Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I get rid of weird virus? (Programs won't open in Windows 7)

29 Jun 2013   #41
PCuser809

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by cottonball View Post
PCuser809,

You are replying to Post #30.

Please look at the bottom of Post #32!!
No, the top is a reply to #30 but the second part is a reply to #32.
I can see how it could be seen as otherwise, as I didn't label it. Sorry about that


My System SpecsSystem Spec
.
29 Jun 2013   #42
cottonball

Windows 7 Home Premium
 
 

PCuser809,

Edit: Please go back to Post #32, and look at the bottom half where Tom982 posted instructions for you.

Since you can go to Safe Mode, restart and try going to Safe Mode with Networking and try downloading from there. Try changing the extension to the SFCFix.exe to .scr, .com, .bat, or .cmd, if you need to, and then follow on with the rest.

Post back on how it goes.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Before plunging into a Repair install of Windows, let's see if we can get the SFCFix.zip provided by Tom982 to work in another way.

SFCFix.zip was uploaded here:
https://dl.dropboxusercontent.com/u/...809/SFCFix.zip

Please download the .zip file and save to your Desktop. Use Safe Mode with Networking if needed.
Create a folder by right-clicking on the Desktop, and selecting: New > Folder
Name the folder: SFCFix
Now, right-click on the downloaded .zip file, and select: Extract all...
Extract the downloaded file to the SFCFix folder on the Desktop.

Open the SFCFix folder on the Desktop, select the SFCFix text document, right-click it and select: Delete
We cannot use the text document because it needs the SFCFix.exe file to work, and you cannot run the .exe file.
The only content of the SFCFix folder is now: autochk.exe

Next, move the SFCFix folder to C:\, so now its path is C:\SFCFix\autochk.exe

Go to Start > All Programs > Accessories > Command Prompt
Right-click the Command Prompt and select: Run as Administrator

At the Command Prompt, copy/paste (with the mouse) the following text inside the code box, and then press: Enter
Code:
takeown /f C:\windows\system32\autochk.exe
Once again at the Command Prompt, copy/paste (with the mouse) the following text inside the code box, and then press: Enter
Code:
icacls C:\windows\system32\autochk.exe /grant administrators:F
Again at the Command Prompt, copy/paste (with the mouse) the following text inside the code box, and then press: Enter
Code:
copy C:\SFCFix\autochk.exe C:\windows\system32\autochk.exe
This should replace the autochk.exe file in C:\windows\system32\ with a known good copy.

Back at the Command Prompt, type in the following, and press: Enter
Code:
startsfc
When done, a file named sfcdetails.txt appears once again.
Please save the file to the Desktop as sfcdetails3.txt, and attach it to your reply.


By any chance, do you have the Windows 7 installation DVD?
My System SpecsSystem Spec
30 Jun 2013   #43
cottonball

Windows 7 Home Premium
 
 

As an alternative, and by-passing the SFC file replacement issue, we can come back to it later, and, for now, let's use HitmanPro.Kickstart to access your computer, scan it for malware, and remove any infection that may still be present and hindering our efforts.

Also, you may want to print these instructions, so they are available to follow.


Now, load a USB flash drive with HitmanPro.Kickstart as follows...
Note: the contents of the USB flash drive are erased during this process!


Use a clean (non-infected) computer, and download:
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight


Under Download (on the right) select the program applicable to the system: 64-bit

When HitmanPro opens, click the KickStart icon at the bottom of the screen.

>>Plug in the USB flash drive.

When the USB flash drive is detected, a selection screen is presented.
Select the USB flash drive from the choices, and press: Install Kickstart
A warning that all contents of the selected flash drive will erase is presented.
Press: Yes

As the HitmanPro.Kickstart files are loaded, a progress indicator is shown on the screen.
Once the process is completed a screen is presented with the contents of HitmanPro.Kickstart

Remove the USB flash drive from the clean computer and press: Close


Now, with the problemcomputer shut down, plug the USB flash drive into a USB port, and turn on the power.

When the computer starts, press the key that brings up the Boot Menu. (On some machines its F12, F10, or F2)

From there, select to boot from the USB drive. (It may say 'Removable Drive' in the options.)
Info: How to Remove Ransomware - Select Real Security


Once you select the USB flash drive to boot from, press: Enter


A KickStart prompt with USB boot options appears.
Select: 1 (Bypass the Master Boot Record (Default))

The system continues to boot from the hard drive and starts Windows.

If you get a message stating that Windows failed to start, etc., just select: Start Windows Normally

When Windows boots, you either get a logon screen, or the Desktop is started.
If you see a logon screen with your User name, logon with it.


