Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Safe mode and Restore problems

01 Sep 2017   #11
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi PussEkat,

The remove OS tutorial is valid for W7,
Please follow it.

Once you have removed it, try ESET on-line scanner (dissable your current AV whilst running it)


Roy


My System SpecsSystem Spec
.
08 Sep 2017   #12
PussEKatt

Windows home premium 64 bit
 
 

Hi Roy,
Apolagies again, as my last post is at the bottom of the page I did not realise that you had answered until I noticed Page 2 ( I was only checking my post and looking for an answer under it and when there was none I quickly scrolled to the bottom of the page and logged out.Anyway,thank you for your answer and I tried that tutorial and it did get rid of the PGD entry on my startup screen.
Here is what has happened since I last wrote.
I tried Un-Hacker which got rid of a virus called "WTMHDINTUS" I then tried Viper Rescue,Windows repair all in 1 and finally I was able to run Malwarebytes.I had the option to use system restore again so I thought all was fixed.Using system restore I set my PC to the restore point I had set before trying that infected software and after about 10 minutes I got the message that sys restore could not reset my PC because my AV software was blocking it and I should turn my AV off and try again.Here is the Very interesting part.
I noticed that at the top of my restore point page a small option was set to turn off system restore and the restore point I had set before was missing.I was not in safe mode but my AV was already turned off and I had unplugged the ethernet cable from the back of my desktop PC.I find all this very suspicious and I beleive that I still have a virus but I believe it is lying dormant and needs me to connect to the internet before it can activate.If this is correct then I dont know what to do to find and remove this threat because AV software will not find it because it is not active yet.If I connect to the net then I think it will activatev itself and I will be back at square 1 again.As far as I can see the only option I have now is to scan/check the registry keys as I cant see where else it could be hiding,but hey, I am only using common sense and logic,you are the expert so what are your thoughts on this and what do you recomend I do ?

Colin from Perth West Australia
My System SpecsSystem Spec
08 Sep 2017   #13
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Colin,

Thats not a good sign.

Most security forums say once your infected the best and safest way to proceed is a clean install, especially when a Rootkit is involved

Do you want to take that route??

Roy
My System SpecsSystem Spec
.

08 Sep 2017   #14
PussEKatt

Windows home premium 64 bit
 
 

Hi Roy,
I dont mind doing a clean install if I have to because all my software is original and I have all the disks but I would prefer to use that as a last resort.Although I dont like getting a virus I am finding it very interesting and I am learning a lot as well.As I said before I dont mind altering registery keys and looking into hidden folders etc etc and this is giving me a good reason to do so.
An update on what has happened since my last reply.
I ran Un-Hack me again and it came up with 3 results.svchost,Auto services and wtmhdintus.dll
Hopefully all these apply to that wtmhdintus virus and I just might of got rid of it completely now.Not going to jump right in though, I will do a bit more checking and learning and watching for any more suspicious behaviour before connecting my desktop to the internet but I must admit I do think I have seen the last of that virus with a silly name.
I am unsure what a .dll does.Is it possable that the svchost and the wtmhdintus .dill could be the dormant virus ? I know that svchost can start other stuff but I am not sure axactly what sort of stuff it can start.Do you know?
What part of England are you from ?

Colin
My System SpecsSystem Spec
08 Sep 2017   #15
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Colin,

Up to you which way you want to go.

Couple questions
AV's DONT normally block restore points, in some cases they actually create them!
System restore GUI should look like this -- activated and space allocated see screenshot.
Did you ever run Eset-on-line??

As for the services found by Unhackme.
svchost - anything could be in there, good and bad
Auto services - not entirelly sure about Autoruns yes as it says run on start-up
wtmhdintus only found 1 malware reference to it some kind of browser hijacker from an unknown site.
Can you run this, Farbar (FRST) copy/paste BOTH logs
Farbar Recovery Scan Tool Download
(have a look at thier malware section)

I very rarely alter registry keys, 1 if memory serves.
I use Macrium and create system images, so if i hit a problem i reload a CLEAN image (5/10 min job)
Imaging with free Macrium - Windows 7 Help Forums

Im down in sunny Southampton.

