Operating system problem

[Karnjanarat]

I have everything up on my desktop, but seemingly cannot open any programs that require to go online. When trying to open explorer, I get promted with
"Choose the program you want to use to open this file". "Do you want to run or save this file" then it asks Do you want to run this software. I select run, then it reverts back to "Choose the program you want to use to open this file"
also for example
If I open "Action Centre" and select "troubleshooting" I get
C:\windows\System32\rundll32.exe
Application not found
a lot of times I get
C:\windows\System32\msdt.exe
Application not found
This all started after I was advised my computer is infected with a virus.
I can't download any program that I want to use to fix the problem.
I am using my 2nd old slow laptop to access this forum.
Can any-one offer advise on what to do please

 

[DeanP]

If you have access to another computer:

1. Download Malwarebytes:
Malwarebytes

2. Uninstall your current anti-virus software and replace with MS Security Essentials:
http://www.microsoft.com/security_essentials/

Put the installation file onto a USB stick, or CD. If you don't have any of those, you may put it on Windows SkyDrive (if you have a Windows Live Messenger).

 

[Golden]

After you try DeanP's suggestions, you can also run SFC /scannow from the command prompt to test the integrity of the system files.

 

[gregrocker]

Sounds like you have a serious infection smart enough to block the very scans which can neutralize it.

If the two course of action proposed above don't succeed, try one of the free Bootable AV CD's like Avira from this list: FREE Bootable AntiVirus Rescue CDs Download List The virus has no ability to block a bootable scan, nor can it hide in any running processes.

This may give you enough functionality to run MSE and Malwarebytes, then check system files to see if any have been damaged: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

If problems remain, try booting the Win7 DVD Repair console or Repair CD to System Restore back until you get before the infection: http://www.sevenforums.com/tutorials/700-system-restore.html
http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

Recovering functionality but having irreparable system files, try http://www.sevenforums.com/tutorials/3413-repair-install.html?ltr=R

If any symptoms of infection remain after repeated scans, you may need to wipe the HD of all infected code and reinstall following these tips: http://www.sevenforums.com/installation-setup/125874-re-install-windows-7-a.html#post1086729

 

[Karnjanarat]

Can't run MS Security Essentials
Malwarebytes picked up 18 infections
I am now downloading rescue system program.
Hopefully I can get some functionality back again.

 

[Karnjanarat]

I run the scan program and
Windows Resource Protection did not find any integrity violations.

 

[EzioAuditore]

So, are you able to open programs now? If not, continue with the boot rescue disc as asked by greg.

 

[niemiro]

Hello!

Could you please post the MBAM log so that we can see what we are dealing with? Thanks!

Richard

 

[Karnjanarat]

MBAM log

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
HKEY_CLASSES_ROOT\pezfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> No action taken.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (pezfile) Good: (exefile) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.135,93.188.160.15) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25B4EF13-F7A3-47A5-8B29-EE862150BE66}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.135,93.188.160.15) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39A69A42-31A8-4256-BF7F-64607B3E4741}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.135,93.188.160.15) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AD0C62B4-8EBF-4331-99D6-C4041B957D3D}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.135,93.188.160.15) Good: () -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Keith\AppData\Roaming\microsoft\svchost.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Keith\AppData\Roaming\microsoft\Windows\shell.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Keith\AppData\Local\Temp\1187.7056201924984.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Keith\AppData\Roaming\microsoft\stor.cfg (Malware.Trace) -> No action taken.
c:\Users\karnjanarat\Desktop\internet security suite.lnk (Rogue.Link) -> No action taken.
c:\explorer.exe (Worm.AutoRun) -> No action taken.
c:\Users\Keith\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> No action taken.
c:\Users\Keith\local settings\application data\opRSK (Malware.Trace) -> No action taken.
c:\Users\karnjanarat\AppData\Roaming\microsoft\internet explorer\quick launch\internet security suite.lnk (Rogue.InternetSecuritySuite) -> No action taken.
c:\Users\karnjanarat\AppData\Roaming\microsoft\Windows\start menu\internet security suite.lnk (Rogue.InternetSecuritySuite) -> No action taken.
c:\Users\karnjanarat\AppData\Roaming\microsoft\Windows\start menu\Programs\internet security suite.lnk (Rogue.InternetSecuritySuite) -> No action taken.

 

[EzioAuditore]

It shows 'No action taken'. Make sure you reboot after the scan when prompted.
In case if You're still facing problems running exe files, which i doubt as you could run mbam, dload exeHelper- http://www.raktor.net/exeHelper/exeHelper.com
Now download rkill and run it. Don't reboot after running it.
http://download.bleepingcomputer.com/grinler/rkill.exe
Try to run any antivirus like Avira, MSE etc.. whatever you like and also run MBAM again. Post back the logs and let us know.

 

[niemiro]

You need to rescan and select "Remove All", please.

Thanks!

 

[DustSailor]

Can't run MS Security Essentials
Malwarebytes picked up 18 infections
I am now downloading rescue system program.
Hopefully I can get some functionality back again.

Perhaps after you have removed those previous infections, you can now run Microsoft Security Essentials

 

[Karnjanarat]

I appreciate your help. I need to focus back on this after some sleep.
Thanks Keith

 

[Hopalong X]

+1 Niemiro

Rescan and Remove All with Malwarebytes.

 

[Karnjanarat]

I removed corruption with malwarebytes.
I then managed to get MSE to run, and I seem to have full functionality back again

 

[Golden]

Well done. It seems as if your PC is behaving normally now. Be sure to do regular scans. I suggest you keep the following resident on your PC:

MSE

and run MBAM (Malwarebytes) regularly.

 

[EzioAuditore]

And a decent firewall. Make sure windows firewall is enabled in case malware disabled it.
Also, if i remember right, there was also a DNS changer trojan in your pc. Be sure to password protect your settings in your router configuration.
At last, not least, glad it's solved.

 

[Hopalong X]

Excellent.

Glad you have things repaired.
Mike

 

[DustSailor]

Some viruses may disable some settings, so if you notice something is messed up and your scans don't show any viruses, google your problem. I had a virus once that disabled task manager, and a quick look up gave me the solution.

 

[Karnjanarat]

Thank-you

I wish to thank all of you for helping me solve my program problems. Very much appreciated.
I was nearly going to hire a guru to sort it all out, as I'm not much of a computer code type thinker.
Life just about comes to a stop when the computer breaks down.
Keith and Karnjanarat