Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Deletion Now Makes Internet Access Impossible

25 Dec 2013   #121
Florida Rene

Windows 7 64
 
 

Merry Christmas to all the terrific gurus at Seven Forums.

JACEE: Thanks for your continuing encouragement.

COTTONBALL: I appreciate your help. Infused with lots of coffee and leftover Christmas Eve Rum Cake for breakfast, I ran System Look this morning per your suggestion and I am attaching the report. I will get to your other suggestion after fetching more java. Again, many thanks!




Attached Files
File Type: txt SystemLook.txt (27.2 KB, 4 views)
My System SpecsSystem Spec
.
25 Dec 2013   #122
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Since ScorpionSaver uses a service to run, let's also get a list of started services using the Command Prompt...

Please do the following:
Go to Start > All Programs > Accessories > Command Prompt
At the Command Prompt, copy/paste the following text inside the code box, and press: Enter

Code:
net start
To copy the text contained/produced in the Command Prompt, click on the small command icon in the top left corner, and then choose:
Edit > Select All
Once again, Edit > Copy
Next, open Notepad, and paste the text to it.

Please post the text in your reply.

To close the Command Prompt, use the [X], or type in: exit Press: Enter
Gotcha!

It's attached.

Merry, Merry & Happy, Happy!


Attached Files
File Type: txt Net Start Report.txt (2.0 KB, 8 views)
My System SpecsSystem Spec
25 Dec 2013   #123
cottonball

Windows 7 Home Premium
 
 

Merry Christmas, Florida Rene!

Will get back with instructions later today...need some uninterrupted time.

Hope you have a USB pen/flash drive available, if not, an SD Card, since we are going to do some 'surgery' from outside of Windows.

Thanks for your patience.
My System SpecsSystem Spec
.

25 Dec 2013   #124
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Merry Christmas, Florida Rene!

Will get back with instructions later today...need some uninterrupted time.

Hope you have a USB pen/flash drive available, if not, an SD Card, since we are going to do some 'surgery' from outside of Windows.

Thanks for your patience.
No...Thanks are due TO YOU!

Yes, I have a flash drive Kingston with 14 GB available. FYI, I am talking to you via my backup machine Xena. It's my main computer, ZIVA, that had the infections. Via LAN, ZIVA can see partition e:\ on XENA (only e, but XENA can't see any on ZIVA because I'm not yet smart enough to figure out how to do it.

I appreciate all your help, but please take today to be with family and favored friends.
My System SpecsSystem Spec
25 Dec 2013   #125
cottonball

Windows 7 Home Premium
 
 

Florida Rene,

Please read the info that follows, so you can have an idea of what you need to do, in the sequence presented. You may also want to print these instructions so you do not have to go back and forth to access them. Do this when you have the time, as it may take a while, and needs done in one attempt.

So, here we go…

On a clean computer:

Please download the Farbar Recovery Scan Tool:
Download > Farbar Recovery Scan Tool Download
This time, save it to the USB flash drive.
Note: You need to select the version of FRST compatible with your system: 64-bit

Still on the clean computer, press the Windows key and the R key at the same time.
At the Run prompt, type in notepad, and press: Enter

Please copy/paste the contents of the code box below into Notepad and save it on the flash drive as: fixlist.txt

Code:
start
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
C:\Program Files\ScorpionSaver Services
c:\Program Files (x86)\ScorpionSaver
C:\MATS\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\FileBackup\c\Program Files (x86)\ScorpionSaver
end
Use the Safely Remove icon on the bottom right of the Taskbar to remove the USB flash drive. We will use the drive containing FRST and the fixlist.txt later.


On the problem computer:

Please remove the Farbar Recovery Scan Tool from the Desktop. By now it is probably outdated, and we do not need it.

Next, please copy the contents of the code box below to Notepad.
Name the file as: scorp.reg
Change the Save as Type to: All Files
Save on the


Code:
REGEDIT4 
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\WinSock2\Parameters\AppId_Catalog\049970F0]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\WinSock2\Parameters\AppId_Catalog\049970F0]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]
Keep the scorp.reg on the Desktop, and we will use it later.

Since we are editing the Registry, we need to back it up.

Please download the installer for Registry Backup:
Downlaod > Registry Backup Download
Save to the Desktop.

Right-click on tweaking.com_registry_backup_setup.exe and select: Run as Administrator
Follow the prompts for a default installation.

Make sure the following option is selected: Open "Tweaking.com - Registry Backup" When Install Completes

Click: Next > Finish

At the program console, click on: Backup Now
Once the process completes, a notice is displayed as follows:
Successfull / Registry Files Backed Up

Close: Tweaking.com - Registry Backup

If all goes well, there is a folder created at the root of the hard drive named C:\RegBackup
Make sure the folder is there before you proceed!!

Now, please use RKill to terminate any obnoxious processes (if still present): RKill Download
Save the downloaded file to the Desktop.

If RKill.exe does not run per instructions below, download and try to run RKill.com:
RKill Download

You only need to get one of the versions of RKill to run.

If your AntiVirus warns you about this tool, ignore the warning, or temporarily disable your AntiVirus.

Right-click on the downloaded RKill file and select: Run as Administrator
A black box briefly flashes and then disappears. This is normal and indicates the tool ran successfully.

After running the tool, do not reboot.
When the scan is done Notepad opens with the RKill report.

Please save the RKill report to post in your reply.

Do not reboot!!!!!!

Next, go to the Desktop, and double-click on the scorp.reg file,
Agree when it prompts you to merge the info into the Registry.

Now, plug in the USB flash drive. However, do not run any of its contents!

Restart the computer, but only as follows:

As the computer restarts, tap the F8 key until you get to the Advanced Boot Options menu
Use the arrow keys to select: Repair your computer

From there...

Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On System Recovery Options, you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt

Select: Command Prompt

At the Command Prompt window, type in notepad, and press: Enter
When Notepad opens, under the File menu select: Open
Select My Computer and find your flash drive letter, make note of it, and close Notepad.

At the Command Prompt window type x:\frst64 and press: Enter
Note: Replace letter x with the drive letter of your flash drive!!

FRST starts to run.
Accept the disclaimer.

At the program console, press the Fix button, only once, and wait.

When done, a report named fixlog.txt is created on the flash drive.

Click the Command Prompt window, type exit, and press: Enter

Back at System Recovery Options, press: Restart

Back in Windows, please open the flash drive, and provide the fixlog.txt in your reply. Also provide the RKill report, located on the Desktop.

Thanks!
My System SpecsSystem Spec
25 Dec 2013   #126
cottonball

Windows 7 Home Premium
 
 

Also, could you please open SuperAntiSpyware, go to its Control Panel, and look for its Scan Logs.

Please post the Scan Log for the run depicted on Post #110:
Virus Deletion Now Makes Internet Access Impossible

These ol' eyes are not what they use to be...or maybe it was the eggnog! The image was too difficult for me to read!!

Thanks!
My System SpecsSystem Spec
26 Dec 2013   #127
crankypenguin

Windows 7 Ultimate x64
 
 

Have you tried turning off your computer and your modem and router if you have one. Then turn them back in this order. 1. Modem, wait till all the lights are flashing correctly. 2. Router, same with the lights. 3. Computer.
My System SpecsSystem Spec
26 Dec 2013   #128
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Also, could you please open SuperAntiSpyware, go to its Control Panel, and look for its Scan Logs.

Please post the Scan Log for the run depicted on Post #110:
Virus Deletion Now Makes Internet Access Impossible

These ol' eyes are not what they use to be...or maybe it was the eggnog! The image was too difficult for me to read!!

Thanks!
COTTONBALL: Wow!...Thanks ever so much for all the time and professionalism you have devoted to helping me with this episode. Truly astonishing! I hope to carefully follow your directions today (in-between grandkids), one step at a time, slowly, because I am not nearly the expert that you obviously are.

In the meantime, I went to SuperAntiSpyware and that log no longer exists. I guess it writes new logs over the old ones. So, via SnagIt, I converted the jpg file to a pdf. It is attached. You may have to enlarge it to read it. Let me know if that doesn't work for you and I'll try something else.

CRANKYPENGUIN: Posts by Indiana, Kaktus, Jacee, Golden and others enabled me to successfully get the infected machine back online and that works just fine right now. It's the residue cleanup and assurance that replication is no longer likely that I'm currently concerned with...and to that end, I will focus today on Cottonball's step-by-step procedure.


Attached Files
File Type: pdf SuperAntiSpyware.pdf (859.9 KB, 4 views)
My System SpecsSystem Spec
26 Dec 2013   #129
Florida Rene

Windows 7 64
 
 

Cottonball...

I'm up to the ADVANCED BOOT OPTIONS on my problem machine. Everything has gone well, just as you outlined...and the RKill text file is attached.

But...I do NOT have "Repair Your Computer" as an option.

I see these options:
Safe
Safe with Networking
Safe with Command Prompt
Enable Boot Logging
Enable Low-Res Video
Last Known Good Configuration
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally
It's on the screen now and I have not made a selection. Which do I choose?


Attached Files
File Type: txt Rkill.txt (2.8 KB, 4 views)
My System SpecsSystem Spec
26 Dec 2013   #130
Florida Rene

Windows 7 64
 
 

Well, at long last, I figured it out...I think.

I opted for Safe with Command Prompt, and then continued. The fixlog report is attached.

I then rebooted "normally" and SuperAntiSpyware generated the pdf report that I've attached. Also, I updated MalwareBytes and now I'm running it in a full scan mode. I'll report what it unearths.


Attached Files
File Type: txt Fixlog.txt (908 Bytes, 4 views)
File Type: pdf SuperAntiSpyware 2013-12-26.pdf (34.9 KB, 4 views)
My System SpecsSystem Spec
Reply

 Virus Deletion Now Makes Internet Access Impossible




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
impossible installing internet explorer 10 and 11
I'm italian.Hi everyone. I'm problem whit installation of internet explorer 10 and 11. Error WINDOWS UPDATE 9C47 I have run sfc /scannow Here the folder CBS Wikisend: free file sharing service I Copied the content of the Packages folder to the folder ...
Windows Updates & Activation
I added a password, now it's impossible to access my PC
A few months ago, I bought a PC from a company that didn't need it. I know the company and nothing was dodgy or unusual. I changed the user account from the girl that used to use it to my name and didn't set a password. Yesterday I set up a password as I needed to connect to my PC via...
General Discussion
Windows 7 File Access Impossible without system crash!
I have an Acer laptop with only 1gb memory and I am a frequent downloader of large files, be it music, video or picture. I am conservative with my use of memory, and I still possess over half of it free. However, ever since I downloaded a collection of videos a month or so ago, each time I...
Performance & Maintenance
Virus prevents internet access, block antivirus.
Microsoft Security Essentials has been blocked by the virus inducing the firewall. Even if I type virus security into chrome the virus crashes the browser. It gives warnings about the danger hardware damage.
System Security
Internet Access = Can't browse / No Internet Access = Nice Browsing ??
When my computer says Internet Access, I am having trouble browsing. Most pages do not load. Right now, It says no internet access for over 15 minutes and I am able to brose so much better and still going on downloading around 400 kb/s. How can this be? Why would it be? (I am on a wired...
Network & Sharing
Can't Access file for deletion with Admin Privileges
Hello, I am currently running W7 Ultimate 64 Bit with Norton 2011 and Comodo 5.????. I noticed I didn't have a site advisor on FF. So I installed McAfee. It seems to react after a file is downloaded and everything even Windows Gadgets are unsafe and must be blocked. I downloaded Norton Safe Web...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App