Solved Strange problem windows 7 32 bits

[emilyan2010]

Hello. Yesterday, when i opened my computer, my MSE antivirus noticed me of a virus in C:\users\(my user name), then told me to delete it, rebooted, but it still appeared(it was a file with a strange name, something like a243bqs23.exe). So, i entered safe mode, and manually deleted it from there. The problem is, after i came back, microsoft security essential had an red icon with an x in the middle, and when i clicked on it it said real time protection is deactivated and that i should activate it, but when i press on the activate button, i get the error: security essentials did not activate the protection in real time, with error code 0x800705b4. In addition, another antivirus i have, malware bytes, when i open it, it has the real time protection module deactivated, and when i try to activate it it sais PROGRAM_ERROR_PROTECTION_MODULE (1068, 0, ProtectionEnable). I guessed that the virus acted in the registry, so i used a third antivirus, superantispyware, to scan it, and indeed, it appeared a registry virus (with the name regedit.exe), so i just ran the antivirus and cleaned the computer. But, even after this clean, nothing was done. So, i decided to use the command sfc /scannow, but with no succes, as it sais i have no integrity error. Next, i tried to use system restore, but after 3 minutes, after it restarted, i got an error where the system could not be restored, as the files could not be copied to windows directory from the backup data. In addition, a program i had, coretemp, cannot run, and it sais some drivers are missing when i try it. What should i do in this case? (i even tried to scan my registry using tuneup utilities, yamicsoft windows 7 manager, ccleaner, dll files fixer, but with no succes, even after several reboots). Thanks in advance!


Yours, emilyan2010

 

[marsmimar]

You may be infected with a rootkit. These are very difficult to find and remove. They can be so deeply hidden that sometimes a clean install of the operating system and all programs, personal data, etc is the only way to get rid of it. Microsoft has a free tool called Windows Defender Offline. It should be created on a computer that is known to be malware free. This tool can scan the infected machine before the operating system boots making it possible to find and quarantine the bad guy(s). But once a machine is infected you can never be 100% sure that all traces of the infection have been removed. I'd give WDO a try. Nothing to lose at this point.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

If it's successful you can then try another sfc /scannow or repair install to fix any damaged or corrupt system files.

 

[emilyan2010]

I ran this antivirus in boot, from a usb device, detected some files (some considered as severe), deleted them, then i came back, but the problem was the same. So, i tried a sfc /scannow, but with no results, as it sais i have no problem. What should i do now? Is there an antivirus that detects rootkits better, or something usefull like that? Thanks in advance!

 

[gregrocker]

There are special steps to be taken depending upon the exact infection you have/had. You can post up the logs from disinfection in our Security forum for expert advice. They will guide you which solutions to use and how.

For now I would install, update and run a full scan with the best malware finder we know which is Malwarebytes .

Replace your AV with Microsoft Security Essentials and run a full scan.

 

[emilyan2010]

There are special steps to be taken depending upon the exact infection you have/had. You can post up the logs from disinfection in our Security forum for expert advice. They will guide you which solutions to use and how.

For now I would install, update and run a full scan with the best malware finder we know which is Malwarebytes .

Replace your AV with Microsoft Security Essentials and run a full scan.

I have been using Microsoft Security Essentials + Malwarebytes + Superantispyware combined (each one excluding the others in scanning to avoid conflicts), and, as i said before, i cannot use the real protection of both MSE and malwarebytes. In addition, i ran a scan with them, but with no success. But, where do i find the logs from offline windows defender, which i ran in boot mode?

 

[gregrocker]

What is the error when you try to run a full scan with Malwarebytes in Safe Mode?

See if you can update it first if necessary in Safe mode with Networking.

 

[emilyan2010]

What is the error when you try to run a full scan with Malwarebytes in Safe Mode?

See if you can update it first if necessary in Safe mode with Networking.

I updated it, then tried to activate real time protection, and got an error(first picture). Then, i ran a fast scan, with no results. Also, i get the same error, with malware cannot activate real time protection in nonsafe version as well(i do not get errors when i scan with those antiviruses, only when i try to activate their real time protection). In addition, when i tried to open task manager, i got an error(second picture). All in safe mode with networking. Then, i forgot to tell that windows update is not functioning, saying the automatic updates are not enabled, but in control panel, they are enabled. Thank you for future answers!

