Malware/Virus infection - Control Panel items missing, etc

[rcanino]

I just reinstalled Windows yesterday - I can't believe i got infected so quickly b/c I hardly used the computer. I foolishly waited to install Avast, which I'd been using for years w/out any problems. I thought, I expected Windows Defender and Firewall to keep me safe. Guess not.

I was able to use gpedit.msc to restore Task Manager but a bunch of stuff is missing from the Control Panel. I tried running Malwarebytes in Safe Mode but it just hangs at the rootkit scan. Also Avast won't load at all, keeps giving me a "Well this is embarrassing..." message.
Can anyone suggest a way back to normal w/out resinstalling Windows? If I have to I will but I think, I hope this is a fairly easy fix.
Any thoughts you care to share will be much appreciated - thanks!


ps - I was able to run a boot-time scan with Avast from the Cmd prompt, which is running now. I did one earlier this morning, right when I noticed the symptoms of infection - before Avast kept giving me the "Well this is embarrassing..." message, but it didn't find anything at that time. It did find 2 viruses during a regular scan which it moved to the Virus Chest.


Thanks for reading... I know you guys aren't devoted to malware per se but the old sites that used to analyze HijackThis logs seem to be gone...?

 

[Paul Black]

Hi rcanino,

I just reinstalled Windows yesterday - I can't believe i got infected so quickly b/c I hardly used the computer.

What did you use to re-install Win 7?

Was it an installation DVD/USB or an ISO that you downloaded and burnt to a DVD/USB. If it was, where did you get it from?

 

[rcanino]

Thanks for your reply Paul -



It's an OEM disc I bought years ago from newegg. I used it for the first time about a year ago (on the same computer) then, after my boot drive went belly-up last week I used it again yesterday.


btw I did let Windows Update install everything with the exception of the 2019 monthly roll-ups. That's how the system was running before so I figured I'd duplicate it. There's no "cracked" software or anything that's not legit on it; it's just the OS and a few apps I like to use.


edit: the boot-scan from Avast just finished and found nothing.
the good news is the system booted to Windows and all my control icons/items are back, and Avast seems to be behaving correctly.


In the Virus Chest I have 2 entries:


IDP.ALEXA.51 - the infected file is HjUyu.exe in AppData/Roaming


Win32:Malware-gen - the infected file is dslhost.ext in Program Files(x86)\DSL Host


I haven't plugged my internet connection back in yet...still worried this system is infected.


I ran AviraDNSRepair and it said my DNS had not been changed, for whatever that's worth.


Thanks Paul!

 

[Paul Black]

Hi rcanino,

It's an OEM disc I bought years ago from newegg. I used it for the first time about a year ago (on the same computer) then, after my boot drive went belly-up last week I used it again yesterday.

btw I did let Windows Update install everything with the exception of the 2019 monthly roll-ups. That's how the system was running before so I figured I'd duplicate it. There's no "cracked" software or anything that's not legit on it; it's just the OS and a few apps I like to use.

edit: the boot-scan from Avast just finished and found nothing.
the good news is the system booted to Windows and all my control icons/items are back, and Avast seems to be behaving correctly.

NOTE: The light blue text below are links to the relevant websites and programs, just click them!

SUGGESTION: Since you are happy with the way the OS is running at the moment, create a system image. This way, if things go wrong in the future, you will be able to restore your OS back to the exact same state that it is NOW in a very short time. There are two imaging programs which are very popular among members here, the first is AOMEI Backupper Standard [FREE], and the second is Macrium Reflect [FREE].

I hope this helps!

 

[rcanino]

Thanks Paul - I will probably use Macrium and clone my boot drive to a spare SSD I have.


One question- is there any way to determine for sure if the system is clean? I mean besides the obvious "just keep using it and watch for symptoms."


Do you have any favorite - hopefully free - A/V and Malware scanners? I don't mind spending the day running scans. Avast seems happy but I had nothing but trouble with MalwareBytes...Maybe I should download it and try it again.


Last question (i hope!) - is there any reason not to install all the Windows Updates? This is a Win7 Pro system and I do not want to deal with nag screens about updating to Win10. I think that's why I stopped running updates toward the end of last year but I don't remember for sure. Anyway when I stopped updating I had no problems...but my online behavior is very conservative these days. (that's why I'm so surprised I got whacked this morning - whatever it was)

 

[Paul Black]

Hi rcanino,

One question- is there any way to determine for sure if the system is clean? I mean besides the obvious "just keep using it and watch for symptoms."

