Solved A device attached to the system is notfunctioning

[magnet18]

Hello,
First off, I was following the instructions, but when I tried to install malwarebytes, I got an error-
Error
ShellExecuteEx failed, code 31
A device attached to the system is not functioning.

This error has been popping up everywhere, leading me to know I have a virus
it appears whenever I try to run anything as admin, open regedit, change AVG antivirus settings, etc

example, when right clicking on command prompt and clicking run as administrator, I get C:\Windows\system32\cmd.exe
A device attached to the system is not functioning.

I've tried AVG scans, but they don't find anything

Sorry I couldn't attach a malwarebytes log, and since that was step 2, I figured I should wait for help on what to do.

Please let me know what information you need, and I will be more than happy to cooperate.
I have never purchased anything online or accessed any banking software with this machine, my only fear is passwords to websites and possibly the SAT/ACT sites and email might get stolen.

Thanks in advance

 

[magnet18]

Forgot to mention, running windows 7 64 bit on an asus g75 laptop

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

 

[magnet18]

Step 1- I currently have AVG antivirus installed and running
Step 2-
downloaded mbam setup
moved to desktop
double click
click run
>Error
>ShellExecuteEx failed, code 31
>A device attached to the system is not functioning.

should I skip the rest of step 2 and proceed to step 3, or do I need to run mbam before I can do anything else?

 

[magnet18]

also, keeping you updated, the only way I can find to shutdown/restart/any of those options is to use the shutdown command in the command prompt (I DO have a custom theme installed that has custom programs and power buttons, I mention it because they've been giving me problems with not looking right, sorry if this is useless info you don't want to hear)

 

[Jay Pfoutz]

Work with the other tools. See if you can get the others to run, please.

 

[magnet18]

Trying to disable avg, "a device attached to the system is not functioning"
I can't disable avg from command line, all I get is a command line scanner
I did manage to get malwarebytes installed in safe mode, but it isn't meant to be run in safemode and when I try to run it in normal mode... "a device attached to the system is not functioning"
Trying to run gmer -"a device attached to the system is not functioning"
Trying to run dds - "a device attached to the system is not functioning"

The best I can do for you on my own is to run sfc /scannow, or try to run avg command line scanner, malwarebytes, gmer, or dds, all from the administrator command prompt in safe mode, with AVG still active (as far as I know).

Was that conveyed clearly?
It can be hard to describe all this in text

What should I do?

 

[Jay Pfoutz]

Let's try the following...

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64 and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button.
• type exit and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[magnet18]

Alright, another problem
I downloaded FRST64 and put it on a flashdrive
finally got the advanced boot options menu (required holding f8, rather than tapping)
chose repair your computer
a windows is loading files bar appeared (looked like twice)
something that looked like a command prompt appeared, except it was headed "x:... don't remember exactly"
some things appeared about selected disks and partitions
asus windows recovery loaded and appeared exactly like the asus recovery CD, down to saying it was a CD, and was going to reset to factory
when I hit cancel, it just restarted the computer, there was no way for me to access a command prompt


I don't have a windows installation disk, only the asus recovery disks I burned when I got the computer (all of 2 weeks ago), and those just load right into the asus windows recovery the same as above

again, I might be able to run it in safe mode, with avg still active

 

[Jay Pfoutz]

Another backup method...

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive. (Once again, make sure it is for 64-bit)
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[magnet18]

when I double clicked on OTLPENet.exe to run it I got the usual error (a device attached to the system is not functioning)
I'm going ahead and burning the disc on a different computer, then I'll stick it in mine and see if that works

Also, would a linux boot disc work (with or without codecs)?
I have a couple of those lying around

 

[magnet18]

K, I burned the disc on my moms computer, when I tried to boot on mine it bluescreened saying windows was corrupted and telling me to run chdsk /f
I took the disc out and the computer booted normal

 

[magnet18]

Alright, I had had enough of this virus
I backed up all my documents to my D drive, booted from a linux disc, reformatted the C drive, removed the D drive, and reinstalled windows

I didn't have anything that was irreplacable, and this virus was wasting our time

 

[Jay Pfoutz]

Okay. Well, we need to at least check and make sure the PC is not still infected, as commonly rootkits can hide inside drivers, and even if reinstalled - the virus code can still be intact.

Please do the following...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[magnet18]

ESET log-
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a0686ae01be0c147a24b3c97fc354342
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 03:22:46
# local_time=2012-07-22 11:22:46 (-0500, US Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 94555168 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=263571
# found=1
# cleaned=1
# scan_time=2048
D:\C\Robert\Downloads\FreeYouTubeDownloaderInstaller.exea variant of Win32/Somoto.A application (cleaned by deleting - quarantined)00000000000000000000000000000000C
===============================
guess I found out where the virus came from originally... that's embarrassing

 

[magnet18]

checkup.txt-
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 15.0.874.120
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



as a note, C is an SSD, fragmentation is normal

 

[Jay Pfoutz]

Good work! Don't worry, it happens.

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[magnet18]

No questions, but the flash page simply told me that google chrome has flash built in
Guess I don't need to download it?

 

[magnet18]

Thanks for that link!
I already had avast and malwarebytes installed, but I went ahead and installed comodo firewall and spybot anti-spyware

 

[Jay Pfoutz]

Topic solved. (y)