Dell Inspiron 9300 - Serious Issue, Malware?

[Gareth B]

Hi All,

Here is my situation. It would appear that my laptop has become seriously inhibited.
After returning home from work a couple of nights ago, my son informed me that the Laptop was not working right.

Ok here is the run down.


Ok I have followed the above guide to the best of my ability / Failing laptops.

I have not been able to get the latest revisions (updates) for Malwarebytes' Anti-Malware and SuperAntiSpyware as I am unable to connect to the internet. I have now purposely at this stage disabled the connection to the router. The reason for this is every time I have attempted to connect I get the following behaviour.

The desktop will drop-out and I am then forced to CTL-ALT-DEL, to run explorer, the downside of this however is that I get about 10 seconds to try to execute anything. (This is in safe mode and normal boot).

After running through the 8-step guide, (without the opportunity to connect online).

After step 4 - The running of Malwarebytes' Anti-Malware, I am now able to get to the desktop and behaviour of the machine is fine, this is without any connection to the router. If I enable the router the whole situation repeats.

Bearing the above in mind I was unable to undertake step 6 (Update Java Runtime Environment).

I have attached the requested logs.

Please Help.

Many Thanks
Gareth B

 

[kimsland]

Please run HJT again, and tick and fix these two:

C:\WINDOWS\system32\qoMedASM.dll
O20 - Winlogon Notify: qoMedASM - C:\WINDOWS\SYSTEM32\qoMedASM.dll

Also go to C:\WINDOWS\system32 and delete qoMedASM.dll
You may need to do this in Safe Mode

Then try connecting and updating, and scanning again
Ideally let us know (say even before you update the Programs) that it is presently working

 

[Gareth B]

Firstly thank you.

Ok trtied to delete qoMedASM.dll in both normal mode and safe mode.

In safe mode it give me the message.

Cannot delete qoMedASM: It is being used by another person or program.
Close any program that might be using the file and try again.

On a slightly different note when i boot into safe mode there are to logon option.

Mine and Administrator, is this usually the case?

Cheers

 

[kimsland]

Yes that's normal
I should've said log on to Administrator, but forget that now

In HJT there's an option to remove files that cannot be removed normally

Run HJT
(Doh, I haven't got it installed !!!)

Anyway, it's on the first screen, that says misc, tools or something
And in there, is a program to remove files in use (I don't know the label, but can get it if you like)

 

[Gareth B]

Hi Again,
It wouldn't let me log on as Administrator, asking for a password and mine did not work. Then logged on in safe mode as me, and tried to delete the file on reboot through the Hijack program, however the file remains?

Not tried to enable my connection just yet.

 

[kimsland]

Sorry was away from computer

Please try connecting and let me know the result
We can work out the Admin pass thing a bit later on

 

[Gareth B]

It seems to connect but everytime i tried to updates or go online, it states there is no connection. the pc i am using now is connected via the same connection. ?

 

[kimsland]

Please do this and then Restart: https://www.techspot.com/vb/post662504-2.html

By the way, it is hard wired using Ethernet (Not USB or wireless) isn't it?

 

[Gareth B]

It is wireless yes. And the symptoms have now reverted. !

 

[kimsland]

ok it's getting more difficult !

Lets start by removing that Admin Password (it'll probably help a great deal)
Have a look h e r e Go for the Live BootCD and then boot from it

This will take you a little while (download and burn ~ 20 mins & Boot and view password ~ 20 mins or so) So hear back in an hour or so Good Luck

By the way, once you write down (the case sensitive) password(s)
Go back to Safe Mode, and try removing that file again

 

[Bobbye]

Question about this statement:

I have now purposely at this stage disabled the connection to the router. The reason for this is every time I have attempted to connect I get the following behaviour.

Can you connect when you bypass the router? If so, you may have a bad router.

 

[LookinAround]

It wouldn't let me log on as Administrator, asking for a password and mine did not work.

When i read this i just have to ask to cover all possibilities: Have you ever assigned an Administrator password? From your statement, maybe not. Did you try just hitting Enter? (The default password is no password)

 

[Gareth B]

Hi All,

The router is fine i have other hardware working fine through it.
I have never assigned an Admin Password, and as your suggestion tried the default of no password.
Gonna try the Live Boot Cd this morning. Fingers Crossed.

Ok got on as Administrator, but still cannot remove the qoMedASM.dll file?

Just to let you know i havetreid the following:

Logon as Administrator.
Tried to remove the file using Malwarebytes' Anti-Malware. (remove file on Reboot)
Reboot
Look for ther file on reboot it is still there.
Ty to remove thefile using a similar utility in Hijack
Reboot
Look for ther file on reboot it is still there.
I have not attempted to go online per say as yet, as i know the virus will start all over again.

Any other suggestions would be greatly appreciated.

Cheers

Managed to get the file off in the end using and Unlocker program. Ran through the win sock cmd commands, and now have established a connection. It is now time for the * step guide from fresh. I will re-post all relevent logs a little later.

Phweh


Thanks Kimsland - going through the whole routine one last time.
Anything else i should do once i have completed the step by step guide.


Ok New note - What Firewall protection would you reccomend, at the moment I am using the default Firewall supplied with windows.

 

[kimsland]

I was going to suggest Unlocker, but I knew you couldn't download, so stuck with the normal ones.

Anyway, thanks for the update.
Also instead of replying to yourself (causing excessive emails to everyone just use Edit instead)
Edit: Moderator now combined your posts

Hear back from you later on.
.