Do you have any favorite - hopefully free - A/V and Malware scanners? I don't mind spending the day running scans. Avast seems happy but I had nothing but trouble with MalwareBytes...Maybe I should download it and try it again.

Many members here have their own particular favourites as they will probably post. I personally have always used AVG [FREE] and MalwareBytes [FREE] and I have never had any problems!

I hope this helps!

 

[rcanino]

Thanks Paul - for all your help...hopefully I'm good to go...sure wish I knew what the heck zapped me though...

 

[Paul Black]

Hi rcanino,

Thanks Paul - for all your help...hopefully I'm good to go...sure wish I knew what the heck zapped me though...

You're welcome!
I will try and have a look into the two in the virus chest later or tomorrow!

 

[rcanino]

i googled them and they both come up as possibly false positives. I guess I won't worry about them. Thanks again!


One nagging problem -Malwarebytes refuses to complete a scan - it hangs the whole computer. I checked "Rootkit Scan" in the Settings then clicked Threat Scan - it got to the Rootkit section and stalled. It strange b/c I've used the free version of MWB for years and never had an issue.

 

[Paul Black]

Hi rcanino,

One nagging problem - Malwarebytes refuses to complete a scan - it hangs the whole computer. I checked "Rootkit Scan" in the Settings then clicked Threat Scan - it got to the Rootkit section and stalled.

Very strange! Have you tried downloading Malwarebytes again or tried the scan after a reboot?

 

[rcanino]

Yes I did d/l it again, I rebooted, I tried running it in Safe Mode...every time it hangs the entire computer when it gets to the Rootkit Scan section.


Is that a clue there is indeed a rootkit on the system?

 

[Paul Black]

Hi rcanino,

Yes I did d/l it again, I rebooted, I tried running it in Safe Mode...

Does it run OK in Windows?

 

[rcanino]

No not at all - sorry, I should've specified the Safe Mode attempt was in addition to trying it in Windows. Same result every time - crashes the system and I'm forced to Reset.

I guess there's just something incompatible with Malwarebytes and my system (?).


re: rootkit invasion, I downloaded and ran TDSSKiller from Kaspersky and also Avast's ASWMBR. Avast found another Win32-MalwareX-gen, in the AppData/Local/Temp folder this time but the MBR was clean - TDSSKiller gave me a clean bill of health too.

 

[Paul Black]

Hi rcanino,

No not at all - sorry, I should've specified the Safe Mode attempt was in addition to trying it in Windows. Same result every time - crashes the system and I'm forced to Reset.

I guess there's just something incompatible with Malwarebytes and my system (?).

[1] What do you mean by I'm forced to Reset?
[2] Try this option to uninstall Malwarebytes . . .

Download and run Revo Uninstaller [FREE] from here => Revo Uninstaller. When you run scan for leftover items make sure that you use the Advanced Scan option, then tick everything and delete it.

Reboot and download Malwarebytes from here => Malwarebytes. Click the FREE DOWNLOAD at the top of the webpage.

I hope this helps!

 

[rcanino]

by "forced to Reset" I mean when the scan reaches the Rootkit section the computer freezes, the mouse/keyboard don't respond. The only option is to shutdown/restart - i.e. "Reset."


I can uninstall Malwarebytes easily enough using their Uninstall process. It's prob a good idea to use Revo as I'm sure there are registry entries leftover, prob other files and maybe an empty folder or 2.


Thanks for the link - I've downloaded it 3 times now from that same site. I guess I'm better off w/out it as I've tried running it 3 times with the same result: it just doesn't work.

 

[Paul Black]

Hi rcanino,

I can uninstall Malwarebytes easily enough using their Uninstall process. It's prob a good idea to use Revo as I'm sure there are registry entries leftover, prob other files and maybe an empty folder or 2.

Yes, Revo will pretty much uninstall everything that was installed initially. The built-in uninstall software [option] will only uninstall what they think are the important bits. Revo goes beyond that and deletes registry entries, empty folders etc. I have used it for years and I have never had a problem with it. I suggested it because it is probably the best way to get rid of everything ready for trying to clean install the software again. I would recommend a reboot after the uninstall process has completed though.

I hope this helps!

 

[rcanino]

Thanks Paul - I may give Malwarebytes one last try if I experience more odd behavior, and if I do I will certainly run Revo first. But for now I think I'll just leave well-enough alone.