startup problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by alyssa, May 17, 2014.

  1. alyssa

    alyssa Private E-2

    Almost every time I startup the laptop the system freezes. I get to the desktop but nothing works - no icons, no "START" applications, etc. When I double click on the icon or the start application, the system locks up. Ctrl-alt-del does nothing. A hard start with the power button is required.
    At this point I always have to start up in safe mode and go to a restore point back in March 2014 to get the system up and running. System then works fine until the next shutdown/startup which results in a repeat of the problem.
    I ran the read-and-run-me first. I had two problems. The TDSSKiller and the Malwarebytes links repeatedly resulted in "unable to find web page" messages. I had malwarebytes on the system already so I launched it and updated it (265 days out of date). Ran fine and found lots of bad looking stuff but there was no "quarantine" button in the bottom left corner - thus the "no action taken" in the log file.
    The log files are attached.
    Thank you in advance for your assistance.
     

    Attached Files:

    alyssa, May 17, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and have it remove all that it found. Then rerun RogueKiller and have it fix these items:

    Code:
    ¤¤¤ Registry Entries : 2 ¤¤¤
[HID RUN][Hidden from API] HKCU\[...]\Run : MSMSGS ("C:\Documents and Settings\User\Application Data\Microsoft\Oldcyhii\oldcyhii.exe" /c "C:\Program Files\Messenger\msmsgs.exe" /background) -> FOUND
[HID RUN][Hidden from API] HKCU\[...]\Run : dpwyxdp ("C:\Documents and Settings\User\Application Data\Microsoft\Oldcyhii\oldcyhii.exe") -> FOUND
    And also these:
    Code:
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] mxsoldcyhiiupd.job : C:\WINDOWS\system32\cscript.exe - //E:javascript C:\WINDOWS\TEMP\oldcyhii.mkt [7][-] -> FOUND
    Use windows explore to see if this still exists ( delete it if it does ):
    C:\Documents and Settings\User\Application Data\Microsoft\Oldcyhii\

    Reboot and tell me how things are running.

    Your system restore point is infected, so I don't want you to use that.
     
    TimW, May 17, 2014
    #2
  3. alyssa

    alyssa Private E-2

    I think that I accomplished all that you prescribed and the system seems to be working correctly now.
     
    alyssa, May 30, 2014
    #3
  4. alyssa

    alyssa Private E-2

    I did follow the path to the oldcyhii folder. It was still there. I deleted the entire folder.
     
    alyssa, May 30, 2014
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, May 30, 2014
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds