1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Tried Malwarebytes & Avast But Now Cannot Boot Even In Safe Mode

Discussion in 'Malware Removal Help' started by annber, Nov 30, 2012.

  1. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Good evening,
    I have a serious problem and will try to be brief. We bought an HP desktop at Costco three weeks ago, we had to save our pennies. Two weeks ago I downloaded some freeware files from a torrent regarding photoreal scenery for FSX, since then I noticed every time I browsed, I was redirected to unknown sites. Today I finally decided to run malwarebytes, but after about an hour of running it froze the computer, not before telling me I had 15 infections. I tried running it two more times and same result.
    I then downloaded Avast, and the same thing happened, except since avast runs in the background I had three avast pop ups telling me it had blocked a root something and Trojan.
    I then tried running in safe mode, but now I cannot even boot in safe mode.
    My biggest problem is that in my computer there are over 200 pictures and videos that my wife took of her mother before she passed away three days ago, those are extremely valuable to my wife.
    I do want to fix my computer if possible, but at the very least I hope someone can help us retrieve the pictures and some important files we have, please we need help. Thanks!!
    My computer:
    HP p6-2127c
    AMD quad core A6-3620
    Windows 7
     
  2. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    Hi annber. Please be patient and one of our Malware experts will be along shortly to help you. :smile2:
     
  3. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Thank you!!
     
  4. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Hi, don't mean to be a pest, really, but it is 11:43pm here, I thought shortly would mean 30 min to one hour, but it has been 2 1/2 hours since your post, and today was a rough day for me, chemotherapy at 11am, side effects in the afternoon, and now this terrible thing with the computer. Should I go to sleep now and expect a reply by morning instead?
     
  5. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    Sorry annber if you thought I meant minutes.
    These Guys give their valuable time and they live in a different time zone.
    They have a family life as well and also it is the week end.
    The first spare moment they get they will assist you.
    Some Malware sites the wait time at present is around 5 -8 days.
    You never wait that long here.
    I have emailed them for you. :smile2:
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi annber

    Not being able to boot into Safe Mode complictes matters slightly, but we can still get a look at the system.
    As you are able to post here, i take it that you have access to another computer.
    We will need to download a program using this system and then transfer the program by way of USB stick.
    A quick look at the specs for the infected system seem to show that the system is running a 64bit operating system.
    If this is so, please use the instructions for a 64bit system below.
    I've also included the download for the 32bit version just in case.....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Thanks
     
  7. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    actually this is a windows Vista computer, sorry. Here is the log you requested.
     

    Attached Files:

  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi annber

    The report isn't showing any reason for the problems.

    I went by the info in your first post:
    You say in the first post that Avast threw up about the infections.
    Your report is showing entries for Norton.... how many Anti Virus programs do you have installed?

    This is why we always say..
    P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

    I see that there have been no restore points made since late September..... did you turn them off?

    If the system won't boot at all, we could try one of these restore points and see if the system will boot up.
    If we can't get the system to boot up, getting your pics etc off is not really a problem we can always fall back onto another program that will allow you to retrieve them.
     
  9. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    starbuck, I apologize about the confusion, it is entirely my fault. The truth is that we have two computers, the one I mentioned which we bought at Costco recently, and an older Gateway all in one. Both are infected due my downloading those flightsim photoreal sceneries, In fact I had those files on a 32gb USB, and after downloading them to the new computer is when that computer started having problems.
    I had thought my wife had most of the pictures on the new computer, but it turns out that only the recent (three weeks ago) pictures and videos that she took of her mother in Germany are in the new one, the vast majority of pictures related to her mother are still in the older system.
    I understand your point about P2P, and I now totally agree, I thought if I scanned them with Avast it would be enough, apparently not.
    The computer boots, to the point where you can log in, enter password, the regular home screen appears with all icons, then the moment you click on anything the computer goes to a one second blue screen and shuts down. I don't think it let's me get to safe mode either.
    Again, sorry about the confusion, sometimes it is hard to concentrate when there is so much to deal with, and going thru chemo does not help make things easier to deal with. Nevertheless, I am ready to assist you should you want to help, thanks!!
     
  10. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    BTW, as far as I remember, I have Avast and Malwarebytes on that computer, norton probably came with the computer, but unless itbis running in the background I have never downloaded it.
     
