Virus/Malware Help

Inactive
By finnclrk4
May 30, 2013
  1. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    The locations and names would be the same as last time, so:

    ESETScan Report:

    C:\da.bat BAT/Agent.NGP trojan
    C:\Radi-radi.wsf JS/Agent.NCF trojan
  2. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Do I still need to carry out the above or is this what you need?
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  4. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    I was able to delete both files manually. What should I do now?
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Create another restore point and start installing all due Windows updates.
  6. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    I have downloaded some updates but not all because every attempt fails. What should I do?
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    How many of them failed?

    If not too many post their KB numbers.
  8. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    There are a quite a few security updates as well as Windows 7 service pack 1. I tried to download them all using Windows Update and they all fail. I also tried installing Windows 7 Service Pack 1 on its own using Windows Update and that too failed and came up with the error code '800B0100'
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  10. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Running Repair Under System Account
    Starting Repairs...
    Start (16/06/2013 14:39:49)

    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (16/06/2013 14:39:49)
    Running Repair Under Current User Account
    Done (16/06/2013 14:39:51)

    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (16/06/2013 14:39:51)
    Running Repair Under System Account
    Done (16/06/2013 14:40:48)

    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (16/06/2013 14:40:48)
    Running Repair Under System Account
    Starting Repairs...
    Start (16/06/2013 14:45:39)

    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (16/06/2013 14:45:39)
    Running Repair Under Current User Account
    Done (16/06/2013 14:45:43)

    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (16/06/2013 14:45:43)
    Running Repair Under System Account
    Done (16/06/2013 14:46:51)

    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (16/06/2013 14:46:51)
    Running Repair Under System Account
    Done (16/06/2013 14:47:29)

    Register System Files
    Start (16/06/2013 14:47:29)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:48:01)

    Repair WMI
    Start (16/06/2013 14:48:01)
    Running Repair Under Current User Account
    Invalid Global Switch.

    Invalid Global Switch.

    Running Repair Under System Account
    Invalid Global Switch.

    Invalid Global Switch.

    Done (16/06/2013 14:51:24)

    Repair Windows Firewall
    Start (16/06/2013 14:51:24)
    Running Repair Under Current User Account
    The Internet Connection Sharing (ICS) service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Internet Connection Sharing (ICS) service could not be started.

    The service did not report an error.

    More help is available by typing NET HELPMSG 3534.

    Running Repair Under System Account
    The Internet Connection Sharing (ICS) service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Internet Connection Sharing (ICS) service could not be started.

    The service did not report an error.

    More help is available by typing NET HELPMSG 3534.

    Done (16/06/2013 14:51:51)

    Repair Internet Explorer
    Start (16/06/2013 14:51:51)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:52:12)

    Repair MDAC/MS Jet
    Start (16/06/2013 14:52:12)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:52:23)

    Repair Hosts File
    Start (16/06/2013 14:52:23)
    Running Repair Under System Account
    Done (16/06/2013 14:52:25)

    Remove Policies Set By Infections
    Start (16/06/2013 14:52:25)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:52:30)

    Repair Icons
    Start (16/06/2013 14:52:30)
    Running Repair Under System Account
    Could Not Find C:\Users\Finn\AppData\Local\IconCache.db.bak
    Could Not Find C:\Users\Finn\AppData\Local\IconCache.db
    Done (16/06/2013 14:52:32)

    Repair Winsock & DNS Cache
    Start (16/06/2013 14:52:32)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:52:47)

    Repair Proxy Settings
    Start (16/06/2013 14:52:47)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:52:52)

    Repair Windows Updates
    Start (16/06/2013 14:52:52)
    Running Repair Under Current User Account
    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    The system cannot find the file specified.
    Running Repair Under System Account
    The Cryptographic Services service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Background Intelligent Transfer Service service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    The system cannot find the file specified.
    Done (16/06/2013 14:54:21)

    Repair CD/DVD Missing/Not Working
    Start (16/06/2013 14:54:21)
    Done (16/06/2013 14:54:21)

    Repair Volume Shadow Copy Service
    Start (16/06/2013 14:54:21)
    Running Repair Under Current User Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Microsoft Software Shadow Copy Provider service is not started.

    More help is available by typing NET HELPMSG 3521.

    Running Repair Under System Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Microsoft Software Shadow Copy Provider service is not started.

    More help is available by typing NET HELPMSG 3521.

    Done (16/06/2013 14:54:25)

    Repair MSI (Windows Installer)
    Start (16/06/2013 14:54:26)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:36)

    Repair bat Association
    Start (16/06/2013 14:54:36)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:41)

    Repair cmd Association
    Start (16/06/2013 14:54:41)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:46)

    Repair com Association
    Start (16/06/2013 14:54:46)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:50)

    Repair Directory Association
    Start (16/06/2013 14:54:50)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:55)

    Repair Drive Association
    Start (16/06/2013 14:54:55)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:54:59)

    Repair exe Association
    Start (16/06/2013 14:55:00)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:04)

    Repair Folder Association
    Start (16/06/2013 14:55:04)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:09)

    Repair inf Association
    Start (16/06/2013 14:55:09)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:13)

    Repair lnk (Shortcuts) Association
    Start (16/06/2013 14:55:13)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:18)

    Repair msc Association
    Start (16/06/2013 14:55:18)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:23)

    Repair reg Association
    Start (16/06/2013 14:55:23)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:27)

    Repair scr Association
    Start (16/06/2013 14:55:27)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:32)

    Repair Windows Safe Mode
    Start (16/06/2013 14:55:32)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:37)

    Repair Print Spooler
    Start (16/06/2013 14:55:37)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:50)

    Restore Important Windows Services
    Start (16/06/2013 14:55:50)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:55:54)

    Set Windows Services To Default Startup
    Start (16/06/2013 14:55:54)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (16/06/2013 14:56:11)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done (16/06/2013 14:56:11)
    Total Repair Time: 00:10:32


    ...YOU MUST RESTART YOUR SYSTEM...
    Running Repair Under System Account
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    How are things now?
  12. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Problems such as Windows Firewall not working have been fixed and the PC seems pretty stable now. Is there anyway to check if it is virus free now?
  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    What about Windows updates?
     
  14. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Windows Update successfully installed some updates but some failed. Now when I try to check for updates again I get this error 'Code C80003FA'
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  16. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    I've done all steps in the link provided up to step 12, where I get the messages 'You can't upgrade 64-bit Windows to a 32-bit version of Windows.' This makes no sense as I have a 64-bit version of Windows 7 and I chose to install 64-bit.
  17. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Should I just move all files and programs I want to keep onto an external hard drive and do a clean install then move everything back onto the pc after I am done?
  18. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    If you don't mind that would be the fastest fix.
  19. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    I'm going to have to obtain a new copy of Windows 7 as mine does not work anymore:confused:
    I'll post once I've downloaded a new copy and copied everything back on
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  21. finnclrk4

    finnclrk4 Newcomer, in training Topic Starter Posts: 44

    Things seem to be going okay actually, everything's working okay. I still get the occasional 'program has stopped working' error or a blue screen but the computer is usable. I can't do a repair install because my copy of windows seems to be broken so I will keep my computer like this until I can buy a new copy of Windows.
    Thank you so much for your help and if I have other problems I will just open a new thread.
    Thanks again,
    Finn
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.