Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus Deletion Now Makes Internet Access Impossible

27 Dec 2013   #171
matts6887

Windows 7 ultimate 64-bit
 
 

i would try and help some more but it looks as if you got this problem licked thanks to the other experts(yes even more than i am probably and I am a computer geek I can safely say that for sure). But if you encounter any other issues just post back. We are here and ready to help.


My System SpecsSystem Spec
.
27 Dec 2013   #172
Florida Rene

Windows 7 64
 
 

Thank you, Matt. I've found a lot of helpful, sharing folks here. Neat place. Great people.

As you've noted, we're close to resolving the idiocy. It's clean up and testing time tonight and tomorrow, and then perhaps I'll be able to "Mark as Solved".

But not until Cottonball is satisfied with the current hunts for lurking mischief.
My System SpecsSystem Spec
28 Dec 2013   #173
cottonball

Windows 7 Home Premium
 
 

Was looking for an installer, such as:
C:\Windows\Installer\92968b.msi which belongs to Adpeak/ScorpionSaver

However what is shown is not it. Those fies are different, and go back to 2012.


Apparently, at some point you ran the Program Install and Uninstall Troubleshooting Tool
It stores information in the Registry about actions taken. This information can be found at the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\<ProductCode>\<DateTime>

At this location in the Registry is the return value received when MATS attempted to run msiexec /x to
uninstall the product:
Uninstaller: MsiExec.exe /X{9B65F9A3-9D24-452A-B6EF-1457D65E4259}

Since those entries are not needed any longer, please do the following...


Download OTM > http://oldtimer.geekstogo.com/OTM.exe
Save to the Desktop
Right-click on the file and select: Run As Administrator
(If your AntiVirus alerts about OTM, either accept for OTM to run, or temporarily disable your AV program.)

Be aware that all processes are stopped during OTM's run, and the Desktop also disappears. This is normal, and will come back to normal on completion.

Now, please copy all the text from the code box below (include the colon before :reg)

Code:
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
c:\Program Files (x86)\ScorpionSaver\"=-
:files
c:\Program Files (x86)\ScorpionSaver
C:\FRST\Quarantine\ScorpionSaver
:commands
[emptytemp]
[emptyflash]
Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and select: Paste

Click the red Moveit! button.

When the program presents its results, copy everything in the Results window (under the green bar) to the clipboard, by highlighting ALL the text, and selecting: copy

Next, please paste the OTM results in your reply.
Close: OTM

Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the moving process.
If you are asked to reboot the machine select: Yes

In this case, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present.
Please provide the contents of the OTM .log in your reply.


BTW, don't forget to post the ESET results!
My System SpecsSystem Spec
.

28 Dec 2013   #174
Florida Rene

Windows 7 64
 
 

Geezer Report...
Green Bean Espresso Coffee and Homemade Pumpkin & Dates Bread
with a smear of good ol' cream cheese!

Yum! Eat your heart out!

Thanks for everything, Cottonball.

ESET overnight scan: Drive C:\ and Partitions D, E, F, G all clear...no threats found.
MBAM report this morning: No threats found with Quick Scan of C:\
SAS report this morning: 1 cookie removed, see text file.

I believe you are right about deleting 2012 barf. Will get to it later today and report.

After it's done, I'll do some more Internet Access testing (going great so far since your helpfulness) and then run ESET again for all drives. Setting another Restore Point now.

Later...


Attached Files
File Type: txt SAS Report 2013-12-28.txt (699 Bytes, 4 views)
My System SpecsSystem Spec
28 Dec 2013   #175
cottonball

Windows 7 Home Premium
 
 

On these:

Quote:
Those fies are different, and go back to 2012.
^^^^^^Just let them be...



Quote:
Homemade Pumpkin & Dates Bread with a smear of good ol' cream cheese!
I'll check on the next flight from St. Louis to Florida!!!
My System SpecsSystem Spec
28 Dec 2013   #176
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
On these:

Quote:
Those fies are different, and go back to 2012.
^^^^^^Just let them be...



Quote:
Homemade Pumpkin & Dates Bread with a smear of good ol' cream cheese!
I'll check on the next flight from St. Louis to Florida!!!
Let me know arrival time so I can meet you at the gate! Tampa International Airport.

Okay, I'll forget the 2012 files.

Running an ESET scan now on all drives to make sure stuff I saved from one drive to another doesn't contain a remnant that might cause distress. I shall report back many hours from now.

Many, many thanks for all your help. Internet access has worked just fine since these virus scrubbers and the removal of infected Chrome. I'll reinstall it cleanly someday. For now, just FF and IE.
My System SpecsSystem Spec
28 Dec 2013   #177
cottonball

Windows 7 Home Premium
 
 

Before we wrap up, would like for you to use the following...

Please download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.
(Please do not take any corrective actions!)


Also, did you run OTM and get its results?
Virus Deletion Now Makes Internet Access Impossible
My System SpecsSystem Spec
31 Dec 2013   #178
Florida Rene

Windows 7 64
 
 

I'm back!

