Strange Behavior

Discussion in 'Malware Help (A Specialist Will Reply)' started by Normando, Mar 28, 2013.

  1. Normando

    Normando Private E-2

    Ok I'll try to be as clear as possible. First it appears that the desktop icons are not responding when you double clicks them. If I go to Windows Explore and seek out the actually .exe file I can usually launch the program. Before coming here, I decided to run MalwareBytes and it found two items. One was a Trojan that it appeared to clean and other was a Pup Crossfire SA. Per some website, one item I need to remove from Add and Remove programs was a file called CWA Reminder by We-Care.com v4.0.19.3. In the process of removing I received an error message, “Windows Installer service could not be access ….” This is how I ended up here. I ran through the read Me First checklist and attached what files I could. The PC currently doesn’t hook up to the internet.

    I'm really not sure if this is a Malware issue, Trojan issue, computer issue or a combination of all these items.

    The version of Malwarebytes I download off your site was newer them the version I had. After installing the downloaded version it error out on me. Now when I run Malawarebytes I get the following error, “Run Time error 372”.

    Therefore I couldn't upload the Malwarebytes log because I was unable to create one. I'm also missing the Tdsskiller log as that scan found nothing to report and I could find a blank report to attach.

    Any help is appreciated.
     

    Attached Files:

    Normando, Mar 28, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [TASK][SUSP PATH] Norton PC Checkup Setup.job : C:\Documents and Settings\Norm\Local Settings\temp\PCCUStubInstaller\SymcPCCUInstaller.exe /env=prod /attempts=100 /partnerid=_PC_DRIVERS_HQ /task [7] -> FOUND
      [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (actsvr.comcastonline.com:8100) -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Files/folders tab and locate these detections:


    • [ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{7068e434-396d-be9c-a5da-e0fd949328c1}\@ [-] --> FOUND
      [ZeroAccess][FILE] @ : C:\Documents and Settings\Norm\Local Settings\Application Data\{7068e434-396d-be9c-a5da-e0fd949328c1}\@ [-] --> FOUND
      [ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{7068e434-396d-be9c-a5da-e0fd949328c1}\U --> FOUND
      [ZeroAccess][FOLDER] U : C:\Documents and Settings\Norm\Local Settings\Application Data\{7068e434-396d-be9c-a5da-e0fd949328c1}\U --> FOUND
      [ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{7068e434-396d-be9c-a5da-e0fd949328c1}\L --> FOUND
      [ZeroAccess][FOLDER] L : C:\Documents and Settings\Norm\Local Settings\Application Data\{7068e434-396d-be9c-a5da-e0fd949328c1}\L --> FOUND
      [ZeroAccess][FOLDER] $NtUninstallKB26196$ : C:\WINDOWS\$NtUninstallKB26196$ --> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Reboot and rescan with RogueKiller and attach that log as well.
     
    TimW, Mar 29, 2013
    #2
  3. Normando

    Normando Private E-2

    Hi TimW,

    Thank you for your time and sorry for the late reply. I was gone most of the Easter weekend.

    Ok I restarted RogueKiller, removed the items you wanted me to and posted the log (RKreport(2)). Went back into RogueKiller to remove the File/folders as requested, but when I clicked the File tab there was nothing in there.

    Restarted the PC, reran RogueKiller and attached log file (RKreport(3)).

    Norm
     

    Attached Files:

    Normando, Apr 1, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    How are things running now?
     
    TimW, Apr 1, 2013
    #4
  5. Normando

    Normando Private E-2

    Hey TimW,

    It is running Ok or about the same. The PC fires up and everything seems fine. I try to run Word, Excel or IExlorer and nothing. I click on the icons on the desktop and nothing. Some (but very few) programs will start and run if I go to Start, All Programs ......

    Here is a small example. I double click the Internet Explorer icon on the desktop. The program looks like it is starting (a blank window appears on the screen) and then disappears. But if I use a program (which happens to need internet information), the programs fired up and makes that internet connection on its own, and I'm able to use that program.

    Thank you!
    Norm
     
    Normando, Apr 2, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Then attach the below logs:
    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, Apr 3, 2013
    #6
  7. Normando

    Normando Private E-2

    Hi Timw,

    Attached are the two logs.

    Norm
     

    Attached Files:

    Normando, Apr 4, 2013
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download System Repair Engineer from the below site:

    System Repair Engineer


    Extract the files from the ZIP file you downloaded to your Desktop. And then right click on the SREngLdr.EXE file and select Run As Administrator. If you get any warnings from protection software, please just allow it to run.

    • Once it opens, select the Smart Scan icon in the left colum.
      • Now leave all check boxes selected as they are by default
      • Then click the Scan button on the bottom and a scan will begin
      • Wait for it to finish scanning ( be patient as it can take awhile to complete all scans). If you get any warnings from protection software while it is scanning, please ignore them.
      • When it finishes the scan, a Detail Reports form will pop up. Click the Save Reports button.
      • Save the SREngLOG.log file to your Desktop to make it easy to find and attach it to your next message.
      • Now close the Detail Reports form with the Close button.

    • Now click the System Repair icon in the left column.
    • On the next form select the Browser Add-ons tab along the top.
    • Does it list any of the items you are having a problem with?
    • If yes, select the item line and then click the Delete Selected button on the bottm of the form.
    • If you found any items to delete, did it delete or did you get an error message.
    • Now exit System Repair Engineer.
    • Also shutdown ALL browser sessions ( including the one where you are reading this )and then restart IE.
    • Does the problem still occur?

    Attach the SREngLOG.log file to your next message and explain what happened if you had any problems with the above.
     
    TimW, Apr 4, 2013
    #8
  9. Normando

    Normando Private E-2

    Hi Timw,

    Ok I've been accessing the network while I'm at work and not on the effected computer. So the second part that you wanted me to do, repair Browser Addon I wasn't able to do. Or at least I wasn't able to determine which addon was causing me problems, becuase Internet Explorer is not working. As requested, attached is the log.

    The same problem still seems to be occuring. Any desktop icon that I click on, flashes like it is going to open, then doesn't. Same thing if I go Start Run, and choose something from there.

    Is it time to start reloading operating systems and software?

    Thank you,
    Norm
     

    Attached Files:

    Normando, Apr 4, 2013
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Probably, as I think you are having system errors rather than malware.
     
    TimW, Apr 5, 2013
    #10
  11. Normando

    Normando Private E-2

    Ok. Tim, thank you for all your help! I really appreciate it.
     
    Normando, Apr 5, 2013
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome. Good luck. :)
     
    TimW, Apr 5, 2013
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds