programs.
    2. I set msconfig for normal startup.
    3. I can't remove the quarantine stuff from Symantec Antivirus because that program gives me problems anytime I go near it.
    4. I installed CCleaner and it begins to run, but after a few minutes it fails.
    5. I made hidden files visible.

    Then I went to Windows XP Cleaning Procedure, which I will continue with in the following post...
     

    Attached Files:

  2. eerie_eric

    eerie_eric Private E-2

    ...continued...

    1. I ran SUPERAntiSpyware, and have attached my log.
    2. I installed Spybot Search & Destroy. But when I ran the executable, the curser just flashed across the black DOS screen forever. When I cancelled out and tried to run it from the Start menu the computer restarted. (I've attached the error that occurred after trying to load Spybot.)
    3. I updated Malwarebytes and ran that again (log attached).
    4. I installed and ran the Combofix. My log is attached with the next post, but I kept getting a pop-up saying, "Registry editing has been disabled by your administrator."
    5. I ran MGTools but wasn't sure if that worked either. (I'll attach the zip with the next post.)

    And that's where I'm at. Still having all of the same problems. Thanks and I'll look forward to hearing from you.
     

    Attached Files:

  3. eerie_eric

    eerie_eric Private E-2

    Here are the final two logs.
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    It appears that the HijackThis program that is embedded into MGtools did not work properly. What happens if you goto the C:\MGtools folder and double click on the analyse.exe program which is just HijackThis renamed to stop malware from blocking it from running.

    It looks like you may have some file system and or registry corruption that may not be so easy to fix. Things like your Uninstall Program list and more are missing from the registry. It may be true that you will need to reinstall to properly recover. We can finish removing any remaining malware but this will not repair a damage Windows Operating System.

    Do you have your Windows XP CD? The next step may or may not ask you to put it into the CD drive.

    Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

    Is the below something you installed? What is it?
    "MoveMinutesQuickCheck"="\"c:\\program files\\moveminute\\05091201\\movemedia.exe\" /boot"


    Let's see how much of the below you can run.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  5. eerie_eric

    eerie_eric Private E-2

    Thanks for getting back to me. Here is the update.

    -I ran the HijackThis program as you suggested and have attached the log.

    -I ran the System File Checker, it asked for my Windows CD, and everything seemed to go fine.

    -I also don't know what the "MoveMinutesQuickCheck" program is.

    -Windows Messenger seemed to be removed properly.

    -I got one new pop-up that FRun.exe was not working properly.

    -I ran ComboFix and got multiple messages that "registry editing has been disabled by your administrator." I've attached that txt file.

    -I saved fixme.reg to my desktop and set it to "all files." But when I double-click I get the message that "registry editing has been disabled by your administrator." No success message.

    -CCleaner still won't run. I tried uninstalling and reinstalling it. It automatically closes after I activate it from the desktop or Start menu.

    -I ran the GetLogs.bat file and got a ton of the "registry editing has been disabled" messages.

    -Finally, I've run Malwarebytes a few times now, and it always detects and removes the same bad file, but then it is back on my machine when I reboot. I tried turning off System Restore after running Malwarebytes the last time but it was back again after rebooting. I'll include a text file.

    Thanks again for your time!
     

    Attached Files:

  6. eerie_eric

    eerie_eric Private E-2

    Note: I tried attaching MGlogs.zip to this post after running GetLogs.bat but it says that this file is already attached in this thread. This file doesn't seem to have changed since I ran GetLogs.bat tonight.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to run GetLogs.bat and make sure you allow it to finish running and then attach the new MGlogs.zip file. Infact, delete the current MGlogs.zip file you have so there can be no mistake that it is new. Just ignore the errors about the registry editing be disabled and allow it to finish. You may have to keep clicking OK. The problems are related to what the malware has done to you.

    Look for it in Add/Remove programs and uninstall it if found. Then run analyse.exe and fix the lines for it if still found.


    When?
     
  8. eerie_eric

    eerie_eric Private E-2

    -I've attached the new MGlogs.zip. I had to x-out a couple dozen times when the no registry editing pop-up appeared.

    -I didn't see MoveMinutesQuickCheck in Add/Remove programs. I found it in two lines after running analyse.exe. The first line appeared to be fixed/removed. The next line was not removed due to the registry editing thing. (That line began: "016 - DPF: {9294....}" )

    -I've seen the warning about Frun.exe three or four times now, and it doesn't seem to be in regard to the same thing. It seems random. I got it once when I went to empty the recycle bin of the MovieMinute files and the first MGlogs.zip. I think it also happened once when I tried to print, but I'm not sure.

