Error: the application was unable to start correctly (0xc0000005).

[GregH]

Thanks Slartybart,

I also read when Google'ing rootkits that the preferred way out is a format and re-install. That helped push me to just bite the bullet and do that. I followed exactly the guide you posted above. To be sure, I even created partitions, formatted them, deleted them again a few times on that setup screen before proceeding to the next step with just a single partition. Not sure if that would make any difference but I did it anyway . The OS is on an SSD [128GB] and I also low level formatted the HDD in the machine, both before and after installing the OS again - that took a while.

Anyway, Have loaded up the OS, MB drivers and Graphics drivers again last night. PC has not been online yet so next is to let Windows update run and install the 100's of MB's of updates before I start loading his games back. Going to take it slowly.

Obviously I will install Bit Defender again (not that it helped much with this last problem but in fairness, the rootkit may have had the door opened to it by a naïve 7-year old) and I suppose installing Malwarebytes is also a good idea? Is there any other applications you would recommend installing to improve detection/prevention of infection in the first place? I know that more than one AV package on a system can cause trouble.

 

[andrew129260]

I know this is a very long wall of text, But following the below will greatly reduce your chances of becoming infected again.

I advise you to install and use the following Free security programs/solutions so you do not get infected again:

-Panda antivirus -You can only have 1 antivirus installed at a time, I recommend using this one and uninstalling what you are using now.

-Malwarebytes

-Superantispyware

-Unchecky

-Should I remove it

-Web of Trust

-Set up open dns

Run the first 3 listed and scan around once every 2 weeks. Make sure you update them before scanning. Unfortunately no program out there is a silver bullet-there is no one program to protect you entirely. So due to this, it is necessary to have a couple of products to help keep you safe on all fronts.

Panda Cloud Antivirus: Panda cloud AV is a great free program that uses the cloud (the internet) to scan your pc for threats. This antivirus works very well at detecting the newest threats, as well as some unknown ones that have not yet been discovered. For information on how to use it, the manual is located here.


Malwarebytes: This is a great program to use to scan your pc for malware that your antivirus might possibly miss or not look for. A guide on how to use it can be found here.

Superantispyware: This is a great second opinion scanner which will scan for spyware and other types of PUPS. (Potentially unwanted programs.)

Unchecky: is a program that aims to keep unwanted programs from entering your pc when installing a new program. Most programs give you the option of express install or custom install. When you do a regular install of most applications, they add toolbars and other unwanted items to your pc. If you choose the custom option however, you can avoid most of these unwanted programs by unchecking them and then clicking next. This program does this for you automatically. It removes the checkmarks so that when you click next and next your way through the install proccess, you do not get a bunch of junk on your system. Keep in mind though, this is how most people get unwanted spyware etc on there pc. When installing any new program, google it and see if it has good reviews. Then during the install don't just click next and rush through it. Take your time to read what is in front of you, and uncheck anything you do not want.

The best part about unchecky is it's a install and forget. It updates automatically. And works to prevent unnecessary programs from sneaking in during software installs.


Should I remove it: This is not a malware scanner. What it does is it looks at all of the installed programs on your PC and gives you a percentage % of how many people uninstall the software. If the percentage % is high, I would remove it as it is most likely not a good program. It also gives a ton of information about what the program does and how it behaves.

WOT: (web of trust) is a very helpful browser addon that works with all web browsers and helps you to avoid nasty sites that have been known to host malware and the like. It uses a rating system by users as well as there own internal site investigations to place websites into categories and mark whether or not they are safe. It is a good tool to help you avoid clicking on a bad link in the first place.

Open DNS: is a service that helps you block known malware sites before they even reach your PC entirely. It also can be configured to block adult sites, and filter out other web sites based on categories. All for free. Not only does it protect your computers, but other devices as well.

For more information, see here:

https://support.opendns.com/entries/26514730-Web-Content-Filtering-and-Security

If it looks to advanced for you, it actually isn't very hard to set up. See the very first link above (set up open dns) which will take you to the setup page. You do not need to create an account if you wish not to. There is a link in the bottom right hand corner to avoid making an account if you do not want it. They have directions on how to apply it to your computer, or your router so that every device on your network can be protected.


Making windows security better for you and anyone using your PC:


I also suggest using a standard user account in windows, and only using an admin account when you need to install software. If you have family members sharing your pc, create standard user accounts for them. See this link below on how to do so:

http://www.sevenforums.com/tutorials/181024-user-account-create.html

When using a standard account and you make a change or install a program that affects the whole system, UAC will prompt you to continue. Make sure the setting or program you are tying to install is listed, then click yes to continue. If you are just browsing the web and the prompt appears with a program you have not heard of, or do not know what it is, it is much safer to click no then yes. No will block the action, and if you were trying to do something, you can always start it again and choose yes.

UAC makes this easy, see here:

What is user account control (UAC)?

I also suggest choosing always notify for UAC:

What are User Account Control settings?

I also recommend that you use bleeping computers suggestions which can be found here:

How to keep your computer safe online

So how Did I get Infected?


Those are my recommendations to you, and I Highly suggest you follow them. Should you have any questions, post back.

Do not feel like you need to do everything above, if your computer knowledge is limited do what you are able and feel comfortable doing. If you read all the instructions though you should be able to do it yourself.

With the solution provided above, your risk of malware infection drops considerably.

