Ran Windows Defender Offline, can't boot up computer. Help please!

cottonball · 23 Jan 2014

Thanks, Slartybart!

bsever,

Please run the ESET Online Scanner...

Since it is implemented as an ActiveX control, it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, in IE, download >ESET Free Online Scanner :: Complete Malware Detection :: ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed.
Again, click: Start

On the next prompt, Computer Scan Settings, do not check: Remove found threats

Next, click on: Advanced Settings
Make sure the following options are checked:
>Scan for potentially unwanted applications
>Scan for potentially unsafe applications
>Enable Anti-Stealth Technology

By Current Scan Targets, Operating memory, Local drives, press: Change
In Selection of scan targets, Local drives, select the drives in question.
Click: OK

Click: Start
Follow the prompts.

When the scan completes, if threats are found, in the Scan Results prompt, click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it: ESET Scan Results
Click on: Back
Click on: Finish, and close the program.

If anything is found, please provide the ESET Scan Results in your reply to determine what further action is necessary.

.

bsever · 24 Jan 2014

Thanks for the further direction, cottonball. I only just saw this post and have to run out, but I'll run the scan this weekend and provide the scan results. Thank you again.

bsever · 27 Jan 2014

Yikes! Six threats found. Persistent little so-and-so's.

I have attached the scan report as requested.

Slartybart · 27 Jan 2014

Ah, it's not that bad!
(1) in FRST quarantine - Ask toolbar
(2) in Dell Datasafe - both HiddenStart.A
(2) in TDSSKiller Quarantine - trojans
(1) in Downloads - another Ask toolbar

I don't know what Dell DataSafe is or hiddenStart.A is
The last one Ask toolbar get packaged with too many freeware apps.
~~>> if you run disk cleanup, it will be removed.~~
I'll wait for someone who knows about Dell DataSafe to add something.

I'd say your system looks fairly clean, but Cottonball has the final say.

That didn't hurt much, did it.

Slartybart · 27 Jan 2014

There some arguement on whether HiddenStart.A is part of Dell backup or not.
What's the use of HStart in Dell computers? - Productivity Software Forum - Software & Operating Systems - Dell Community

ESET picks up a some things it thinks might be a problem, but turn out to be false positives.

Again, Cottonball has the lead on this, I'm just adding comment on what I see in the log or found researching an unknown.

Bill

bsever · 27 Jan 2014

Thanks for the breakdown, Slartybart. Nah, didn't hurt too much. I just couldn't believe it that on the fourth or fifth pass it came up with 6 threats, so it's good to have a little perspective about what ESET actually came up with.

Slartybart · 27 Jan 2014

Glad it didn't hurt

Actually, I should clarify false positives. While still a true statement, ESET did find real threats in other scanner quarantines. I guess that's fair, ESET can't know if it's a real quantine of a nice place to hide. Knowing that you ran FRST and TDSSKiller makes it clear that the other scanners took care of the threats.

Bill

cottonball · 27 Jan 2014

1. C:\FRST\Quarantine\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask application
2. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
3. C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
4. C:\TDSSKiller_Quarantine\23.01.2014_10.51.18\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan
5. C:\TDSSKiller_Quarantine\23.01.2014_10.51.18\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NH trojan

6. C:\Users\POSTAL\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask application

Entries 1, 4, and 5 are already contained. If 4 and 5 were still around, we would have something to worry about.

Entries 2 and 3, as you guys have found out, are Dell's.

Entry #6, Bundled.Toolbar.Ask application, unless you specifically installed it, you can use ADWCleaner to clean it up:

AdwCleaner (by Xplode) Download > AdwCleaner Download
Save to the Desktop.

Before running the program, please read the AdwCleaner Usage Instructions.
It alerts users of Antivir Webguard to the consequences of using this program.
Also, be aware the program resets search settings to the default Microsoft search, if changed by adware.

To proceed, right-click on AdwCleaner.exe and select: Run as Administrator

At the main window, press the [Scan] button.
The Scan function does not delete anything. It just lists elements.

Once AdwCleaner completes its scan, it shows a list of elements.
You can uncheck any item(s) you do not want to remove.

Next, click the [Clean] button.

A small window appears to inform that all programs will close.

AdwCleaner proceeds to delete all checked elements.

If a reboot is needed, a small window appears notifying of such. Please click: OK

When the AdwCleaner logfile appears, please provide it in your reply.

(The logfile is also saved in C:\AdwCleaner\AdwCleaner[R0].txt)

.

ICIT2LOL · 27 Jan 2014

Now my 2 cents worth again I am wondering would a run with a bootable rescue disk be worth a try??

These are some and usually the Kaspersky is best IMHO.

5 Bootable AntiVirus Rescue CD for Windows: Free Download

cottonball · 28 Jan 2014

ICit2lol,

Thanks for the suggestion.

Quoting Kaspersky:

A Rescue Disk should be used in case of an infection that cannot be cured by means of antivirus software or disinfection utilities...running under operating system control.

bsever regained Operating System control, and there are several utilities that can get rid of the Bundled.Toolbar.Ask application...

...Not to worry. :)

.