Help Urgently Needed

[TiberX]

I'm not really sure where to start ....

1) I am running Windows 7 Ultimate and am unable to access IE8. When I click on
the logo the blue circle spins for a few seconds and nothing more happens. I've
disabled and re-enabled IE8 in Windows Services but it makes no difference at all.

I can access Opera and Google Chrome OK.

2) No programs or processes are shown in MSCONFIG or in CCleaner's Start-Up section
- with the exception of SuperAntiSpyware, which is shown in both.

3) A few days ago I noticed that my laptop was runnning considerably slower than
normal. Start-up now takes absolutely ages and programs I select also take a long
time to appear. Sometimes - as in the case of IE8 - they never appear.

However, and this seems really weird to me but no doubt it will all make perfect sense to some of you, when I run SuperAntiSpyware - as I am at the moment - everything runs at, more or less, normal speed. I can open up Opera or Google and search as usual.

As soon as SuperAntiSpyware stops and I re-boot everything is back to being painfully slow and unresponseive.

4) I've been experiencing problems downloading programs. Specifically Malware Bytes'
anti malware program.

5) On my last re-boot a message came up telling me, "Windows Is Not Genuine. Your
computer might be running a counterfeit copy of Windows".

That's all absolute nonsense. My copy of Windows 7 is genuine and has been
installed and registered since 6 October 2009.

I haven't got a clue what's going on but clearly something is amiss.

A couple of Trojans were located and deleted earlier today but since then my scans have been coming up clean.

I would be extremely grateful for any help or advice, although preferably not of the, " buy a Mac" variety.

Thanks.

 

[zigzag3143]

I'm not really sure where to start ....

1) I am running Windows 7 Ultimate and am unable to access IE8. When I click on
the logo the blue circle spins for a few seconds and nothing more happens. I've
disabled and re-enabled IE8 in Windows Services but it makes no difference at all.

I can access Opera and Google Chrome OK.

2) No programs or processes are shown in MSCONFIG or in CCleaner's Start-Up section
- with the exception of SuperAntiSpyware, which is shown in both.

3) A few days ago I noticed that my laptop was runnning considerably slower than
normal. Start-up now takes absolutely ages and programs I select also take a long
time to appear. Sometimes - as in the case of IE8 - they never appear.

However, and this seems really weird to me but no doubt it will all make perfect sense to some of you, when I run SuperAntiSpyware - as I am at the moment - everything runs at, more or less, normal speed. I can open up Opera or Google and search as usual.

As soon as SuperAntiSpyware stops and I re-boot everything is back to being painfully slow and unresponseive.

4) I've been experiencing problems downloading programs. Specifically Malware Bytes'
anti malware program.

5) On my last re-boot a message came up telling me, "Windows Is Not Genuine. Your
computer might be running a counterfeit copy of Windows".

That's all absolute nonsense. My copy of Windows 7 is genuine and has been
installed and registered since 6 October 2009.

I haven't got a clue what's going on but clearly something is amiss.

A couple of Trojans were located and deleted earlier today but since then my scans have been coming up clean.

I would be extremely grateful for any help or advice, although preferably not of the, " buy a Mac" variety.

Thanks.

Do you have a back up from prior to when the problem started?

Do you have a win dvd to do a repair install?

You can run a system file check to repair system files
type cmd in search>right click and run as admin>sfc /scannow

Let us know the results

Ken

 

[pebbly]

Hi TiberX , follow zigzag3143's excellent advice ,but I would like to add one more piece of advice and that is get rid of the antivirus you are using now and go with MSE http://www.microsoft.com/security_essentials/ many users on here report great things about it

 

[gregrocker]

Suggest you uninstall all of your AV/Spyware solutions plus any programs you don't use using free Revo Uninstaller Advanced mode, then replace with free Microsoft Security Essentials.

Installs in a minute, update, do a full scan and then keep protection on at all times.

If one of the suggestions given here doesn't solve the problem, consider doing a clean reinstall of Win7 using a clean-copy installer for your version.

 

[Jacee]

You say a couple of Trojans were found ... do you remember what they were? It sounds to me like they're possibly still there, especially if you can't download Malwarebytes'.

Let's see if a DNS flush and a restore of the Hosts file works for the download of MBam.

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the .bat file and choose to run as Administrator.

Your computer will reboot itself.

 

[pebbly]

You say a couple of Trojans were found ... do you remember what they were? It sounds to me like they're possibly still there, especially if you can't download Malwarebytes'.

Let's see if a DNS flush and a restore of the Hosts file works for the download of MBam.

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the .bat file and choose to run as Administrator.

Your computer will reboot itself.

nice little batch file Jacee, thank you

 

[CarlTR6]

You say a couple of Trojans were found ... do you remember what they were? It sounds to me like they're possibly still there, especially if you can't download Malwarebytes'.

Let's see if a DNS flush and a restore of the Hosts file works for the download of MBam.

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the .bat file and choose to run as Administrator.

Your computer will reboot itself.

A very good batch file. Well done. I tried to rep you; but I can't.

 

[Jacee]

You're welcome pebbly and Carl!

 

[TiberX]

Thank you for your comments and advice.

I ran flush.bat and sfc/scannow, both of which seemed to improve matters considerably until I re-booted.

As with the running of SuperAntiSpyware - now uninstalled - once those particular processes were completed and I re-started my laptop it went back to it's sluggish mode.

The Trojans were listed as Trojan.Unclassified-Packed/Suspicious. There were sixteen of them and they were, supposedly, quarantined and deleted.

I am still unable to download MalwareBytes' program and IE8 remains elusive.

Microsoft Security Essentials has been up and running on my computer since Windows 7 was installed last October. Lot of bloody good it did! The other programs were only downloaded on Friday to see if they might improve matters.

At the moment, it seems that my computer is responding better than it has been but everything is still really slow and there are no entries at all in MSCONFIG > Start-Up.

Perhaps I will just re-install Windows 7.

 

[baarod]

You say a couple of Trojans were found ... do you remember what they were? It sounds to me like they're possibly still there, especially if you can't download Malwarebytes'.

Let's see if a DNS flush and a restore of the Hosts file works for the download of MBam.

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click on the .bat file and choose to run as Administrator.

Your computer will reboot itself.

A very good batch file. Well done. I tried to rep you; but I can't.

I know can someone find out why we cant rep now?

 

[baarod]

Thank you for your comments and advice.

I ran flush.bat and sfc/scannow, both of which seemed to improve matters considerably until I re-booted.

As with the running of SuperAntiSpyware - now uninstalled - once those particular processes were completed and I re-started my laptop it went back to it's sluggish mode.

The Trojans were listed as Trojan.Unclassified-Packed/Suspicious. There were sixteen of them and they were, supposedly, quarantined and deleted.

I am still unable to download MalwareBytes' program and IE8 remains elusive.

Microsoft Security Essentials has been up and running on my computer since Windows 7 was installed last October. Lot of bloody good it did! The other programs were only downloaded on Friday to see if they might improve matters.

At the moment, it seems that my computer is responding better than it has been but everything is still really slow and there are no entries at all in MSCONFIG > Start-Up.

Perhaps I will just re-install Windows 7.

It's the Alureon rootkit from the sounds of it. Repeat the step the other posters mentioned and then download malwarebytes from here: http://dl.dropbox.com/u/561353/mbam-setup-1.46.exe

You can't get malwarebytes from it's distribution location due to Alureon. This URL is not blocked. Run it and let it scan!

 

[CarlTR6]

I know can someone find out why we cant rep now?

If you have recently someone you have to rep 15 other people before you can rep that person again.

 

[TiberX]

Thanks baarod.

I downloaded via that URL but kept getting messages telling me errors had occured.

1) MBAM_ERROR_EXPANDING_VARIABLES(0,9)

2) same as 1

3) MBAM_ERROR_LOAD_DATABASE(3,0) The system cannot find the path specified

4) same as 1

5) MBAM_ERROR_MISSING_FILE (3,0 mbamswissarmy.sys) The system cannot find the path specified

I then ran the downloaded program but got message 1 again, followed by a repeat of message 5. The screen then went blank.

The program is listed in PROGRAM FILES.

 

[baarod]

Thanks baarod.

I downloaded via that URL but kept getting messages telling me errors had occured.

1) MBAM_ERROR_EXPANDING_VARIABLES(0,9)

2) same as 1

3) MBAM_ERROR_LOAD_DATABASE(3,0) The system cannot find the path specified

4) same as 1

5) MBAM_ERROR_MISSING_FILE (3,0 mbamswissarmy.sys) The system cannot find the path specified

I then ran the downloaded program but got message 1 again, followed by a repeat of message 5. The screen then went blank.

The program is listed in PROGRAM FILES.

This is an infected registry. Variable expansion is used for taking literals like %desktop% and expanding them to system paths. You definitely have a rootkit.

 

[TiberX]

After doing a full scan with Microsoft Security Essentials last night, which indicated my system was virus free, everything was running perfectly this morning.

(No IE8 access though. Nor are there any files showing in my Start-up).

However, 10 minutes ago I re-booted and my system reverted to it's really slow mode.

 

[Jacee]

What is the system file that was identified?

 

[baarod]

What is the system file that was identified?

mbamswissarmy.sys, part of malwarebytes

 

[MacGyvr]

Go to Bleeping Computer - Computer Help and Discussion, download and run ComboFix. If you can't download it, you will need to have your computer professionally cleaned or reinstall Windows.

Also, in defense of MSE, no antivirus will prevent all infections. I clean 5-6 computer per week, all with various antivirus software, all claiming to be running, all claiming the computers are clean. 98% safe is the best you can plan to be.

 

[CarlTR6]

Go to Bleeping Computer - Computer Help and Discussion, download and run ComboFix. If you can't download it, you will need to have your computer professionally cleaned or reinstall Windows.

Also, in defense of MSE, no antivirus will prevent all infections. I clean 5-6 computer per week, all with various antivirus software, all claiming to be running, all claiming the computers are clean. 98% safe is the best you can plan to be.

Spot on. Good post.

 

[TiberX]

A big "thank you" to everyone who helped me sort this out.

That flush.bat process is modern-day alchemy!

Laptop was back to normal last night but just to be on the safe side I reinstalled Windows 7 this afternoon and then downloaded AntiMalware Bytes. A full scan came up clean and I now have Avira monitoring things.

Thanks again.