  11. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Hi, I wanted to try the restore points, in fact I though I had tried that when the computer first had problems. I just tried again, tried every restore point possible, it runs for about 5 minutes and then it returns an error message that it was unable to do it.

    Starbuck, the computer does boot, getting to that point does not seem to be a problem. I am not computer smart, so I will try to explain this for you to the best of my limited knowledge.

    I can boot, my homepage loads, all the icons are there. As a test I clicked on my fligh simulator icon, it actually loaded without a hitch, I was able to select a plane, load a scenery and do a quick 2 minute test flight.

    The problem starts when I do one of the following, if I click start, I get a very brief 2 second blue screen and then it attempts to reboot.
    The same happens when I click on the internet connection logo. In fact it does not let me connect to the Internet although my wireless password is registered in my system.

    I hope to hear from you so that we can start working on solving it. Thanks!
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi annber

    Ok, i see where the confusion has arisen now.
    Let's just work on one system for now and try and avoid any further confusion.

    Because of the running problems, you may be better to download these two programs to another system and them transfer them be way of a usb stick.
    By all means try and download them using the infected system, but use the usb stick transfer if you have problems.
    You can use Safe Mode with Networking to download them if you can't get the internet to work on the infected system.
    Remember not to reboot the system between running RKill and Combofix.

    Step 1
    Please download RKill.com to your desktop from the following link.:
    Rkill download link
    Download page will open in a new tab or browser window.
    When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.
    Once it is downloaded, double-click on the rkill.com icon.
    If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

    If the malware is persistant, you may have to run RKill a number of times.
    When it has finished, the black window will automatically close and you can continue with the next step.

    If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

    Note
    Please do not reboot your system until you have completed the following step, or the Malware will restart itself:


    Step 2
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks
     
  13. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Good morning starbuck, I am at the hospital right now, will be home in one hour and will proceed according to your instructions. Thanks for your reply and help!!
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi annber,

    No rush, just post the results when you're ready.
     
  15. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Starbuck, let me describe what I just did in case I didn't do it right.

    1) the computer does not let me connect to the Internet or get to anything related to the computer itself. For example, I downloaded the programs you instructed me to a USB then attempted a transfer to desktop, the USB window opens, then I click open files, that is when I immediately get a brief 2 second blue screen and the computer restarts.
    2) I transferred files via safe mode to desktop successfully.
    3) I ran rkill, it ran for maybe 20 seconds and then it produced a notepad log.
    4) I then ran combofix after renaming it combo-fix.
    5) after maybe 10 seconds I got an error message, no information on it just an error message. Then the computer restarted itself.

    Did I do something wrong?
     
  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    So the error message was blank? .... unusual.

    Ok, let's run this program.
    Basically you need to download this program, burn it to a disc and then use this to restart your system.
    It will use a different type of Operating system so won't be effected by any malware.
    It should give us a good report of your system.
    You can use this as well to get any Files, Pics, etc off the system.
    It should also give you internet access.
    Obviously you will need to use a different computer to download the program.

    Please print these instruction out so that you know what you are doing.

    • Download OTLPENet.exe to your desktop
    • Ensure that you have a blank CD in the drive
    • Double click OTLPEStd.exe (the downloaded icon) and this will then open imgburn to burn the file to the CD
    • Reboot your bad system using the boot CD you just created.
    .
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
      .
    • Your system should now display a Reatogo desktop.
    • Note : as you are running from CD it is not exactly speedy
    • Double-click on the OTLPE icon.
    • Select the Windows folder of the infected drive if it asks for a location
    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system.
    • Right click the file and select send to : select the USB drive.
    • Confirm that it has copied to the USB drive by selecting it
    • You can backup any files that you wish from this OS
    • Please post the contents of the C:\OTL.txt file in your next reply.

    Thanks
     
  17. annber

    annber Registered Members

    Joined:
    Nov 30, 2012
    Messages:
    11
    Location:
    California
    Operating System:
    Windows 7
    Thanks starbuck, I will do that, however it might take me some time to do it since I need to borrow a computer where I can burn to disk.
    I will post as soon as I get that, which may mean a few hours.
    Thanks again for your help.
     
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ok annber, thanks for keeping me informed.
     

Share This Page