    Thanks!
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach anything.
     
  10. eerie_eric

    eerie_eric Private E-2

    Sorry about that. Here's the MGlogs.zip file.
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay let's try something a little differently.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop ( yes overwrite the previous file with this one). Be sure the "Save as" type is set to "all files". DO NOT try to double click on it. Just save the file now and see the next instructions futher down.
    • Please go to this link:http://live.sysinternals.com/
    • find the psexec.exe file listed in the list and click on it and download and save it to your Desktop. Doing this properly is critical for other steps below.
    • Now click Start, Run, and enter cmd and click OK. This will open a command prompt window with a prompt that shows the current folder you are in.
    • For you the prompt should show C:\Documents and Settings\Family>
    • Now type cd Desktop and hit the enter key. There is a space after the cd. If you do this properly, your prompt will change to C:\Documents and Settings\Family\Desktop>
    • Type the below bold text and hit the enter key. This will open the Window Registry Editor. You will have to agree to the SysInternals License Agreement first that pops up.
      • psexec -s -i regedit
    • In the Registry Editor click File, Import and then navigate to the fixme.reg file on your Desktop and double click on it to import it into your registry. If it works properly you should get a success message.
    • If you get a success message continue on with the below, otherwise stop and explain to me any problems you had.
    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines (some may not exist anymore) but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKCU\..\Run: [MoveMinutesQuickCheck] "c:\program files\moveminute\05091201\movemedia.exe" /boot
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Family\Local Settings\temp

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  12. eerie_eric

    eerie_eric Private E-2

    Hello again,
    I got to the point where I tried to import fixme.reg to the Registry Editor and I received this message:

    "C:\Documents and Settings\LocalService\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location."

    Thanks for the time you've been taking.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are supposed to be logging into the user account named Family and using this Desktop: C:\Documents and Settings\Family

    LocalService is not an account you are to be using. It is for the system.

    Are you saying the when you open a command prompt that you got

    C:\Documents and Settings\LocalService>

    instead of

    C:\Documents and Settings\Family>
     
  14. eerie_eric

    eerie_eric Private E-2

    As to your question, when I open a command prompt I get:

    C:\Documents and Settings\Family>

    Since the Registry Editor kept trying to look under LocalService for fixme.reg, I tried manually typing in C:\Documents and Settings\Family\Desktop\fixme.reg and this worked. I got a success message. (Though, I'm not sure this is what you would have had me do.) I don't remember what I was doing, but there was another point this morning when I noticed the machine looking under LocalService for a different file.

    So I continued on with your instructions in the post from 8/26. I ran analyse.exe. I found two of the three lines (did not see the the MoveMinutesQuickCheck line in there). The other two lines appeared to be successfully fixed.

    I then ran Avenger and got a pop-up saying the first step of Avenger had been completed and that the system was rebooting. Simultaneously, I got the old pop-up saying "registry editing has been disabled by the administrator." It rebooted, though it automatically started over once just before hitting the Windows screen.

    Ccleaner still closes out every time I try to open it.

    I ran GetLogs.bat. This time, I began getting this pop-up (numerous times):

    "C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed DII initialization. Choose ‘Close’ to terminate the application."

    Symantec has been giving me problems ever since the malware hopped on. I tried uninstalling then deleting all its files about a week ago. I still get this annoying pop-up whenever I try to Explore or pull down the File menu: "Please wait while Windows tries to configure Symantec Antivirus." Also, the zip file did not update. So I deleted it and ran it again but didn't get a new zip file--just the separate txt files. I'll attach those to this and the next post.

    Another thing, I've noticed in Explorer that hidden folders and files have returned to being hidden. Maybe this happens normally every time I reboot--don't know.

    And, of course, thank you. (P.S. Do you think we're getting anywhere?)
     

    Attached Files:

  15. eerie_eric

    eerie_eric Private E-2

    Other txt files
     

    Attached Files:

  16. eerie_eric

    eerie_eric Private E-2

    More files
     

    Attached Files:

  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well we started to get somewhere when the registry fix worked after using the psexec method. However after reboot you have new versions of the malware and file names have changed too. It appears that this malware is changing file names after each power down and or reboot. Therefore it is critical that from now on you DO NOT reboot or power down your PC after attaching any logs because the fix we would make would be incorrect as soon as you do.