Roy


Attached Images
Safe mode and Restore problems-sysres.png 
My System SpecsSystem Spec
09 Sep 2017   #16
PussEKatt

Windows home premium 64 bit
 
 

Hi Roy,
That Macriums program looks good,I will download it and use it in future.I dont play around in the registry but if something needs to be done there then I am up for it,the same goes for hidden files/folders.
I have attached the logs you asked for.I see that 4 up from the bottom of the Services printout there is an entry for the wtmhdintus virus,could you also check the Google Chrome updater entry for me please because the date on the 2 entries are after I got the virus.
Can you point me at a site that shows/explains how to read and understand these logs please as I find it very interesting
Havent been to Southampton,have been to London and a short stay in Birmingham to watch Aston Villa play at Villa park.
Look forward to hearing from you.

ColinAddition_09-09-2017 19.01.22.txt

FRST_09-09-2017 19.01.22.txt


My System SpecsSystem Spec
09 Sep 2017   #17
PussEKatt

Windows home premium 64 bit
 
 

Roy,
This web page explains the wtmhdintus virus.
(SOLVED!) How to Remove Removal Guide

Colin
My System SpecsSystem Spec
09 Sep 2017   #18
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Colin,

Pretty sure something is still lurking there

Im NOT a malware expert allthough i can spot certain things,
So time for you to call in the experts

Please go to BleepingComputers - am i infected
(where you downloaded Farbar from)
They will require the 2 logs.
XREF this post, information is the key.

Im not fobbing you off, just want you up and running with a clean system.


Roy
My System SpecsSystem Spec
10 Sep 2017   #19
PussEKatt

Windows home premium 64 bit
 
 

Hi Roy,
Thank you for all your help.I have registered at Bleeping Computer and started a thread as you advise.
Shall I mark this topic closed ?

Colin
My System SpecsSystem Spec
10 Sep 2017   #20
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
I've found the easiest way to get into safe mode for built in recovery options page with safe mode and with networking is to "if you can" boot into windows just unplug the power cord to kill the power feed.

Once you restart windows should auto send you to recovery screen
If it works I'd use safe mode with networking listing
Use malewarebytes free from within windows and also adwcleaner free
Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
Instant Savings App

Also use the Custom scan/ full scan option not the Threat scan,
http://www.malwarebytes.org/products/malwarebytes_free

AdwCleaner Download
My System SpecsSystem Spec
Reply

 Safe mode and Restore problems




Thread Tools




Similar help and support threads
Thread Forum
Restore in Safe Mode?
I was successfully able to create a restore point in Windows 7 Home Premium, however when I tried to restore to that point, I finally got the message that Windows could not restore because files were in use, or my antivirus was preventing that, and no files or settings were changed. I uninstalled...
Backup and Restore
Are there disadvantages to doing System Restore in safe mode?
I understand that doing it from safe mode is NOT reversible; however I have later restore points than the one I plan on trying so it seems that I would NOT be completely stuck with whatever happens from the restore, right?? Need for restore is: I had started thread on my situation and only rcvd...
Backup and Restore
Black screen at boot with safe mode, system restore, or repair mode
Hello all First time poster with problem after peforming sys restore on win7 pro 64bit. Was troubleshooting a problem w/taskbar not staying hidden, tried to restore back 24hrs to when a java update occured. Restore seemed to proceed normally, but upon restart, it boots normally to just before the...
Backup and Restore
System Restore / Safe Mode
Hello everyone, I had this issue with the Windows 7 RTM (the first time I noticed it) and I still have it after a clean install with an integrated Windows 7 SP 1 and I'm wondering if anyone else has it also, though I'm aware few use system restore, I just 'play' with it for fun myself. ...
Backup and Restore
System Restore In Safe Mode :S ?
I have had windows 7 for about 3 months. No problems thus far. Today was a different story. So today I was watching some inappropriate videos on the internet when someone walked in the door. I quickly tried to exit the internet browser firefox but it wasnt exiting for some weird reason. So I...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:12.
Twitter Facebook Google+