Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How safe is running Zoek 5.0.0.0

21 Mar 2015   #1
marysilver

Windows 7 Ultimate x64
 
 
How safe is running Zoek 5.0.0.0

A few months ago I used Zoek 5.0.0.0 to get rid of a virus taking over the computer. It worked but ever since the computer hasn't been the same. Here is a list of problems

1) I primarily use firefox. Internet Explorer opened by itself which was only visible in the Windows task manager. I could view the websites that it was going to on it's own...they were mostly stores like walmart.com. So I blocked Internet Explorer from going through my firewall. Ended that...

2) Right now the computer has problems with highlighting.... when left clicking on the mouse and scrolling over a paragraph. It is very difficult for it to stay highlighted so I can copy and paste.

3) Just scrolling with the mouse it will pause on me once in a while and I'm unable to move the cursor until I hear a sound from the computer that sound like "uhht ahh". Sometimes it will "uhht ahh" 5 times in a row with the computer frozen.

4) Trying to move folders from one part of the computer to another is very difficult now too. When trying to drag and drop into another folder, before I get to the location to drop the file, the file isn't dragging any longer and have to do it multiple times before it works.

5) The mouse is shaky and doesn't feel normal.

6) Quite often when restarting the computer says it "highly recommends" to do a scan to fix corrupted files etc.

7) Firefox memory seems very high even when I'm not active on it....like 500,000 to 1,400,000 k

8) One day I found out that all these programs I never heard of had permission to get through my firewall.

9) Under windows task manager there are a ton of services which I'm not sure what they do


So I'm wondering if I can run Zoek again without it deleting any files I don't want deleted. How safe is it to use Zoek as a spyware scan? I already have malwarebytes, superanti-spyware and Microsoft security essentials which I've run and no problems or viruses show up.

I ran Zoek a month ago but didn't know what I was doing and it was showed that it was deleting all these files so I unplugged the computer to stop it because I couldn't stop Zoek any other way. Now I'm afraid of using Zoek because I'm worried it might delete things that I want saved. But the computer problems have been getting worse every month for the past 5 months so that's why I'm here.

Thank you


My System SpecsSystem Spec
.
22 Mar 2015   #2
cottonball

Windows 7 Home Premium
 
 

marysilver,

Zoek.exe by Smeenk is a comprehensive command-line tool that executes instructions through various commands and scripts to scan, identify, and remove malware.

If Zoek is used without having knowledge of the purpose of its commands and scripts, the order in which to use them, etc., files may be deleted and unexpected results may occur. It is best to use Zoek under the guidance of a malware removal advisor familiar with the program.

Zoek is not an Antivirus program, like Microsoft Security Essentials, and it is not an Anti-Malware program such as Malwarebytes or SuperAntiSpyware.

If a virus was taking over the computer, it appears it is either still there, or, the virus may have caused some irreparable damage to the system. IMO, Zoek is not the tool of choice for these issues.
My System SpecsSystem Spec
22 Mar 2015   #3
marysilver

Windows 7 Ultimate x64
 
 

Thank you cottonball. That was very helpful!

Do you have any suggestions how to go about fixing the issues I listed?
My System SpecsSystem Spec
.

22 Mar 2015   #4
cottonball

Windows 7 Home Premium
 
 

To find out if the virus is still in your system, see if you can do the following...

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system: 64 bit

Save it to your Desktop.
Double-click the downloaded file to run it.
When the tool opens, click Yes to the disclaimer.
Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.


.
My System SpecsSystem Spec
23 Mar 2015   #5
cottonball

Windows 7 Home Premium
 
 

marysilver,

My apology for the delay. I'm only here evenings...

FRST is: Running from C:\Users\13\Downloads
Please hve the FRST program on the Desktop, as previous instructions!!

Next, please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad. (Do not copy the word Code:, at the top!)
Save it to the Desktop, and name it: fixlist.txt