 

[gregrocker]

You don't want Real Time Protection now. You can buy that later if you want the program standing guard all the time. What you want now is to install, update and run a scan with the program. That's all.

Reinstall if necessary. Tell it you don't want the trial version.

 

[emilyan2010]

You don't want Real Time Protection now. You can buy that later if you want the program standing guard all the time. What you want now is to install, update and run a scan with the program. That's all.

Reinstall if necessary. Tell it you don't want the trial version.

Well, i need real time protection for at least 1 antivirus. If all of them experience errors while i try to activate their realtime protection, what should i do? I also reinstalled malwarebytes, but with the same error after, same about microsoft security essentials.

 

[gregrocker]

If WDO has not worked to clean up infection, download and burn to CD one of these FREE Bootable AntiVirus Rescue CDs Download List using Windows Image Burner or ImgBurn, boot to run a full scan.

An alternative to MSE which is comparable is Avast. if you have 32 bit it offers a boot scan which can be scheduled on the Scan tab and is very effective. It may help clear your machine.

I would also install and run SuperAntiSpyware in Safe Mode if necessary.

Did you make note of the infections which were cleaned up earlier by WDO? It helps to tailor advanced cleanup steps to the virus, often found by googling each infection.

 

[emilyan2010]

If WDO has not worked to clean up infection, download and burn to CD one of these FREE Bootable AntiVirus Rescue CDs Download List using Windows Image Burner or ImgBurn, boot to run a full scan.

An alternative to MSE which is comparable is Avast. if you have 32 bit it offers a boot scan which can be scheduled on the Scan tab and is very effective. It may help clear your machine.

I would also install and run SuperAntiSpyware in Safe Mode if necessary.

Did you make note of the infections which were cleaned up earlier by WDO? It helps to tailor advanced cleanup steps to the virus, often found by googling each infection.

All i remember is that there was a "severe" virus in rosetta stone folder with a long name formed of letters and numbers. Anyway,i will try to use superantispyware in safe mode tomorrow, because now i am a little tired . Good night!

 

[emilyan2010]

If WDO has not worked to clean up infection, download and burn to CD one of these FREE Bootable AntiVirus Rescue CDs Download List using Windows Image Burner or ImgBurn, boot to run a full scan.

An alternative to MSE which is comparable is Avast. if you have 32 bit it offers a boot scan which can be scheduled on the Scan tab and is very effective. It may help clear your machine.

I would also install and run SuperAntiSpyware in Safe Mode if necessary.

Did you make note of the infections which were cleaned up earlier by WDO? It helps to tailor advanced cleanup steps to the virus, often found by googling each infection.

All i remember is that there was a "severe" virus in rosetta stone folder with a long name formed of letters and numbers. Anyway,i will try to use superantispyware in safe mode tomorrow, because now i am a little tired . Good night!

I am sorry for this 1 week delay, but i had some urgent problems to resolve first. Anyway, i scanned my pc, did not detect anything, then i ran a repair install of windows 7, still with no success. Eventually, i just reinstalled the windows, and now everything runs fine. I wonder what virus could have done such damages to my computer. Thank you for your help!


Yours, emilyan2010

 

[gregrocker]

Emily -

Be sure you followed these Best Practices to Clean Reinstall sticking with the methods given to set up and maintain Win7 for best performance. Steps are the same for retail.

 

[emilyan2010]

Emily -

Be sure you followed these Best Practices to Clean Reinstall sticking with the methods given to set up and maintain Win7 for best performance. Steps are the same for retail.

I did not use those steps, instead i used repair http://www.sevenforums.com/tutorials/3413-repair-install.html

 

[gregrocker]

Eventually, i just reinstalled the windows, and now everything runs fine. I wonder what virus could have done such damages to my computer. Thank you for your help!

Did you reinstall as you say here or not? If so did you follow the steps in
Clean Reinstall - Factory OEM Windows 7 ?

 

[emilyan2010]

Eventually, i just reinstalled the windows, and now everything runs fine. I wonder what virus could have done such damages to my computer. Thank you for your help!

Did you reinstall as you say here or not? If so did you follow the steps in
Clean Reinstall - Factory OEM Windows 7 ?

I simply formatted the hard disk then installed a clean windows.