Hello again, Cottonball. Sorry for the hiatus. Holidays are for the grandkids! Thank you for your patience.

ESET: No threats. All appears clean.

SECURITY CHECK: Attached as txt file.

AVG: No threats.

MBAM: No threats.

OTM: No, I didn't run it yet. Too much holiday confusion led me to confuse OTM with this message:

Quote:
On these:

Quote:
Those fies are different, and go back to 2012.


^^^^^^Just let them be...
Do you advise that I run OTM now?

Again, sorry for the delay in responding. I really DO appreciate all your help. BTW, I am now reporting back to you using the previously-infected machine. Progress!

HAPPY NEW YEAR!


Attached Files
File Type: txt checkup.txt (888 Bytes, 5 views)
My System SpecsSystem Spec
31 Dec 2013   #179
cottonball

Windows 7 Home Premium
 
 



Yeo, run OTM, let's get it out of the way, and then we will wrap up.
My System SpecsSystem Spec
01 Jan 2014   #180
Florida Rene

Windows 7 64
 
 

Quote   Quote: Originally Posted by cottonball View Post
Download OTM > http://oldtimer.geekstogo.com/OTM.exe
Save to the Desktop
Right-click on the file and select: Run As Administrator
(If your AntiVirus alerts about OTM, either accept for OTM to run, or temporarily disable your AV program.)

Be aware that all processes are stopped during OTM's run, and the Desktop also disappears. This is normal, and will come back to normal on completion.

Now, please copy all the text from the code box below (include the colon before :reg)

Code:
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
c:\Program Files (x86)\ScorpionSaver\"=-
:files
c:\Program Files (x86)\ScorpionSaver
C:\FRST\Quarantine\ScorpionSaver
:commands
[emptytemp]
[emptyflash]
Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and select: Paste

Click the red Moveit! button.

When the program presents its results, copy everything in the Results window (under the green bar) to the clipboard, by highlighting ALL the text, and selecting: copy

Next, please paste the OTM results in your reply.
Close: OTM

Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the moving process.
If you are asked to reboot the machine select: Yes

In this case, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present.
Please provide the contents of the OTM .log in your reply.


BTW, don't forget to post the ESET results!
Good Morning...and...HAPPY NEW YEAR Cottonball.

I ran OTM this morning and got all the way to MOVEIT. Program took a while, but came up with a listing in the right column. When it stopped the listing work, the REBOOT instructions came up. I could not copy the listing as it didn't permit a cursor in the right column.

Tried to reboot as it directed. Didn't work. Tried a few times, but it appeared that OTM was frozen. Waited 20 mins. No luck with OTM reboot. Couldn't restart or shut down normally. Had to do a reset.

Via F8 Normally, got back into operation. Nothing on the screen from OTM. No _OTMoveit folder in C:\ dir. Ran Ransack looking for all log files generated today. JPG attached shows them. I can't see anything looking like an OTM generation.

Puzzled!


Attached Thumbnails
Virus Deletion Now Makes Internet Access Impossible-1-1-2014-log-files.jpg  
My System SpecsSystem Spec
Reply

 Virus Deletion Now Makes Internet Access Impossible




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
impossible installing internet explorer 10 and 11
I'm italian.Hi everyone. I'm problem whit installation of internet explorer 10 and 11. Error WINDOWS UPDATE 9C47 I have run sfc /scannow Here the folder CBS Wikisend: free file sharing service I Copied the content of the Packages folder to the folder ...
Windows Updates & Activation
I added a password, now it's impossible to access my PC
A few months ago, I bought a PC from a company that didn't need it. I know the company and nothing was dodgy or unusual. I changed the user account from the girl that used to use it to my name and didn't set a password. Yesterday I set up a password as I needed to connect to my PC via...
General Discussion
Windows 7 File Access Impossible without system crash!
I have an Acer laptop with only 1gb memory and I am a frequent downloader of large files, be it music, video or picture. I am conservative with my use of memory, and I still possess over half of it free. However, ever since I downloaded a collection of videos a month or so ago, each time I...
Performance & Maintenance
Virus prevents internet access, block antivirus.
Microsoft Security Essentials has been blocked by the virus inducing the firewall. Even if I type virus security into chrome the virus crashes the browser. It gives warnings about the danger hardware damage.
System Security
Internet Access = Can't browse / No Internet Access = Nice Browsing ??
When my computer says Internet Access, I am having trouble browsing. Most pages do not load. Right now, It says no internet access for over 15 minutes and I am able to brose so much better and still going on downloading around 400 kb/s. How can this be? Why would it be? (I am on a wired...
Network & Sharing
Can't Access file for deletion with Admin Privileges
Hello, I am currently running W7 Ultimate 64 Bit with Norton 2011 and Comodo 5.????. I noticed I didn't have a site advisor on FF. So I installed McAfee. It seems to react after a file is downloaded and everything even Windows Gadgets are unsafe and must be blocked. I downloaded Norton Safe Web...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App