Code:
start
CloseProcesses:
HKLM-x32\...\Run: [Salus] => C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [SSync] => C:\Users\13\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [Sixth] => C:\Users\13\AppData\Roaming\Sixth\Sixth.exe [74470 2014-11-24] ()
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [Seventh] => "C:\Users\13\AppData\Roaming\Seventh\Seventh.exe"
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [SCheck] => C:\Users\13\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [Snoozer] => C:\Users\13\AppData\Roaming\Snz\Snz.exe [1626622 2014-11-30] ()
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [Intermediate] => C:\Users\13\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [bfsvc.exe] => C:\Users\13\AppData\Roaming\13-PC\bfsvc.exe
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Run: [Windows] => "C:\ProgramData\Windows\ntibcpsaq.exe"
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
C:\Users\13\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
C:\Users\13\AppData\Roaming\Sixth\Sixth.exe [74470 2014-11-24] ()
C:\Users\13\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
C:\Users\13\AppData\Roaming\Snz\Snz.exe [1626622 2014-11-30] ()
C:\Users\13\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
C:\Users\13\AppData\Roaming\13-PC\bfsvc.exe
C:\ProgramData\Windows\ntibcpsaq.exe
HKU\S-1-5-21-343010218-970677843-29762225-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-343010218-970677843-29762225-1001 -> {D9526E5B-4BBD-4D39-8B6A-9F48266482FE} URL = 
Toolbar: HKU\S-1-5-21-343010218-970677843-29762225-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\13\AppData\Local\Temp\_is308B.exe
C:\Users\13\AppData\Local\Temp\_is3FD7.exe
C:\Users\13\AppData\Local\Temp\_is6080.exe
C:\Users\13\AppData\Local\Temp\_is62B2.exe
C:\Users\13\AppData\Local\Temp\_is7026.exe
C:\Users\13\AppData\Local\Temp\_is833A.exe
C:\Users\13\AppData\Local\Temp\_is9333.exe
C:\Users\13\AppData\Local\Temp\_isB03D.exe
C:\Users\13\AppData\Local\Temp\_isB6E6.exe
C:\Users\13\AppData\Local\Temp\_isB966.exe
C:\Users\13\AppData\Local\Temp\_isC881.exe
C:\Users\13\AppData\Local\Temp\_isCED.exe
C:\Users\13\AppData\Local\Temp\_isE447.exe
C:\Users\13\AppData\Local\Temp\_isEBC7.exe
C:\Users\13\AppData\Local\Temp\_isFE74.exe
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) 
DealBulldog Toolbar Toolbar (HKLM-x32\...\DealBulldog Toolbar Toolbar) (Version: - ) 
Salus (HKLM-x32\...\Salus) (Version: 1.0.14.28 - Salus) 
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) 
CustomCLSID: HKU\S-1-5-21-343010218-970677843-29762225-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\13\AppData\Roaming\itesing\procol.dll () 
Task: {5424C983-F629-417A-A73E-E1154B4849EB} - \Windows Update Check - 0x6C49084E No Task File
Task: {A3347A7D-829C-4A26-AE56-7AC2B2FEBEE6} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.11\OptProLauncher.exe 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:6387AA6C
AlternateDataStreams: C:\ProgramData\TEMP:85AA7074
Emptytemp:
CMD: ipconfig /flushdns
reboot:
end
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST or FRST64, and press the Fix button, just once, and wait.
If for some reason the tool needs a restart, please let the system restart normally. After that let the tool complete its run.
When done, the tool creates a report on the Desktop called: Fixlog.txt

Please post the Fixlog.txt in your reply.


.
My System SpecsSystem Spec
24 Mar 2015   #6
marysilver

Windows 7 Ultimate x64
 
 

Thank you cottonball.
My System SpecsSystem Spec
24 Mar 2015   #7
marysilver

Windows 7 Ultimate x64
 
 

The problem doesn't seem to have gone away. I just heard the sound and the mouse froze. It might actually be worse.

And I have another problem. On the bottom right of the computer is a flag and I clicked on it. It says:

1 important message

I click on it and it takes me to the system and security action center. There it says Network Access Protection is OFF.

And insert removable media (Important)

The "restore and recovery" seems to be not working either.

Looking around I found an archived message that says:
"Win32/Fareit was found on your computer" from December 2014
My System SpecsSystem Spec
24 Mar 2015   #8
cottonball

Windows 7 Home Premium
 
 

marysilver,

Can you look in the folder C:\FRST\LOGS\ and see if you can find the previous Fixlog.txt? The one on the Desktop was: Ran by 13 at 2015-03-24 02:59:47 Run:2

The folder C:\FRST\LOGS\ will have all the logs with dates like Fixlog_dd-mm-yyyy_hh-mm-ss.txt


Please download Malwarebytes Anti-Rootkit:
Download > Malwarebytes Anti-Rootkit Download
•Save to your Desktop.
•Double-click the icon to start the tool.
(Warning! Malwarebytes Anti-Rootkit needs to be run from an account with Administrator rights.)
•In the Introduction screen, click: Next
•On the Update Database screen, click Update to download the latest definitions, and then click: Next
•Once the update is complete select Next, and click: Scan
•When the scan is finished, if no malware is found select: Exit
•If malware is detected, check all items and click: Cleanup
•Reboot your computer.

Please open the MBAR folder and provide the content of the following reports in your reply:
mbar-log-{date} (xx-xx-xx).txt
system-log.txt


Also, do you recall what programs, in addition to Zoek.exe, you used to remove the virus taking over the computer a few months ago? If so, please list what the programs were.

Do you recall what program provided the archived message "Win32/Fareit was found on your computer"?


The sound you hear might be a sign of a hardware problem...
My System SpecsSystem Spec
25 Mar 2015   #9
marysilver

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
marysilver,

Can you look in the folder C:\FRST\LOGS\ and see if you can find the previous Fixlog.txt? The one on the Desktop was: Ran by 13 at 2015-03-24 02:59:47 Run:2

The folder C:\FRST\LOGS\ will have all the logs with dates like Fixlog_dd-mm-yyyy_hh-mm-ss.txt


Please download Malwarebytes Anti-Rootkit:
Download > Malwarebytes Anti-Rootkit Download
•Save to your Desktop.
•Double-click the icon to start the tool.
(Warning! Malwarebytes Anti-Rootkit needs to be run from an account with Administrator rights.)
•In the Introduction screen, click: Next
•On the Update Database screen, click Update to download the latest definitions, and then click: Next
•Once the update is complete select Next, and click: Scan
•When the scan is finished, if no malware is found select: Exit
•If malware is detected, check all items and click: Cleanup
•Reboot your computer.

Please open the MBAR folder and provide the content of the following reports in your reply:
mbar-log-{date} (xx-xx-xx).txt
system-log.txt


Also, do you recall what programs, in addition to Zoek.exe, you used to remove the virus taking over the computer a few months ago? If so, please list what the programs were.

Do you recall what program provided the archived message "Win32/Fareit was found on your computer"?


The sound you hear might be a sign of a hardware problem...
Thank you!

I'll do the Malwarebytes Anti-Rootkit scan tomorrow when I get a chance.


The 02:59:47 is a "ct" file that when opened just says "2"


Do you recall what program provided the archived message "Win32/Fareit was found on your computer"?

No


Also, do you recall what programs, in addition to Zoek.exe, you used to remove the virus taking over the computer a few months ago? If so, please list what the programs were.

I think I used Malewarebytes too.

One thing I remember is the restore points were deleted. On my old computer I never had a problem because when problems arose, I'd just go back to the previous restore points. This new computer doesn't save restore points when infected with a virus or a PUP for some reason. Even doing the Farbar Recovery Tool deleted the old restore points. If I could just get the restore points to always work no matter what, I wouldn't need help in the future. Just a side rant.

I've gone to websites and the Malewarebytes pops up multiple times afterward and says "thiswebsite.com malicious website has been blocked" Do you know where I can go on the computer to delete that problem website's virus if it ever happens again? I looked in the cookies, it wasn't even there.

Thank you for your time
My System SpecsSystem Spec
25 Mar 2015   #10
marysilver

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
marysilver,
Please download Malwarebytes Anti-Rootkit:
Download > Malwarebytes Anti-Rootkit Download
•Save to your Desktop.
•Double-click the icon to start the tool.
(Warning! Malwarebytes Anti-Rootkit needs to be run from an account with Administrator rights.)
•In the Introduction screen, click: Next
•On the Update Database screen, click Update to download the latest definitions, and then click: Next
•Once the update is complete select Next, and click: Scan
•When the scan is finished, if no malware is found select: Exit
•If malware is detected, check all items and click: Cleanup
•Reboot your computer.

Please open the MBAR folder and provide the content of the following reports in your reply:
mbar-log-{date} (xx-xx-xx).txt
system-log.txt

It may take awhile. I scanned with Malwarebytes Anti-Rootkit two times today. Both times the scanning froze after a couple hours. It usually takes more than 24 hours to scan my computer since it has so many files. Physical memory is eaten up quick on my computer, which doesn't help either.

I'm doing a scan now.

Is it safe showing the Farbar Recovery Scan Tool results on a public forum? Can hackers use that info to get into my computer? Should I go back and delete the old scan results?

Found this: ACA Utilities - All software for you in today's market.Scan and download now for free!!
Is it any good?
My System SpecsSystem Spec
Reply

 How safe is running Zoek 5.0.0.0




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Safe CPU Temperatures? running from 9C-24C is it too cold?
So I ended up buying a new processor, and they gave me a free motherboard with it, I got an AMD FX4100 3.6GHZ quad core processor, that can be Overclocked to 4.6GHZ very easily because it is already unlocked, seen some crappy reviews, but this thing is way faster than my phenom x4 at 2.6ghz...
Hardware & Devices
LadieLyrix Zoek Results
Here is the Zoek Results attachment for LadieLyrix laptop. She is running Windows 7.
System Security
Zoek scan results assistance
Zoek.exe v5.0.0.0 Updated 23-11-2014 Tool run by user01 on Sat 12/13/2014 at 9:41:16.94. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\user01\Downloads\zoek.exe ==== Older Logs ====================== ...
System Security
Found atieclxx.exe running is this safe?
I found the above process running. When I clicked on it for Properties or file location it would not respond. A search of the computer looking for the file did not find it. Is it necessary or safe. Listed as a possible virus online. Thanks in advance! Glenn
General Discussion
Is running a GTX760 4gbvideoram at 71C safe?
Hello Seven-forums, i am wondering if running a GTX760 at 71C for long periods of time is safe? I just want to make sure. I am mining something similar to bit coin if your wondering why.
Graphic Cards
IS it safe to keep a computer running for 16 hours?
i have a desktop and basically when i go to school i leave the computer on for 10 hours and 6 hours just to game. since i use it for a server for my music and i stream music from it to my phone. So will it somehow decrease the life of my pc if i do this? Or its okay? I assembled my PC around 5...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App