Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Computer locked up with a virus!!

07 Jun 2015   #1
Going4joe

Windows 7 Home Premium
 
 
Computer locked up with a virus!!

I think I have a big time virus. I'm on an hp laptop running Windows 7. Soon as I go online I get a pop up : "WARNING! Your computer may be highly infected! " it goes on to tell me to call a 1-800 number ruIght away. I know it's a scam. But I can't get rid of this thing! I tried running panda and malware. Deleted the explorer file in safe mode. It just recreated itself on start up. The file that is causing this mayhem is softput.xx/virus-alert. Anyone run into this? Any ideas how to neutralize it? Thanks


My System SpecsSystem Spec
.
07 Jun 2015   #2
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Hello Going4joe and welcome to Seven Forums.

I'm not a security expert. Hopefully one of the Forum experts will join in with better information. In the meantime, see if you can run the free Malwarebytes Chameleon. It might be able to remove the softput files.

https://www.malwarebytes.org/chameleon/
My System SpecsSystem Spec
07 Jun 2015   #3
cottonball

Windows 7 Home Premium
 
 

Going4joe,

Please use the tool: Zoek

First, temporarily disable your AV program.
Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Zoek Download > http://download.bleepingcomputer.com/smeenk/zoek.exe

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
Code:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.


If the window that is labeled "Windows Firewall" asking to call a number to remove viruses from the computer, and, is causing this problem, does not allow you to install or run any malware seeking software, there are other diagnostic options that may prove helpful.

However, we will cross that bridge if we need to.


Attached Images
Computer locked up with a virus!!-capture.png 
My System SpecsSystem Spec
.

08 Jun 2015   #4
Going4joe

Windows 7 Home Premium
 
 

Thank you for your information. I ran Zoek. It spit out a lot of data at the end. I rebooted. Opened up Explorer.

Unfortunately the virus still lives....
My System SpecsSystem Spec
08 Jun 2015   #5
cottonball

Windows 7 Home Premium
 
 

Need to see the data it 'spit out'!

Please provide the zoek-results.log in your reply.
My System SpecsSystem Spec
08 Jun 2015   #6
Going4joe

Windows 7 Home Premium
 
 

okay... here is the data:


Code:
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by wendy on Mon 06/08/2015 at 17:22:00.71.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wendy\Desktop\zoek\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-06-08-235944.log 8167 bytes
 
==== System Restore Info ======================
 
6/8/2015 5:24:59 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\wendy\AppData\Roaming\hpqLog deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CAiNNK deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Primary Color deleted successfully
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\WebShield deleted
C:\Users\wendy\AppData\Roaming\inminet deleted
C:\windows\SysNative\Tasks\EbonmediaUpdater deleted
C:\windows\SysNative\Tasks\Irsleoblawoxi deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\Wajam deleted
C:\Users\wendy\AppData\Local\Weather_Protector_LLC deleted
C:\Users\wendy\AppData\Local\globalUpdate deleted
C:\Users\wendy\AppData\Local\StormWatch deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\StormWatch deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP deleted
C:\Users\wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-7.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10_user.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5_user.job deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-7 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10_user deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5_user deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted
C:\END deleted
C:\Users\wendy\AppData\Roaming\Ebon\Ebon\Profiles\3m0l7wtp.default\jetpack deleted
C:\Users\wendy\AppData\Roaming\Ebon\Ebon\Profiles\3m0l7wtp.default\extensions\toolbar@alexa.com deleted
"C:\PROGRA~3\xtdpJdV\CAiNNK.dat" not deleted
"C:\PROGRA~3\xtdpJdV\CAiNNK.exe" deleted
"C:\PROGRA~3\xtdpJdV\info.dat" not deleted
"C:\PROGRA~2\MediaPlayerVid2.4\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6.exe" deleted
"C:\PROGRA~2\MediaPlayerVid2.4\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10.exe" deleted
"C:\PROGRA~2\gmsd_us_674\gmsd_us_674.exe" deleted
"C:\PROGRA~2\gmsd_us_674\gmsd_us_674.exe" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674\upgmsd_us_674.exe" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674\upgmsd_us_674.exe" deleted
"C:\PROGRA~2\Primary Color\updatePrimaryColor.exe" deleted
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe" not deleted
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe.config" not deleted
"C:\PROGRA~3\xtdpJdV\dat\rrMClzKFJPg.dll" not deleted
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe" not deleted
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe.config" not deleted
"C:\PROGRA~3\xtdpJdV\dat\yebWXcu.dll" not deleted
"C:\PROGRA~2\Primary Color\bin\7dfbf927c50d481c8328ce452cb772ad.dll" deleted
"C:\PROGRA~2\Primary Color\bin\7dfbf927c50d481c8328ce452cb772ad64.dll" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.BrowserAdapter.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.BrowserAdapter64.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.expext.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.expextdll.dll" deleted
"C:\PROGRA~2\Primary Color\bin\utilPrimaryColor.exe" deleted
"C:\PROGRA~3\xtdpJdV" not deleted
"C:\PROGRA~2\MediaPlayerVid2.4" not deleted
"C:\PROGRA~2\gmsd_us_674" deleted
"C:\PROGRA~2\gmsd_us_674" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674" deleted
"C:\PROGRA~2\Primary Color" not deleted
"C:\PROGRA~3\xtdpJdV\dat" not deleted
"C:\PROGRA~2\Primary Color\bin" not deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
user_pref("browser.startup.homepage", "https://www.yahoo.com/");
 
