Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Corrupt Files in ProgramData/Microsoft/Network

04 Jul 2016   #1
Abdsalamah

Windows 7 Ultimate x86
 
 
Corrupt Files in ProgramData/Microsoft/Network

Hello There. I'm Just Registered For This... PLEASE READ CAREFULLY
My thing is..
Today. I turned on my pc.. everything went ok. after booting. and playing some games. a message appears down in the taskbar. that says error in system,corrupt files in C:\ProgramData/Microsoft/Network.. and everything gone was in my start menu. system tools etc. (my windows language isn't English, It's Arabic)
My problem isn't this. The problem. I can't install any program download from the internet. also i tried CHKDSK. but it says CHKDSK can't start due to installed packages or programs recently. and can this corrupt my files in the another Drivers like D: or E:.
Please Help me !! because there is so much important and personal files in the another driver and i Won't make them corrupt.
Best Regards
-Abd Salamah


My System SpecsSystem Spec
.
04 Jul 2016   #2
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Abd,
I dont see an Anti-virus in your system specs >> YOU NEED ONE.
I suspect you have picked up some malware.
Plrease run Malwarbytes (free), untick the trial, and then in the settings dashboard check the rootkit option.
Then run ESET on-line, dissable any other AV you might have.

After running the above also run from an elevated command mode
sfc /scannow
then
ipconfig /flushdns

Reboot, try a download

Roy
My System SpecsSystem Spec
04 Jul 2016   #3
Abdsalamah

Windows 7 Ultimate x86
 
 

Quote   Quote: Originally Posted by torchwood View Post
Hi Abd,
I dont see an Anti-virus in your system specs >> YOU NEED ONE.
I suspect you have picked up some malware.
Plrease run Malwarbytes (free), untick the trial, and then in the settings dashboard check the rootkit option.
Then run ESET on-line, dissable any other AV you might have.

After running the above also run from an elevated command mode
sfc /scannow
then
ipconfig /flushdns

Reboot, try a download

Roy
hello. i didn't put my anti-virus program in my specs because it won't run .. and it's turned off. i can't install it again. and it's corrupt as well. and sfc /scannow stuck at 14% and says windows resource could not perform the requested operation and i runned ipconfig /flushdns and it says Windows IP Configration Succesfully flushed the DNS Resolver Cache.. what i will do now ?
My System SpecsSystem Spec
.

04 Jul 2016   #4
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Abd,
what AV was it?
Please still run Malwarebytes and ESET.

Roy
My System SpecsSystem Spec
04 Jul 2016   #5
Abdsalamah

Windows 7 Ultimate x86
 
 

Quote   Quote: Originally Posted by torchwood View Post
Hi Abd,
what AV was it?
Please still run Malwarebytes and ESET.

Roy
Well. I installed MalwareBytes. I'm wondering how it installed. Whatever
It found one virus on KMService.exe
Everything in the pc is ok. but start menu programs gone (and i mean they are GONE)
i need system restore. but it seems to be removed from System32..
what's the solve ? Help me as you can !!!
My System SpecsSystem Spec
04 Jul 2016   #6
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Adb,
please answer my questions it will help.
Old AV please, what did ESET find.
post a copy of the malwareytes log and the one from ESET.

Roy
My System SpecsSystem Spec
05 Jul 2016   #7
Abdsalamah

Windows 7 Ultimate x86
 
 

oh sorry i forgot. It's Avast! Free antivirus. here is the ESET LOG. 32 virus. all of them are trojan horse
----------------------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
- <ESET>
- <LOG>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\1--3.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\1--3.xls.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\2016علوم-الفصل-الثاني.docx.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\2016علوم-الفصل-الثاني.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\Autorun.inf.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\kk1.vbs__.vbs.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\oEthHdQfxJBasYQ.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\System_Volume_Information.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جداول كاملة 2016.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جداول ف222 - 2016.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جداول__ف2_-2015-2016__كامل.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جداول__كاملة_2016.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جداول_ف222__-_2016.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_اول_ج2016_جديد222.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_اول_ج2016_جديد222.xls.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_فارغ_الكامل.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_فارغ_الكامل.xls.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_نموذج_عزمي.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\جدول_نموذج_عزمي.xls.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\خطة_فصلية_رياضيات_ثاني_أ.docx.lnk.vir - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\خطة_فصلية_رياضيات_ثاني_أ.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\H\ملفات_مدرسية.lnk.vir - LNK/Agent.AK حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\1--3.xls.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\2016علوم-الفصل-الثاني.docx.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\Autorun.inf.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\System_Volume_Information.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\جداول__ف2_-2015-2016__كامل.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\جداول_ف222__-_2016.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\جدول_اول_ج2016_جديد222.xls.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\جدول_فارغ_الكامل.xls.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\جدول_نموذج_عزمي.xls.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="السجل">C:\UsbFix\Quarantine\UpMalware\خطة_فصلية_رياضيات_ثاني_أ.docx.lnk - LNK/Agent.AO حصان طروادة - تم تنظيفه وحذفه [1]</COLUMN>
</RECORD>
</LOG>
</ESET>
---------------------------------------------------------------------------------------------------------
حصان طروادة means trojan horse
السجل means log
تم تنظيفه وحذفه means cleaned and removed
My System SpecsSystem Spec
05 Jul 2016   #8
Abdsalamah