    All that being said, you need to see this Using MGtools which eplains the below error you were getting:

    An installable Virtual Device Driver failed DII initialization

    However since you cannot do registry editing, you will have a problem. You could try using psexec regedit which may allow you to make the fixes.

    It is really starting to look like your fastest solution may be to reinstall. This malware as really put a load of road blocks in the way of getting things fixed. However if you want to keep trying to fix it, continue on with the below.

    First install the current version of SUPERAntiSpyware and use it to scan and get a new log to attach.


    Then download and run the current version of MGtools.exe and attach the new C:\MGlogs.zip file if created properly. Otherwise attach the individual logs as you have been doing.

    DO NOT REBOOT or shutdown your PC after attaching these logs.
     
  18. eerie_eric

    eerie_eric Private E-2

    Here are the latest logs.

    Where can I get instructions about doing a reinstall on my machine?

    Thanks
     

    Attached Files:

  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please run HijackThis (Note: if using Vista, use right click and select Run As Administrator). and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

    C:\DOCUME~1\Family\LOCALS~1\Temp\winwddakh.exe

    After killing all the above processes, click Back.
    Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Family/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    After clicking Fix, exit HJT.

    Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Family\Local Settings\Temp

    Did you attempt to fix that installable Virtual Device Driver failed DII initialization error message?

    Now run SUPERAntiSpyware again and attach a new log.
     
  20. eerie_eric

    eerie_eric Private E-2

    I followed the instructions for the Virtual Device Driver (using psexec regedit) and that seemed to work. (I won't know until I run GetLogs.bat again.)

    I used HijackThis which seemed to run fine until I got the "registry editing disabled by administrator" pop-up when I tried to fix those lines. It closed fine and I didn't notice any other problems with it. Actually, the "024 - Desktop Component 0 line" was somewhat different at the end. It was all the same except for the "p_image001.jpg" part, which wasn't there. It was something a little different but I didn't right it down. I went ahead and tried to fix that line as well.

    I deleted those temp files.

    Attached is my newest SAS log.
     

    Attached Files:

  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay now run Malwarebytes and then run GetLogs.bat

    Now attach the new logs from Malwarebytes and the new MGlogs.zip file.
     
  22. eerie_eric

    eerie_eric Private E-2

    Here are the new logs. While running GetLogs.bat, I didn't get the Virtual Device Driver pop-up and only got one "registry editing disabled by administrator" pop-up--usually get about twenty of each.

    Also, beginning yesterday I've had a continual pop-up reading: "Windows - No Disk. Exception Processing Message c0000013 Parameters 75......." I x-out but it always comes back within a few seconds. I can continue working while it's there.

    Note: I still haven't restarted my computer.

    Thanks
     

    Attached Files:

  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are more infected processes running. Have you done any reboots since I asked you not to?

    See if you can kill the below two processes with HijackThis like previously done.
    C:\DOCUME~1\Family\LOCALS~1\Temp\gmejl.exe
    C:\DOCUME~1\Family\LOCALS~1\Temp\winwoli.exe


    Then delete all files in below folder. Let me know if you cannot delete any files. A couple of tmp files may be in use by Windows but all of these EXE files need to go.

    C:\Documents and Settings\Family\Local Settings\temp
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  25. eerie_eric

    eerie_eric Private E-2

    No, I haven't restarted the computer.

    HijackThis killed those two processes.

    I deleted as much as I could in that temp folder. It had no .exe files. I could not delete these two:

    Perflib_Perfdata_39c.dat
    JET70DA.tmp

    There were a bunch of those tmp files that went like "CC1240.tmp." I deleted as much as I could, but it always created a few more when I went to delete them, leaving me with four in that folder.

    GMER ran normally. I've attached the log.
     

    Attached Files:

  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please run C:\MGtools\analyse.exe ( This is really HijackThis ) by double clicking on it and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes. If these exact names do not appear, look for any others that are running from this Temp folder and kill them. If you do not find any, just continue.

    C:\DOCUME~1\Family\LOCALS~1\Temp\gmejl.exe
    C:\DOCUME~1\Family\LOCALS~1\Temp\winwoli.exe

    After killing all the above processes, click Back.
    Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    After clicking Fix, exit HJT.

