Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Please help: virus has taken over my computer.

17 Mar 2013   #11
cottonball

Windows 7 Home Premium
 
 

Jaypaul97,

Like shawn77 says, and per instructions in the RogueKiller post (# 5), we do need for you to post the RKreport.txt (Mode: Scan) to proceed.

Also, do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:


Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Is the Repair your computer option listed?
If you do not have the option above, do you have your Windows installation CD/DVD available?

Just to confirm, the infected computer, is it 32-bit, or 64-bit?


My System SpecsSystem Spec
.
17 Mar 2013   #12
rhuds13

W7 Prem 64 on Dell, Home Build W7 Pro 64 1drv, XP Pro 1 drv
 
 

You may want to read the following: AVG anti-virus software mistakes Windows system file for a trojan - Wilders Security Forums
Maybe you could try another AV and see if there is still a problem. Hope this helps.
My System SpecsSystem Spec
17 Mar 2013   #13
Jaypaul97

Windows 7 64-bit
 
 

Quote   Quote: Originally Posted by shawn77 View Post
Hi Jaypaul,

You need to post the roguekiller log.

You cannot delete services.exe.If you change the permission and delete it,system would become unbootable on next reboot.You need to replace it with a clean copy.
Yes, I used the CMD to repair it, and as of now AVG says there are no problems. I could still give Windows Defender offline a go just in case AVG missed something I suppose
My System SpecsSystem Spec
.

17 Mar 2013   #14
cottonball

Windows 7 Home Premium
 
 

Jaypaul97,

Thank you for the information on your last post.

However, please understand that I cannot help you when operating in the blind.

If you would like further help from me, please provide the RKreport (Mode Scan), and the RKreport (Mode Delete). You can XXX out your name on the reports, that is fine.

There is more to the process of removing the infection from your computer than what meets the eye, and the goal is to make sure it is all gone. A RootKit could also be involved.

As rhuds13 has pointed out, relying on AVG to determine if everything is OK is not in your best interest. Neither is relying on programs which are not specifically catered to point out this malware.

Regards...
My System SpecsSystem Spec
17 Mar 2013   #15
shawn77

32 bit
 
 

We are confused why you want to create a topic here and fix things on your own.We could have fixed the infection and services in matter of minutes if you were able to post logs.

rhuds13

You are wrong.You should read about zero access rootkit and what files it infects.
My System SpecsSystem Spec
18 Mar 2013   #16
rhuds13

W7 Prem 64 on Dell, Home Build W7 Pro 64 1drv, XP Pro 1 drv
 
 

When I posted there was no previous remarks that the OP had a ZeroAccess Rootkit. I believe that if only AVG found something and the OP had not stated having tried other types of scans or offered help, then using another software may not be a bad idea. I did in fact read: ZeroAccess – From Rootkit to Nasty Infection |
I could have offered more on my post but others had already done so. Sorry about that.
My System SpecsSystem Spec
18 Mar 2013   #17
cottonball

Windows 7 Home Premium
 
 

No need for apologies, rhuds13.

The bottom line is that, if there is a RootKit hiding in that system that normal scans can't find, who knows when that ship is going to need some heavy steering to come out of the storm!
My System SpecsSystem Spec
18 Mar 2013   #18
rhuds13

W7 Prem 64 on Dell, Home Build W7 Pro 64 1drv, XP Pro 1 drv
 
 

Very true. That's why I always make a system image on external drive or disc of any system I work on after initial install and updates. If on disc then place in disc inside case. That way if they come back with borked system just format C and run image.
My System SpecsSystem Spec
18 Mar 2013   #19
Jaypaul97

Windows 7 64-bit
 
 

Here's the RKill log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - BleepingComputer.com

Program started at: 03/16/2013 10:30:02 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\User\Desktop\rkill\rkill-03-16-2013-10-30-04.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe : 328,704 : 07/13/2009 06:39 PM : 24acb7e5be595468e3b9aa488b9b4fcb [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 03/16/2013 10:33:49 PM
Execution time: 0 hours(s), 3 minute(s), and 46 seconds(s)
My System SpecsSystem Spec
18 Mar 2013   #20
cottonball

Windows 7 Home Premium
 
 

Jaypaul97,

Glad you returned! There is some work to do with that system.

Please go back to VistaKing's post #4:
http://www.sevenforums.com/system-security/282639-please-help-virus-has-taken-over-my-computer.html#post2327091

You may want to print the instructions so you have access to them while working on the process outlined.

If you have any questions on any part of the instructions, feel free to ask.

When done, post the FRST.txt and the Search.txt as requested. We need this information in order to press on.
My System SpecsSystem Spec
Reply

 Please help: virus has taken over my computer.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Very Slow Computer - Possible Virus?
My computer:Dell Inspiron ONE_2020,Intel(R) Pentium(R) CPU G620T 2 2.20 GHz, RAM: 4. GB, 64-bit OS Has been very slow for the last few days and I'm wondering if I've picked up a virus. I cleaned and fixed as much as I could with JetClean and I'm now in the process of scanning it with...
Performance & Maintenance
Virus on my computer?
Okay today i got a virus or.. .java file that gived me message box (Restart msgbox style) I pressed ok and.. Restart! Then i goed to my computer again and deleted the file but.. i start run then C:/Documents and settings/ Acces denied. How my 32 bit computer has C:/Documents and...
System Security
Computer has virus or something
My computer started running very slow today. I've done a couple restores to earlier restore points which haven't helped. The performance trouble shooter won't work and I am trying to do a scan with Microsoft Security Essentials but it is just creeping along. I tried to do an elevated command prompt...
Performance & Maintenance
virus locks computer
ok, my artners sister phoned me last week about her notebook laptop saying it wont go to her desktop and only shows a metropolitan police thing saying illigal activity saying you have been downloading illigal music pay 50 to get you computer unlocked, and now it just loads up to a white screen...
System Security
Computer won't start due to virus
So originally I had a trojan infection that Windows Security Essentials and other anti-virus programs identified after several blue screen crashes. For some reasons, these programs would not delete the virus, only quarantine it. I then had the issue where google redirects to a rando site when I...
System Security
Man infects himself with computer virus
"University of Reading researcher Mark Gasson has become the first human known to be infected by a computer virus. The virus, infecting a chip implanted in Gasson's hand, passed into a laboratory computer. From there, the infection could have spread into other computer chips found in building...
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:08.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App