==== Firefox Proxy Settings ======================
 
ProfilePath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
user_pref("network.proxy.type", 5);
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension" [06/08/2015 04:14 PM]
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
31DA97B4682187C6639BBE2215814FDA - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{F191E2D0-A733-49B2-BD90-11328D61EBD0}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{E2AF8FE5-DFB1-4E94-9B62-3B7A3BD32222} Wikipedia Url="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{F191E2D0-A733-49B2-BD90-11328D61EBD0} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-4030634988-410349047-2056894908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49418;https=127.0.0.1:49418"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e20d6e44-c692-4329-d495-57e2996fc3ed} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajaInternetEnhancer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_674_is1 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\44e6d02e296c92344d59752e99f63cde deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N785XWKK will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
No Chrome User Data found
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=160 folders=48 45787621 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\wendy\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\wendy\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~3\xtdpJdV\CAiNNK.dat" not found
"C:\PROGRA~3\xtdpJdV\info.dat" not found
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe" not found
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe.config" not found
"C:\PROGRA~3\xtdpJdV\dat\rrMClzKFJPg.dll" not found
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe" not found
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe.config" not found
"C:\PROGRA~3\xtdpJdV\dat\yebWXcu.dll" not found
"C:\PROGRA~3\xtdpJdV" not found
"C:\PROGRA~2\MediaPlayerVid2.4" not found
"C:\PROGRA~2\Primary Color" not found
"C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N785XWKK" not found
 
==== EOF on Mon 06/08/2015 at 18:31:37.76 ======================
My System SpecsSystem Spec
08 Jun 2015   #7
cottonball

Windows 7 Home Premium
 
 

Thanks for posting the report.

Would have thought that after running Zoek, and a reboot, the message from website would have been gone...

Let's give this a whirl to see if it finds the culprit:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens, click Yes to the disclaimer.

Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
Reply

 Computer locked up with a virus!!




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
locked out of computer :(
hey guys im very new to windows , i have always had a mac. i just got windows 7 ultimate .. and locked myself out of my computer , i have tryed going on the command thinger , and in safe mode but the computer never lets me . i also have tryed programs that say they can unlock the computer but it...
General Discussion
FBI Locked computer scam virus
My daughter's hp dv5 laptop, running vista, has been infected by this ramsomware. I logged on in safe mode w/networking and dowloaded malwarebytes and it located 14 issues and upon restart the lockscreen was still there. I tried norton which was already on the computer and it found 9 minor issues...
System Security
computer locked up
my computer is completely locked up, every time i click on an icon or link or page it jumps to a completely different page or returns to the windows sign in page,th is there a way that i can format this disk? i am not able to add the computer information but it is an hp computer with 4 gigs...
General Discussion
Been locked out of computer can't log in
Typing this on phone sorry for being curt I set up a pw on my admin account yesterday and when I turned on my comp today it said invalid username or pw when it got to the welcome screen before I even entered anything in. It says "kiosk" not even the name of the account I want to log in to. My...
General Discussion
locked up computer
My computer is locking up whenever anyone tries to take any files out of my shared folder, it also does this on games whenever i try to get on LAN it just freezes and i have to kill it. i have tried switching my switch out for a router. it seemed to work but the same thing happend in like a day....
Network & Sharing
Locked out of computer
I was trying to allow other computers to interact on my small router network. As I walked through the steps, I was shown my password, which I wrote down. Now, when I try to reboot, I'm entirely locked out of my computer--the case sensitive password I so carefully wrote down doesn't work. As I say,...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App