Tricky malware problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by Kcscout, Apr 11, 2015.

  1. Kcscout

    Kcscout Private E-2

    Hi, so my dad ran a suspicious .exe file on my computer this morning while I was out, which installed a bunch of malware/adware and started causing all kinds of problems.
    I was following the guide to malware removal from this site, and was at the stage where I run run malware bytes. It found several hundred problems, I told it to fix them, it asked me to restart, and now I get a "program can't run because explorerframe.dll is missing" error on login.
    So now I don't know what to do, I can't seem to access anything on my pc at all. I'm on my iPad btw.
    Let me know if there's any more information you need, I'll be here all day -_-
     
    Kcscout, Apr 11, 2015
    #1
  2. Kcscout

    Kcscout Private E-2

    Can't figure out how to edit my previous post. I'm running windows 7, 64bit.
     
    Kcscout, Apr 11, 2015
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    What happens if you boot up your PC in safe boot mode?
     
    chaslang, Apr 11, 2015
    #3
  4. Kcscout

    Kcscout Private E-2

    Been using safe mode this whole time. Symptoms are the same.
     
    Kcscout, Apr 11, 2015
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    And you are 100% sure that nothing at all will run??? If you answer yes this means you have tried everything including command prompt and all other programs. Note if nothing runs at all, you may not be able to fix this but let's see what we can find out with then below process.

    Please do the below so that we can boot to System Recovery Options to run a scan.

    For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.


    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
    chaslang, Apr 11, 2015
    #5
  6. Kcscout

    Kcscout Private E-2

    Sorry, rather than "I can't access anything" it would be more accurate to say that windows explorer fails to start up, so after I log on I just get a black screen (safe mode or no).
    Additionally, I previously tried running the sfc /scannow function by accessing the safe mode + command prompt option, and it claimed to have found and fixed something. The problem persists however, except now I don't even get the error message from before (about explorerframe.dll).

    ANYWAY, I followed your instructions and have attached the log (procedure went as expected).
     

    Attached Files:

    Kcscout, Apr 12, 2015
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it was restored by running sfc.

    Try the below but I'm not sure this is going to fix the boot up problem.


    Download this >> View attachment fixlist.txt


    Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.
    Now reboot back into the System Recovery Options as you did previously.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (See how to attach)

    Now see if you can boot into normal Windows. If not, you may want to try booting back into the System Recovery Environment (like you did to run FRST ) but instead of choosing Command Prompt, choose System Restore and try a restore point from before the problem began. I saw all the below in your FRST log.

     
    chaslang, Apr 12, 2015
    #7
  8. Kcscout

    Kcscout Private E-2

    Thanks for your help up until now, but I decided to get some professional help since I wasn't getting anywhere and I couldn't afford to be without my computer for much longer (I did try your last suggestion first though, and it still wouldn't boot even after restoring to a point a few days before it was infected).
     
    Kcscout, Apr 14, 2015
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Hope you get it all worked out!
     
    chaslang, Apr 14, 2015
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds