Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Computer locked up with a virus!!

07 Jun 2015   #1

Windows 7 Home Premium
Computer locked up with a virus!!

I think I have a big time virus. I'm on an hp laptop running Windows 7. Soon as I go online I get a pop up : "WARNING! Your computer may be highly infected! " it goes on to tell me to call a 1-800 number ruIght away. I know it's a scam. But I can't get rid of this thing! I tried running panda and malware. Deleted the explorer file in safe mode. It just recreated itself on start up. The file that is causing this mayhem is softput.xx/virus-alert. Anyone run into this? Any ideas how to neutralize it? Thanks

My System SpecsSystem Spec
07 Jun 2015   #2

Microsoft Community Contributor Award Recipient


Hello Going4joe and welcome to Seven Forums.

I'm not a security expert. Hopefully one of the Forum experts will join in with better information. In the meantime, see if you can run the free Malwarebytes Chameleon. It might be able to remove the softput files.
My System SpecsSystem Spec
07 Jun 2015   #3

Windows 7 Home Premium


Please use the tool: Zoek

First, temporarily disable your AV program.
Info on how to disable your security applications > How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Zoek Download >

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
ipconfig /flushdns;b
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

If the window that is labeled "Windows Firewall" asking to call a number to remove viruses from the computer, and, is causing this problem, does not allow you to install or run any malware seeking software, there are other diagnostic options that may prove helpful.

However, we will cross that bridge if we need to.

Attached Images
Computer locked up with a virus!!-capture.png 
My System SpecsSystem Spec

08 Jun 2015   #4

Windows 7 Home Premium

Thank you for your information. I ran Zoek. It spit out a lot of data at the end. I rebooted. Opened up Explorer.

Unfortunately the virus still lives....
My System SpecsSystem Spec
08 Jun 2015   #5

Windows 7 Home Premium

Need to see the data it 'spit out'!

Please provide the zoek-results.log in your reply.
My System SpecsSystem Spec
08 Jun 2015   #6

Windows 7 Home Premium

okay... here is the data:

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by wendy on Mon 06/08/2015 at 17:22:00.71.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wendy\Desktop\zoek\zoek.exe [Scan all users] [Script inserted] 
==== Older Logs ======================
C:\zoek-results2015-06-08-235944.log 8167 bytes
==== System Restore Info ======================
6/8/2015 5:24:59 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\Users\wendy\AppData\Roaming\hpqLog deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CAiNNK deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Primary Color deleted successfully
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\WebShield deleted
C:\Users\wendy\AppData\Roaming\inminet deleted
C:\windows\SysNative\Tasks\EbonmediaUpdater deleted
C:\windows\SysNative\Tasks\Irsleoblawoxi deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\Wajam deleted
C:\Users\wendy\AppData\Local\Weather_Protector_LLC deleted
C:\Users\wendy\AppData\Local\globalUpdate deleted
C:\Users\wendy\AppData\Local\StormWatch deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\StormWatch deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP deleted
C:\Users\wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-7.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10_user.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5.job deleted
C:\Windows\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5_user.job deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-7 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10_user deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5 deleted
C:\windows\SysNative\Tasks\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-5_user deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted
C:\END deleted
C:\Users\wendy\AppData\Roaming\Ebon\Ebon\Profiles\3m0l7wtp.default\jetpack deleted
C:\Users\wendy\AppData\Roaming\Ebon\Ebon\Profiles\3m0l7wtp.default\extensions\ deleted
"C:\PROGRA~3\xtdpJdV\CAiNNK.dat" not deleted
"C:\PROGRA~3\xtdpJdV\CAiNNK.exe" deleted
"C:\PROGRA~3\xtdpJdV\info.dat" not deleted
"C:\PROGRA~2\MediaPlayerVid2.4\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-1-6.exe" deleted
"C:\PROGRA~2\MediaPlayerVid2.4\d24eb2d0-1830-4d8f-b3af-3519a7f17e23-10.exe" deleted
"C:\PROGRA~2\gmsd_us_674\gmsd_us_674.exe" deleted
"C:\PROGRA~2\gmsd_us_674\gmsd_us_674.exe" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674\upgmsd_us_674.exe" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674\upgmsd_us_674.exe" deleted
"C:\PROGRA~2\Primary Color\updatePrimaryColor.exe" deleted
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe" not deleted
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe.config" not deleted
"C:\PROGRA~3\xtdpJdV\dat\rrMClzKFJPg.dll" not deleted
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe" not deleted
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe.config" not deleted
"C:\PROGRA~3\xtdpJdV\dat\yebWXcu.dll" not deleted
"C:\PROGRA~2\Primary Color\bin\7dfbf927c50d481c8328ce452cb772ad.dll" deleted
"C:\PROGRA~2\Primary Color\bin\7dfbf927c50d481c8328ce452cb772ad64.dll" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.BrowserAdapter.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.BrowserAdapter64.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.expext.exe" deleted
"C:\PROGRA~2\Primary Color\bin\PrimaryColor.expextdll.dll" deleted
"C:\PROGRA~2\Primary Color\bin\utilPrimaryColor.exe" deleted
"C:\PROGRA~3\xtdpJdV" not deleted
"C:\PROGRA~2\MediaPlayerVid2.4" not deleted
"C:\PROGRA~2\gmsd_us_674" deleted
"C:\PROGRA~2\gmsd_us_674" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674" deleted
"C:\Users\wendy\AppData\Local\gmsd_us_674" deleted
"C:\PROGRA~2\Primary Color" not deleted
"C:\PROGRA~3\xtdpJdV\dat" not deleted
"C:\PROGRA~2\Primary Color\bin" not deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
user_pref("browser.startup.homepage", "");
==== Firefox Proxy Settings ======================
ProfilePath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
user_pref("network.proxy.type", 5);
==== Firefox Extensions Registry ======================
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension" [06/08/2015 04:14 PM]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\wendy\AppData\Roaming\Mozilla\Firefox\Profiles\bnqt1k3b.default
31DA97B4682187C6639BBE2215814FDA - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=""
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms}"
{E2AF8FE5-DFB1-4E94-9B62-3B7A3BD32222} Wikipedia Url="{searchTerms}"
{F191E2D0-A733-49B2-BD90-11328D61EBD0} Bing Url="{searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4030634988-410349047-2056894908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0a28f54-b08f-4049-a9bf-8d33bd1e9222} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Reset IE Proxy ======================
Value(s) before fix:
Value(s) after fix:
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e20d6e44-c692-4329-d495-57e2996fc3ed} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajaInternetEnhancer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_674_is1 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\44e6d02e296c92344d59752e99f63cde deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N785XWKK will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=160 folders=48 45787621 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\wendy\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\wendy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~3\xtdpJdV\CAiNNK.dat" not found
"C:\PROGRA~3\xtdpJdV\info.dat" not found
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe" not found
"C:\PROGRA~3\xtdpJdV\dat\iyCCOHsvC.exe.config" not found
"C:\PROGRA~3\xtdpJdV\dat\rrMClzKFJPg.dll" not found
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe" not found
"C:\PROGRA~3\xtdpJdV\dat\SNFfiIpJWV.exe.config" not found
"C:\PROGRA~3\xtdpJdV\dat\yebWXcu.dll" not found
"C:\PROGRA~3\xtdpJdV" not found
"C:\PROGRA~2\MediaPlayerVid2.4" not found
"C:\PROGRA~2\Primary Color" not found
"C:\Users\wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N785XWKK" not found
==== EOF on Mon 06/08/2015 at 18:31:37.76 ======================
My System SpecsSystem Spec
08 Jun 2015   #7

Windows 7 Home Premium

Thanks for posting the report.

Would have thought that after running Zoek, and a reboot, the message from website would have been gone...

Let's give this a whirl to see if it finds the culprit:

Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens, click Yes to the disclaimer.

Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec

 Computer locked up with a virus!!

Thread Tools

Similar help and support threads
Thread Forum
locked out of my computer
I am locked out of my computer, and i don,t have the password reset disk or the original windows cd, i found out that i can reset it or bypass it by using Windows Passwor Key, but i need a full version, demo does not do anything, does anybody know where i can get it for free???? Please let me now....
General Discussion
locked out of my computer
ok so i put on a long password and i forget it and i didn't make a password reset disk and my account is the only one on the computer model fx6802-07c windows 7 os anyone know how i could reset the password only
General Discussion
FBI Locked computer scam virus
My daughter's hp dv5 laptop, running vista, has been infected by this ramsomware. I logged on in safe mode w/networking and dowloaded malwarebytes and it located 14 issues and upon restart the lockscreen was still there. I tried norton which was already on the computer and it found 9 minor issues...
System Security
Been locked out of computer can't log in
Typing this on phone sorry for being curt I set up a pw on my admin account yesterday and when I turned on my comp today it said invalid username or pw when it got to the welcome screen before I even entered anything in. It says "kiosk" not even the name of the account I want to log in to. My...
General Discussion
Locked out of computer
I was trying to allow other computers to interact on my small router network. As I walked through the steps, I was shown my password, which I wrote down. Now, when I try to reboot, I'm entirely locked out of my computer--the case sensitive password I so carefully wrote down doesn't work. As I say,...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:41.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App