Solved Virus infection I can't stop
- Thread starter TianaWolf
- Start date
Broni
Posts: 56,041 +517
1. Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
===============================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
14. Please, let me know, how your computer is doing.
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
- Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Do NOT post JavaRa log.
===============================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
14. Please, let me know, how your computer is doing.
Broni
Posts: 56,041 +517
Download Windows Repair (all in one) from this site
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
Click on box next to the Restart System when Finished. Then click on Start.
Let me know how things are when done.
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
Go to Step 4 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
Click on box next to the Restart System when Finished. Then click on Start.
Let me know how things are when done.
TianaWolf
Posts: 25 +0
I ran it and it did install mmc.exe but compmgmt.exe is still missing. However.. my computer is running like a champ..
I will be donating to ya on my first payday, This kind of work is mind boggling.. I don't know about you but my brain is fried.. I really really appreciate your help. Thank you
I will be donating to ya on my first payday, This kind of work is mind boggling.. I don't know about you but my brain is fried.. I really really appreciate your help. Thank you
TianaWolf
Posts: 25 +0
When I go to start>my computer >right click> manage An error window opens that has Microsoft Management Console at the top of it.
it says:
MMC cannot open the file C:WINDOWS\system32\compmgmt.msc.
This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have suffiecient access rights to the file.
When I look in C:WINDOWS\system32 I see a file that says mmc (I put a pic of it in below so you can see the file) and in properties under the general tab it says it is an application file. When I click on the version Tab Under Other Version Informatin then click on File Version in the item name window it says in the value area 5.2.3790.4136 (srv03_sp2_qfe.070821-1204)
I did go to start>run>mmc.exe
A window opened (which nothing would open before)
The name of the window is console 1 which is odd. and there is nothing at all in the file area.. (adding a pic of it below)
I do not see compmgmt.exe in the system 32 folder.
I also tried
start>run> typed in compmgmt.exe and hit ok
A window opened up that had compmgmt.exe in the title
and it said: Windows cannot find "compmgmt.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the start button and then click search. ( I also tried compmgmt in run without the .exe extension and got the same results)
So then I did try searching for it on my computer using start>search> using advanced options to look in hidden folders on the whole computer and the only file it found with that name was the compmgmt txt help file. So unless it got renamed I am assuming it is not there.
I did unhide system files to look for it. I disconnected from the net when I did that. But I will admit I have never tried unhiding files before, so maybe that too is broken as I wouldn't know what to look for to see if that worked. How did I unhide them?
Start>control panel>appearance and themes>Folder options
under the view tab under hidden files and folders I clicked Show hidden files and folders. and then apply. (they are hidden again)
For my own troubleshooting, because the MMC error window said it may be lack of permissions, I have tried to run scheduled tasks as an adminstrator by following this path
Start>All programs>accessories>system tools>scheduled tasks>right click>run as administrator
An error window with Windows Explorer in the title opens
it says: Unable to log on:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.
So it looks like my problems are twofold. I don't have administrator privelidges, and the mmc file icon does not look right, nor does it open the microsoft memory console. It just occured to me that perhaps the file that says mmc in the system 32 folder is in the wrong place? or perhaps under regedit the path to it is corrupt
I hope this gives you more detailed information
it says:
MMC cannot open the file C:WINDOWS\system32\compmgmt.msc.
This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have suffiecient access rights to the file.
When I look in C:WINDOWS\system32 I see a file that says mmc (I put a pic of it in below so you can see the file) and in properties under the general tab it says it is an application file. When I click on the version Tab Under Other Version Informatin then click on File Version in the item name window it says in the value area 5.2.3790.4136 (srv03_sp2_qfe.070821-1204)
I did go to start>run>mmc.exe
A window opened (which nothing would open before)
The name of the window is console 1 which is odd. and there is nothing at all in the file area.. (adding a pic of it below)
I do not see compmgmt.exe in the system 32 folder.
I also tried
start>run> typed in compmgmt.exe and hit ok
A window opened up that had compmgmt.exe in the title
and it said: Windows cannot find "compmgmt.exe". Make sure you typed the name correctly, and then try again. To search for a file, click the start button and then click search. ( I also tried compmgmt in run without the .exe extension and got the same results)
So then I did try searching for it on my computer using start>search> using advanced options to look in hidden folders on the whole computer and the only file it found with that name was the compmgmt txt help file. So unless it got renamed I am assuming it is not there.
I did unhide system files to look for it. I disconnected from the net when I did that. But I will admit I have never tried unhiding files before, so maybe that too is broken as I wouldn't know what to look for to see if that worked. How did I unhide them?
Start>control panel>appearance and themes>Folder options
under the view tab under hidden files and folders I clicked Show hidden files and folders. and then apply. (they are hidden again)
For my own troubleshooting, because the MMC error window said it may be lack of permissions, I have tried to run scheduled tasks as an adminstrator by following this path
Start>All programs>accessories>system tools>scheduled tasks>right click>run as administrator
An error window with Windows Explorer in the title opens
it says: Unable to log on:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.
So it looks like my problems are twofold. I don't have administrator privelidges, and the mmc file icon does not look right, nor does it open the microsoft memory console. It just occured to me that perhaps the file that says mmc in the system 32 folder is in the wrong place? or perhaps under regedit the path to it is corrupt
I hope this gives you more detailed information
Broni
Posts: 56,041 +517
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Download Mirror #1
Download Mirror #2
64-bit users go HERE
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box and paste it into the main textfield:
Code::filefind compmgmt.msc - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Broni
Posts: 56,041 +517
Here: http://www.filedropper.com/compmgmt is compmgmt.msc from my XP CD.
Download it and put the file into C:WINDOWS\system32 folder.
Restart computer and let me know how it goes.
Download it and put the file into C:WINDOWS\system32 folder.
Restart computer and let me know how it goes.
Similar threads