In the next prompt that appears, to start the program without installing to the local hard disk, select the option to do a: One-time scan to check the computer.

To start scanning for malware press: Next


If malware is detected, the program shows what malware is present on the system using a red framed screen as shown below:


Select Next to quarantine the malware into a secure storage where it can no longer start.


At the next screen, activate the 30-day free license:

After successful activation (30 days), press: Next

A screen indicating that the malware was successfully disabled or removed is presented.
Press: Next

To obtain a report of the scan results, press: Save log
>>Save the Notepad log to the Desktop<<
It has a name such as: HitmanPro_xxxxxxxx_xxxx


Remove the USB drive, and press: Reboot
If no malware is found, press: Close

After HitmanPro.Kickstart is done, you should be back into normal Windows.

Please post the HitmanPro log in your reply. <<Important!



To remove any remnant malicious files...

Download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version that applies to your system: x64
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.

Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.


Thanks!
My System SpecsSystem Spec
.

04 Jul 2013   #44
PCuser809

Windows 7 Home Premium 64bit
 
 

Quote:
Since you can go to Safe Mode, restart and try going to Safe Mode with Networking and try downloading from there. Try changing the extension to the SFCFix.exe to .scr, .com, .bat, or .cmd, if you need to, and then follow on with the rest.

Post back on how it goes.
I tried with all the different extensions, and it still doesn't work. A Command Prompt window pops up blank, remains several seconds, and then disappears

Quote:
When done, a file named sfcdetails.txt appears once again.
Please save the file to the Desktop as sfcdetails3.txt, and attach it to your reply.
It all went well until this last step. Command Prompt says it can't find an internal or external file like that.

Quote:
By any chance, do you have the Windows 7 installation DVD?
No...Windows 7 came pre-installed in my PC.

Quote:
After HitmanPro.Kickstart is done, you should be back into normal Windows.

Please post the HitmanPro log in your reply. <<Important!
Ahhh....it went a little differently for me. It told me it had to restart to completely fix the viruses (it detected +600 threats), so I did. I didn't get the log, I'm sorry If it helps at all, I ran it again and it detected no viruses! And I can open programs again! So that's that issue solved ^^ Thank you!

Quote:
Please provide the RKreport.txt (Mode: Scan) in your reply.
Here:
RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Katheleen [Admin rights]
Mode : Remove -- Date : 07/04/2013 13:35:13
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 +++++
--- User ---
[MBR] c9080537c0bfd459d779a26834eb6cad
[BSP] e1ee19ab36242d613dab29c1e0a8c48c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 595993 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221003264 | Size: 14183 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 138d77ff717f47a90e30dcd3f9bcdbfa
[BSP] 444ed84f80f4ed260af0872f6286ac7b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 595993 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221003264 | Size: 14183 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] c54a8e6965c6e368351ea61ace2b5b5c
[BSP] e1ee19ab36242d613dab29c1e0a8c48c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo
+++++ PhysicalDrive1: WDC WD6400BPVT-60HXZT1 +++++
--- User ---
[MBR] 5737ffb1e23eb27842199219f8b3971d
[BSP] c3517f2556b8ade55200a6d38cae8e78 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7828 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_07042013_133513.txt >>
RKreport[0]_S_07042013_130007.txt
My System SpecsSystem Spec
04 Jul 2013   #45
cottonball

Windows 7 Home Premium
 
 

PCuser809,

Thanks for the feedback. Good news!!

Can you give us an update of any problems that remain?

Got to go outside and mow for a while, but will be back later...

Have a great 4th of July!!
My System SpecsSystem Spec
04 Jul 2013   #46
PCuser809

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by cottonball View Post
PCuser809,

Thanks for the feedback. Good news!!

Can you give us an update of any problems that remain?

Got to go outside and mow for a while, but will be back later...

Have a great 4th of July!!
No, THANK YOU!! Like, so much! I was almost ready to give up on this computer ;-;

Sure thing!

Happy 4th of July to you too!
My System SpecsSystem Spec
04 Jul 2013   #47
cottonball

Windows 7 Home Premium
 
 

PCuser809,

On sfc /scannow...

Do you wish to run the above to make sure there is no unresolved issue present with autochk.exe?

If so, to run the program again, open the Command Prompt, right-click and select: Run as Administrator

Type in the following:
Code:
startsfc
Press: Enter

When done, a file named sfcdetails.txt appears again.

Please save the file to the Desktop as sfcdetails3.txt and attach it to your reply.
My System SpecsSystem Spec
09 Jul 2013   #48
PCuser809

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by cottonball View Post
PCuser809,

When done, a file named sfcdetails.txt appears again.