Windows 7 Ultimate x86
 
 

Here is The MalwareBytes Log
-------------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
<date>2016/07/04 21:49:24 +0300</date>
<logfile>mbam-log-٢٠١٦-٠٧-٠٤ (٢١-٤٧-٣١).xml</logfile>
<isadmin>yes</isadmin>
</header>
- <engine>
<version>2.2.1.1043</version>
<malware-database>v2016.07.04.07</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
- <system>
<hostname>ABDSALAMAH-PC</hostname>
<ip>192.168.1.100</ip>
<osversion>Windows 7</osversion>
<arch>x86</arch>
<username>AbdSalamah</username>
<filesys>NTFS</filesys>
</system>
- <summary>
<type>threat</type>
<result>completed</result>
<objects>249857</objects>
<time>334</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
- <options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
- <items>
- <file>
<path>C:\Windows\KMService.exe</path>
<vendor>RiskWare.Tool.CK</vendor> <----------------- this is the virus
<action>success</action>
<hash>1aedab75ecae0531f50da0696f934db3</hash>
</file>
</items>
</mbam-log>
-------------------------------------------------------------------------------------------------
My System SpecsSystem Spec
05 Jul 2016   #9
Abdsalamah

Windows 7 Ultimate x86
 
 

Look at the start menu.. It's almost empty. there is nothing. only my games.. also there is no paint.exe and no system restore. all of them are gone


Attached Thumbnails
Corrupt Files in ProgramData/Microsoft/Network-startmenu.png  
My System SpecsSystem Spec
05 Jul 2016   #10
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Abd,
lookin at those logs.
RE-run malwarebytes, in the settings dashboard enable Rootkits, it was off last time.
Set it to auto quarentine.
There appear to be 2 infections, not 1.

Those shortcuts to your programes in the start menu,system restore and paint WERE ALL INFECTED, (anything with ".ink" = shortcut).
They have now been removed by ESET.

Did you only select them to run against the C drive?, if yes you need to select D and E as well.

It would appear that the infections came via an infected USB! device, throw it away

When we have cleared the malware.
We can get back to resetting your comp
(unistall/re-install Avast -- reset IP again -- system repair -- sfc scannow)

Roy
My System SpecsSystem Spec
Reply

 Corrupt Files in ProgramData/Microsoft/Network




Thread Tools




Similar help and support threads
Thread Forum
deleted files from programdata, windows buggy
im not sure what the problem is, i remember deleting some files i thought was trash form program data which is all i can think of what caused the problem. these files have been deleted from the recycling bin which i coudnt get into after. my 5th hardrive stopped working when i was transferring...
Software
ProgramData Microsoft Crypto - safe to delete files?
ProgramData Microsoft Crypto - safe to delete files? ProgramData Microsoft Crypto ... RSA, Machine Keys, 2GB of files, can some of those files be safely deleted?
General Discussion
Corrupt Microsoft WiFi Miniport Adapter + Messed up Network Icon
The network icon always appeared like this: Screenshot by Lightshot even when I was connected to the internet. I've fixed the problem by removing all my networks then rebooting, but it just comes back when I don't. It used to work fine all the time. This happened after I updated a network adapter...
Hardware & Devices
Many entries in "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys"
I noticed that I have over 850 entries in the "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder. Apparently 1 is created at each boot? Are these files all necessary? Can I delete them somehow? Thanks.
General Discussion
corrupt files from microsoft??
I just spent an hour downloading the 2+ gig of files for the seven download, i used the links provided on the microsoft store site that i was lead to after paying. There were two options for a 32 bit install, one was an iso, one was not, i went with the not iso first. There were three parts to...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App