TechSpot

Virus infection I can't stop

Solved
By TianaWolf
Feb 1, 2013
  1. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    Running the ESET scan and it found another virus.. *growls* It's not done running yet.. should I have it clean the file or just post the log when its done? this is so crazy these viruses..
    the current scan result says its a variant of Win32Adware Registry Easy application
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    If you didn't change Eset settings all findings will be cleaned by default.
     
  3. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    C:\Documents and Settings\Tami\My Documents\Downloads\RegistryEasy_Lite.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  5. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    Thank you so much Broni :) The otl text didn't save to desktop for some reason.. everything seems to be ok, except for the compmgmt is still not workin.. I definitely think I lost some files ..
     
  6. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Let me know how things are when done.
     
  7. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    Wow.. you're like the miracle worker of computers.. starting it now
     
  8. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    I ran it and it did install mmc.exe but compmgmt.exe is still missing. However.. my computer is running like a champ..
    I will be donating to ya on my first payday, This kind of work is mind boggling.. I don't know about you but my brain is fried.. I really really appreciate your help. Thank you :)
     
  9. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Give me more details as how you know about it and what kind of problems it's causing.
     
  10. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    When I go to start>my computer >right click> manage An error window opens that has Microsoft Management Console at the top of it.
    it says:
    MMC cannot open the file C:WINDOWS\system32\compmgmt.msc.
    This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have suffiecient access rights to the file.

    When I look in C:WINDOWS\system32 I see a file that says mmc (I put a pic of it in below so you can see the file) and in properties under the general tab it says it is an application file. When I click on the version Tab Under Other Version Informatin then click on File Version in the item name window it says in the value area 5.2.3790.4136 (srv03_sp2_qfe.070821-1204)

    I did go to start>run>mmc.exe
    A window opened (which nothing would open before)
    The name of the window is console 1 which is odd. and there is nothing at all in the file area.. (adding a pic of it below)
    I do not see compmgmt.exe in the system 32 folder.

    I also tried
    start>run> typed in compmgmt.exe and hit ok
    A window opened up that had compmgmt.exe in the title
    and it said: Windows cannot find "compmgmt.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the start button and then click search. ( I also tried compmgmt in run without the .exe extension and got the same results)
    So then I did try searching for it on my computer using start>search> using advanced options to look in hidden folders on the whole computer and the only file it found with that name was the compmgmt txt help file. So unless it got renamed I am assuming it is not there.

    I did unhide system files to look for it. I disconnected from the net when I did that. But I will admit I have never tried unhiding files before, so maybe that too is broken as I wouldn't know what to look for to see if that worked. How did I unhide them?
    Start>control panel>appearance and themes>Folder options
    under the view tab under hidden files and folders I clicked Show hidden files and folders. and then apply. (they are hidden again)

    For my own troubleshooting, because the MMC error window said it may be lack of permissions, I have tried to run scheduled tasks as an adminstrator by following this path
    Start>All programs>accessories>system tools>scheduled tasks>right click>run as administrator
    An error window with Windows Explorer in the title opens
    it says: Unable to log on:
    Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

    So it looks like my problems are twofold. I don't have administrator privelidges, and the mmc file icon does not look right, nor does it open the microsoft memory console. It just occured to me that perhaps the file that says mmc in the system 32 folder is in the wrong place? or perhaps under regedit the path to it is corrupt
    I hope this gives you more detailed information



    mmc.jpg console.jpg
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      compmgmt.msc
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
     
  12. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:54 on 03/02/2013 by Tami
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "compmgmt.msc"
    No files found.
    -= EOF =-
     
  13. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Here: http://www.filedropper.com/compmgmt is compmgmt.msc from my XP CD.
    Download it and put the file into C:WINDOWS\system32 folder.
    Restart computer and let me know how it goes.
     
  14. TianaWolf

    TianaWolf TS Rookie Topic Starter Posts: 25

    That Worked!!! :) wow I should take a picture of this console and frame it.. LOL omg thank you x1000 .. !!
     
  15. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.