Please save the file to the Desktop as sfcdetails3.txt and attach it to your reply.
Same thing happens as before. :/

Aaaaand, there's a little problem again. Today is about the second day I get to use that PC, and the programs wouldn't open...again. I ran Hitman Pro, and it solved the problem again, but I'm afraid that the fix is always temporary, and that the virus might get my personal info if I get too comfortable...What should I do?
My System SpecsSystem Spec
09 Jul 2013   #49
cottonball

Windows 7 Home Premium
 
 

PCuser809,

What comes to mind is a Restore Point re-infecting the computer.

Let's clear out Restore Points following these steps:

Click Start, right-click My Computer, and then click: Properties
Click: System Protection (on the left)

The System Properties screen opens showing the System Protection tab.
In the area labeled Protection Settings, for every drive that is labeled On, do the following:
-Select the drive by clicking on it
-Click Configure, for the System Protection for local disk... screen to show.
-Click Delete and then click continue in the box that appears.
-A message tells you all restore points where deleted.
Click Close.


Please run: aswMBR
http://public.avast.com/~gmerek/aswMBR.exe
Save it to the Desktop.

>>Make sure your AntiVirus is temporarily disabled!!<<

For information on how to disable protective programs, refer to this Info:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click aswMBR and select: Run as Administrator

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.

When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while it is in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.

Please post the aswMBR log in your reply.


Also, notice that another file is created on the Desktop.
It is named MBR.dat

Please submit MBR.dat for analysis to VirusTotal:
http://www.virustotal.com/
http://www.sevenforums.com/tutorials/277740-online-scanners-scan-suspicious-files-your-pc.html

If you get a message saying: 'File has already been analyzed', click: Reanalyze file

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.


Run HitmanPro.Kickstart once again.

This time, obtain a report of the scan results (if anything is found), by pressing: Save log
>>Save the Notepad log to the Desktop<<
It has a name such as: HitmanPro_xxxxxxxx_xxxx


Immediately after, go to Start, right-click My Computer, and then click: Properties
Click: System Protection (on the left)

The System Properties screen opens showing the System Protection tab.
In the area labeled Protection Settings, for every drive that is labelled On, do the following:
-Select the drive by clicking on it
-Click: Create
-Give a name to the Restore Point identifying it as clean.
Close the message that shows when the Restore Point is created.


Please provide the MRR.dat http:\\ address to the results page in your reply.
Also provide the results of HitmanPro.KickStart, if any threats were found.
My System SpecsSystem Spec
20 Jul 2013   #50
PCuser809

Windows 7 Home Premium 64bit
 
 

@cottonball

AH, I forgot to check back to see your reply! I just ended up having someone reinstall Windows for me, and my PC works good as new, finally! (and this time, it is permanent) I'm so sorry for wasting your time with this :/ but at the same time, thank you so much for trying to help out! Keep being awesome!
My System SpecsSystem Spec
Reply

 How do I get rid of weird virus? (Programs won't open in Windows 7)




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
windows 7 - programs not launching fully after launched, virus?
Hi all Recently got a fresh installation of windows and HD from HP after my HD went bad about 2 weeks ago. They replaced a few other things. PC was fine but over the last 2 days things have seemed to have gone downhill. I noticed that occasionally I would click on a program icon to launch, the...
System Security
Windows 7 - Programs Won't Open Sometimes almost sure it's not a virus
Hello! A couple months ago, this problem began, but it went away on it's own. Recently, this problem has arisen again with greater intensity. My programs won't open. Usually it takes a while for this happen. Some scenarios are listed below. 1. I will have Chrome open, AIM open, while playing...
General Discussion
No programs open, virus diagnosis help
I have a friend's laptop so please excuse me for not being 100% informed about it. He said a pop up opened while surfing and he clicked not knowing what it was. He is unsure what it said except that he thought it was a Windows fix box and it said something about an .exe file. There are no longer...
System Security
My Windows programs will not open images, I can open them with PSP
For a while my windows 7 64 bit would open my images in Documents. Now when I try they appear as a garbled strange format. If I go to PSP ProX2 they open fine. This is a problem for me since I often need to add images to document Newsletters I send out. :confused: Thanks, Char
Software
Virus? - unable to to do system restore or open many programs
hi, i think i have a virus on my computer, it happened a couple of days ago, i've messed around with it a little but with no joy, i had error msg's so tried to do a system restore but got this msg c:\windows\system32\rstrui.exe the extended tributes are inconsistent, i had errors with norton so...
System Security
Windows 7 built in anti-virus & spyware programs
Windows 7 built in anti-virus & spyware programs. Are they worth keeping? On my XP, Avira worked just fine, along with some spyware programs. Your thoughts.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App