    Now use the psexec -s -i regedit procedure from message # 11 the import the fixME.reg patch into your registry again.

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Family\Local Settings\Temp

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  27. eerie_eric

    eerie_eric Private E-2

    Yesterday I used HijackThis to kill those two processes and then was going to the next instruction when the computer suddenly shut down. Each time I tried to boot it over the next few hours it just hung--and I still couldn't go into safe mode. For some reason it booted up later in the day, but I'm ready now to just wipe the thing clean. Do you know where I can get good instructions on how to do that? Do I need to be concerned about infections tagging along with personal files and things that I am backing up?

    I GREATLY appreciate your time and effort and will be sure to recommend Major Geeks to friends and family. And of course I'll be back to see what you guys recommend for protecting my computer from future problems.

    THANK YOU!
     
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry to hear of your lastest problems.

    This is probably the best & most trustworthy option now anyway.

    The below may be useful:

    http://rcc.bgsu.edu/info/Windows_XP_Installation

    You can also get help in the Software Forum if you need any.
    You always stand the risk for backing up infected files especially if any of them are executable type files; however if you are mostly backing up your own personal data, the risk is lower. There are just no guarantees. A full rescan after you reinstall would be a good idea.


    You're welcome. Make sure you work thru the below after the reinstall.

    How to Protect yourself from malware!
     
  29. eerie_eric

    eerie_eric Private E-2

    Hello again,

    I reinstalled Windows and everything seemed to be running fine. I scanned my computer with Malwarebytes and SuperAntiSpyware and things looked clean. I also scanned all the files I had put on my external drive, and those were clean too. But when I put those files back on my computer, the same malware returned. Task manager won't work, for example. Another antivirus program I tried to download (one from your list) would not open. When I run Malwarebytes and SAS, it shows that I am infected with the same three or four things I was before. I've looked through the files that were on the external drive (documents, photos, videos, favorites, and maybe one or two executables--neither suspicious).

    Any suggestions? If there is a way to isolate and kill the malware on my external drive, my preference would be to reinstall and put the stuff that is safe back on.

    Thanks
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Exactly which files did you copy back when the problem return. It sounds like youhave something that is carrying the infection and that it goes undetected. Did the problem come back after just copying files back or did it occur after installing something??? There is a big difference.
     
  31. eerie_eric

    eerie_eric Private E-2

    It seemed like the malware reappeared after I copied my files from the external drive to the computer. Those files included documents, videos, photos, music, and favorites (Internet shortcuts). I didn't install anything from among these files.

    However, I first suspected malware a few minutes later when I downloaded and installed Avast! or Comodo (don't remember which) using a link from MajorGeeks. As soon as I opened the program, it immediately closed out. I ran SAS and Malwarebytes and found the same malware as before.

    Since reinstalling Windows, I have installed these programs on my machine: Firefox, Flash Player, Adobe Reader, CCleaner, two programs for my printer, Windows Media Player, Malwarebytes, and SuperAntispyware.
     
  32. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay but did you play any of them. These files (at least some) can be considered executables and could potentially cause an infection.

    This is a potential problem especially if a hacker type site has logged your IP address. Your PC needs to have protection in place before you connect to the internet. You should have had copies of your antivirus, antispyware, and firewall programs on CD and reinstalled them before physically plugging in your cable to the internet. This protection should all be in place even before you
    • attempt to get any updates for Windows or any other programs
    • copy anything back from your external drive.
    You may need to start over. :(
     
  33. eerie_eric

    eerie_eric Private E-2

    Of the files that I copied over, I opened/played a few Word documents, music files, jpegs, and video files. Most or all of them I had used before discovering the malware last month. Is there anyway to now detect which of these may be infected?

    Of the freeware protection programs listed on the "How to protect yourself from malware" sticky, which is most recommended?
     
  34. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If may be necessary to start over from a new reinstall and go more slowly to see if you can identify where the problems are coming from. It still is possible that your backups are not infected and that you are just getting reinfected from the internet due to connecting before proper protection is in place.

    Your antivirus scanner or online scanners may or may not detect the problems. It may be a slow process to scan all files in question.

    For antivirus, Avast, Avira, and AVG get about equal recommendations. Some people are starting to dislike the bloat of the new AVG8. For antispyware, the paid version of SUPERAntiSpyware is a favorite.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds