Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Deletion Now Makes Internet Access Impossible

26 Dec 2013   #131
cottonball

Windows 7 Home Premium
 
 

Thanks for the info!

Does SAS have its Scan Logs in the Control Panel area?

If so, can you post its last report?

Or, run SAS again, and see if a Scan Log that can be copied/pasted is generated, so you can provide it in your reply.

Can't copy the individual items from the image, and do not want to make a mistake writing them out manually.

Also, running MBAM is a good idea. Will take a look at it when you post the report.

Thanks!


My System SpecsSystem Spec
.
26 Dec 2013   #132
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Thanks for the info!

Does SAS have its Scan Logs in the Control Panel area?

If so, can you post its last report?

Or, run SAS again, and see if a Scan Log that can be copied/pasted is generated, so you can provide it in your reply.

Can't copy the individual items from the image, and do not want to make a mistake writing them out manually.

Also, running MBAM is a good idea. Will take a look at it when you post the report.

Thanks!
Thank you. And again, thanks for sticking with me!

Rkill.txt is attached again.

After restart, Mbam reported no threats, but SAS said I still had 3 Scorpion and 3 Great Arcade hijackers. Thinking SAS may have retained its memory, I uninstalled it and then reinstalled it, then ran it again. This time, it listed 66 cookie threats, all of which I removed. Got a report and it should be attached.

Ran SAS again. This time it again produced the 3 Scorpion and 3 Great Arcade hijackers, but allowed me to uninstall Scorpion(s). I did. It wouldn't let me uninstall Arcade(s).

So I ran SAS once more. This time, uninstalling Arcade(s) worked!

Backed out of SAS. Restarted SAS. None of the Scorpions or Arcades show now. So I'm running a complete SAS scan now.

SAS scan logs do not show the pre-scan hijackers it finds. They show up before you hit "continue" but the only way I have to get them to you is via a screen print. How can I convert a JPG to text?

OOPS, forgot to mention that I used IE, FF, and Chrome to check for extensions. All 3 said I still have none (except Bing in IE). That was before SAS found the 66 Cookie threats.


Attached Files
File Type: txt Rkill.txt (2.8 KB, 3 views)
File Type: txt SUPERAntiSpyware Scan Log - 12-26-2013 - 15-13-18.txt (6.5 KB, 4 views)
My System SpecsSystem Spec
26 Dec 2013   #133
Florida Rene

Windows 7 64
 
 

Wondering if new Internet access produces new threats, I decided to try running SAS after accessing the Internet, going to a few major sites (Major League Baseball, National Football League, USA Today, CNN and MSNBC) then running SAS again.

Here what I found, after starting with a clean SAS report.

STEP ONE
Run Chrome alone...
SAS found 20 threats, see Chrome report attached.

STEP TWO
Remove threats obtained via Chrome.
Run Internet Explorer alone...
No threats found by SAS

STEP THREE
Run FireFox alone...
No threats found by SAS.

STEP FOUR
Uninstalled Chrome and removed Chrome history.
Restart. F8. Safe with Networking.
Will run complete scan with SAS, then with Mbam, then with AVG...and will report.

Meanwhile...Thank You all for your perseverance and most helpful instructions. I guess if you can help a geezer, you can help a lot of other more tech-savvy folks. I greatly appreciate all you've done. And, Cottonball & Jacee, you get Gold Stars!
My System SpecsSystem Spec
.

26 Dec 2013   #134
cottonball

Windows 7 Home Premium
 
 

If SAS (IMO, The Cookie Monster) let you remove the last few entries, there is no need for your posting its results, unless SS appears again.
Ugh! Stubborn piece of tripe!

Let this program take a shot at removing SS:
Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Right-click JRT.exe and select: Run as Administrator

The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.


In Post #90, LaybackBear proposed a very good step in this process >> running the ESET Online Scanner.

It has a very good detection rate, so please give it a whirl. Different scanners have varying definitions for what they look for, so throwing in a new perspective may help us.


To run the ESET Online Scanner...

Since it is implemented as an ActiveX control, it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, in IE, download > Free Virus Scan | Online Virus Scanner from ESET
On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed.
Again, click: Start

On the next prompt, Computer Scan Settings, check: Remove found threats

Next, click on: Advanced Settings
Make sure the following options are checked:
>Scan for potentially unwanted applications
>Scan for potentially unsafe applications
>Enable Anti-Stealth Technology

By Current Scan Targets, Operating memory, Local drives, press: Change
In Selection of scan targets, Local drives, select the drives in question.
Click: OK

Click: Start
Follow the prompts.

When the scan completes, if threats are found, in the Scan Results prompt, click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it: ESET Scan Results
Click on: Back
Click on: Finish, and close the program.

If anything is found, please provide the ESET Scan Results in your reply to determine what further action is necessary.

BTW, this scan may take a while, so get some more rum cake and some coffee! Just a suggestion, from geezer to geezer...
My System SpecsSystem Spec
27 Dec 2013   #135
Florida Rene

Windows 7 64
 
 

U R a STITCH! Alas, no more rum cake.

Thank you, Cottonball.

Late night summary: Ran SAS, Mbam, & AVG. All clear with all 3.

This a.m.: Ran JRT. Report is attached.

Haven't enough coffee in me yet to figure out how to do ESET and whether it's needed since all seems to be running okay today. Is it only for IE?


Attached Files
File Type: txt JRT.txt (1.3 KB, 2 views)
My System SpecsSystem Spec
27 Dec 2013   #136
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Florida Rene View Post
Cottonball...

I'm up to the ADVANCED BOOT OPTIONS on my problem machine. Everything has gone well, just as you outlined...and the RKill text file is attached.

But...I do NOT have "Repair Your Computer" as an option.

I see these options:
Safe
Safe with Networking
Safe with Command Prompt
Enable Boot Logging
Enable Low-Res Video
Last Known Good Configuration
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally
It's on the screen now and I have not made a selection. Which do I choose?
In Elevated Command Prompt :
Code:
reagentc/disable
reagentc/enable
reagentc/info
Post output. Is "repair your computer" in the list again?
My System SpecsSystem Spec
27 Dec 2013   #137
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by Kaktussoft View Post
Quote   Quote: Originally Posted by Florida Rene View Post
Cottonball...

I'm up to the ADVANCED BOOT OPTIONS on my problem machine. Everything has gone well, just as you outlined...and the RKill text file is attached.

But...I do NOT have "Repair Your Computer" as an option.

I see these options:
Safe
Safe with Networking
Safe with Command Prompt
Enable Boot Logging
Enable Low-Res Video
Last Known Good Configuration
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally
It's on the screen now and I have not made a selection. Which do I choose?
In Elevated Command Prompt :
Code:
reagentc/disable
reagentc/enable
reagentc/info
Post output. Is "repair your computer" in the list again?
Thank you. Output attached.

I tried and failed. Remember, Ich ist ein dumbkopf!

Und, man nicht sprecht Deutsch.


Attached Thumbnails
Virus Deletion Now Makes Internet Access Impossible-reagentc-12-27-2013-7-48-08-am.jpg  
My System SpecsSystem Spec
27 Dec 2013   #138
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

reagentc/enable
reagentc/info

post output
My System SpecsSystem Spec
27 Dec 2013   #139
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

From elevated command prompt:
Code:
attrib /s  c:\win*.wim
attrib /s  c:\*.sdi
If you also have a D drive
Code:
attrib /s  d:\win*.wim
attrib /s  d:\*.sdi
Post output.
My System SpecsSystem Spec
27 Dec 2013   #140
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by Kaktussoft View Post
From elevated command prompt:
Code:
attrib /s  c:\win*.wim
attrib /s  c:\win*.sdi
If you also have a D drive
Code:
attrib /s  d:\win*.wim
attrib /s  d:\win*.sdi
Post output.
On the main computer (not this backup machine), Drive A is the cd/dvd drive and the others are itemized below. Do I use the code lines you typed similarly for all partitions in a txt file and then run it with Elevated Command Prompt?


Attached Thumbnails
Virus Deletion Now Makes Internet Access Impossible-disk-config.jpg  
My System SpecsSystem Spec
Reply

 Virus Deletion Now Makes Internet Access Impossible




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
impossible installing internet explorer 10 and 11
I'm italian.Hi everyone. I'm problem whit installation of internet explorer 10 and 11. Error WINDOWS UPDATE 9C47 I have run sfc /scannow Here the folder CBS Wikisend: free file sharing service I Copied the content of the Packages folder to the folder ...
Windows Updates & Activation
I added a password, now it's impossible to access my PC
A few months ago, I bought a PC from a company that didn't need it. I know the company and nothing was dodgy or unusual. I changed the user account from the girl that used to use it to my name and didn't set a password. Yesterday I set up a password as I needed to connect to my PC via...
General Discussion
Windows 7 File Access Impossible without system crash!
I have an Acer laptop with only 1gb memory and I am a frequent downloader of large files, be it music, video or picture. I am conservative with my use of memory, and I still possess over half of it free. However, ever since I downloaded a collection of videos a month or so ago, each time I...
Performance & Maintenance
Virus prevents internet access, block antivirus.
Microsoft Security Essentials has been blocked by the virus inducing the firewall. Even if I type virus security into chrome the virus crashes the browser. It gives warnings about the danger hardware damage.
System Security
Internet Access = Can't browse / No Internet Access = Nice Browsing ??
When my computer says Internet Access, I am having trouble browsing. Most pages do not load. Right now, It says no internet access for over 15 minutes and I am able to brose so much better and still going on downloading around 400 kb/s. How can this be? Why would it be? (I am on a wired...
Network & Sharing
Can't Access file for deletion with Admin Privileges
Hello, I am currently running W7 Ultimate 64 Bit with Norton 2011 and Comodo 5.????. I noticed I didn't have a site advisor on FF. So I installed McAfee. It seems to react after a file is downloaded and everything even Windows Gadgets are unsafe and must be blocked. I downloaded Norton Safe Web...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:58.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App