 

[ICIT2LOL]

Yep Andrew I didn't see it and sorry if it has been mentioned I always use ADWCleaner from Bleepngcomputer in conjunction with the MAB and SAS.

http://www.bleepingcomputer.com/download/adwcleaner/

I then go onto using this
Emsisoft Free Emergency Kit: portable malware scanner | Free removal of Viruses,Bots, Spyware, Keyloggers and Trojans < using just the Emergancy and Command line scans
the this if it looks really stubborn to remove.
Download Kaspersky Rescue Disk 10

 

[Slartybart]

Thanks Slartybart,

I also read when Google'ing rootkits that the preferred way out is a format and re-install. That helped push me to just bite the bullet and do that. I followed exactly the guide you posted above. To be sure, I even created partitions, formatted them, deleted them again a few times on that setup screen before proceeding to the next step with just a single partition. Not sure if that would make any difference but I did it anyway . The OS is on an SSD [128GB] and I also low level formatted the HDD in the machine, both before and after installing the OS again - that took a while.

Anyway, Have loaded up the OS, MB drivers and Graphics drivers again last night. PC has not been online yet so next is to let Windows update run and install the 100's of MB's of updates before I start loading his games back. Going to take it slowly.

Obviously I will install Bit Defender again (not that it helped much with this last problem but in fairness, the rootkit may have had the door opened to it by a naïve 7-year old) and I suppose installing Malwarebytes is also a good idea? Is there any other applications you would recommend installing to improve detection/prevention of infection in the first place? I know that more than one AV package on a system can cause trouble.

I'm ot sure where you are on Windows Updates. Hopefully you used the SP1 media refresh ISO mentioned in the tutorials - that would save a lot of updates instead of building up from a base Windows 7 install.

If you installed the base Windows 7 and haven't been offered SP1 by Windows Updates yet, you can install SP1 as a off line install
Download Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932) from Official Microsoft Download Center

There's also a pseudo SP2 (but MS calls it a Hotfix rollup). This also saves a lot of time
See: http://www.sevenforums.com/news/282...-gem-windows-7-hotfix-rollup.html#post2322546
The two links under the link to Microsoft Update Catalog are direct downloads for the Hotfix rollup.
One is for a 32 bit machine (x86) and the other is for a 64 bit machine (x64).

You might be past both of those off line installs, but I thought I'd mention them to you just in case.

Good idea to take it slow - always my advice... step by step, build up the machine slowly. Once you have what you think is a good base (Windows is up to date, essential applications and the best / most used games are installed, then it's time to create a system image that you can use to recover your system quickly.

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

http://www.sevenforums.com/tutorials/675-system-image-recovery.html

Sounds as though you're a man with a plan and well on your way with the re-install.

No, I'm sorry, I don't have any sure fire ways to keep bad things off a machine. The best defense is the person using the machine, followed by up-to-date and running security software.

But yes, Malwarbytes is a good 2nd line of defense.
There are still lifetime licenses available - shop around

Here's the best price I found today:
http://store.downloadcrew.com/p29874-malwarebytes_anti-malware_pro
I don't know this store - so do your due diligence.

A search for Malwarebytes lifetime returned a bunch - the prices vary
https://www.google.com/search?q=mal...microsoft:en-US:IE-Address&ie=&oe=&gws_rd=ssl

Take some time and find the best deal from a reliable vendor.

Bill
.

 

[GregH]

Thanks all!

Must say, really fantastic support here - I do appreciate it. In total I have 3 PC's and a work laptop. Laptop runs ESET [work provided] and my 3 home PC's (mine and 2 sons) run the Bit Defender. Last night I installed Malwarebytes onto the other 2 PC's and Laptop and I was seriously relieved when they reported no infections. Was so nervous that this rootkit had jumped ship to my home desktop PC. I am going to keep Malwarebytes on and even going to pay for it (3 license) as I recon it has proved itself a worthwhile piece of software and does not cost an unreasonable amount.

I do read that Bit Defender and Malwarebytes might not like each other but I guess that is marketing as much as anything else. I would prefer to keep Bit Defender as it does get good reviews and after all, I have a paid license which still has around 10 months to go on 3 PC's. Personally I avoid dodgy sites but maybe on my son's PC's I will add some of those suggestions - thanks Andrew129260.

BUT, here is the strange thing - after installing Windows (DVD that includes SP1), MB drivers and graphic drivers, I installed Malwarebytes. The PC went online for the first time just to update Malwarebytes (no Windows updates yet) and guess what - it reported the Forged Sector thing again! So it survived a fresh Win install with me deleting partitions and all?

I removed this SSD and put another SSD that I had planned to use for backups and went thru the whole Windows install process again last night. Finally it scanned with a clean bill of health.

So one of two things I guess - either the rootkit survived a format/re-install of Windows or (maybe more likely), the second HDD drive in this PC was infected, even though I formatted it both before and after the new installation. Maybe it passed it back to the boot drive? With show hidden files enabled, it showed up as empty. Anyway, both the infected SSD and the HDD in that machine are now out and in 'quarantine'. I'm not prepared to plug either drive into any of my PC's as clearly this thing is still there?!

This weekend I will install all the games /apps and updates and get this PC back to normal..... or so I hope

 

[Slartybart]

That is very odd.

Let me make sure I understand this.

The 2nd SSD was used in the machine and Windows was installed on that drive.
Malwarebytes (Mbam) was installed and updated. A Mbam scan did not report any Forged Sectors.

This sounds as though the original SSD had some corruption - whether it was a rootkit or not is unclear.
You might want to post this information on the Malwarebytes forum. I saw some threads over there that reported Forged Sectors, but did not find any clear resolution - the threads I looked at just dead-ended.

It's possible that Malwarebytes incorrectly reported a bad sector as a Forged Sector. You said that there were a good number of these Forged Sectors reported (3-10) and corrected, then more would appear in a subsequent Malwarebytes scan.

The good folks over at Malwarebytes can answer that question better than I can.

If it turns out to be a flaky SSD, is it still under warranty?

Good work on the problem and thanks for posting the details.

Thanks,

Bill
.