Used windows defender offline now windows won't start

MSE is currently running the full scan. So I assume I need to wait until that is done
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
Has it found anything ?
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
It found the Trojan/Alueron and Adware Win32 Arcade web
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
Ah a Rootkit ( Trojan/Alueron )

   Warning
You will need a USB FLASH DRIVE



Farbar Tool

Download Farbar Recovery Scan Tool from below on a non infected PC
For 32-bit (x86) systems
Download


Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems
Download



   Information
If the Download button doesn't work click on the link http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and choose on the Bit that fits your OS


Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

:ar: To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

:ar: To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

:ar: On the System Recovery Options menu you will get the following options:
Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
   Note
Replace letter e with the drive letter of your flash drive.

   Tip
Type the commands below to see what your letter is for the USB drive and press ENTER after each command

Code:
Diskpart
List volume
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file
Type exit and reboot the computer normally
Please copy and paste both logs in your reply.(FRST.txt and Addition.txt)
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
VistaKing it says no installation package found
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
Click here Farbar Recovery Scan Tool Download

Click on the Download Now 64-bit button if your OS is a 64 bit . Once downloaded save the .exe to your USB flash drive .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
empresssoul,

While you are at it, go to Downloading ListParts
Save the downloaded file to the USB flash drive.

Plug the flash drive into the infected computer.

Enter System Recovery Options as you did before when using FRST64.

Select: Command Prompt

•At the Command Prompt window, type in notepad and press: Enter
•In notepad, under the File menu select: Open
•Select: Computer, and find your flash drive letter. Then close the notepad.
•At the Command Prompt window type e:\ListParts64.exe, and press: Enter
Note: Replace letter e with the drive letter of your flash drive.
•When ListParts starts to run, click Yes to the Disclaimer.
•Place a check by: List BCD
•Press: Scan
•Close the Command Prompt window.
•Boot back into normal mode

A Result.txt is found in the flash drive.

Please provide Results.txt in your reply.


Also, can you provide the path of the file where MSE reports Alureon is found?
Is it in:
C:\FRST\Quarantine
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Ok VistaKing and Cottonball I'm going to run both..Be back shortly
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
frst64.exe

Farbar info
 

Attachments

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
listparts64

results for the listparts
 

Attachments

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
Uninstall WildTangent that's trial game software. Also known as adware. Use Revo uninstaller to remove that. Choose advanced mode and let it scan for registry keys . Select All click Delete button then click Next let it locate files and folders select all once again and choose delete . Once it deletes everything click on Next.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
MSE says the trojan is quarantined. when I look under the C drive frst quarantined is lists svchost.
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
VistaKing I play my games through Wildtangent. is the file corrupt?
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
WildTangent is known as Adware . Companies like HP has those as trial software.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
so I attempted to uninstall and when i select the wildtang and double click a blank gray box pops up with no information.
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
You using Control Panel's Programs and Features or Revo Uninstaller?
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
both
 

My Computer My Computer

At a glance

windows 7 64 bit
Computer type
PC/Desktop
Computer Manufacturer/Model Number
dell
OS
windows 7 64 bit
Antivirus
Microsoft essentials
Click on it inside Revo Uninstaller and click on uninstall.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
empresssoul,

When you mentioned that MSE had found Alureon once again, I could not believe it, but thought perhaps a 0 byte partition was hanging somewhere, and I had overlooked it.

Not the case. :D Thank goodness!

Please go to C:\FRST and delete the entire FRST folder.

If it gives you attitude, since the malware moved to the Quarantine folder might resist deleting, then do the following:

Open a Command Prompt (Start > All Programs > Accessories > Command Prompt)
Right-click and select: Run as Administrator
At the blinking cursor, copy/paste (using the mouse) the following text inside the quote box:
rd /q/s c:\frst\Quarantine
Press: Enter

Now, also delete the FRST tool from the Desktop, as it is no longer needed.


When you are all done here, it is a good time to remove old restore points and create a new restore point to prevent possible reinfection from an old one.

Some of the malware you picked up could be saved in System Restore. Setting a new restore point after cleaning your system enables your computer to roll-back to a clean working state, if needed.

Go to Start > right-click Computer, and select: Properties
In the left panel select: System Protection
In the System Properties prompt, where it says: To configure restore settings...etc., press: Configure
At the next prompt, where it shows Delete all restore points...etc., select: Delete
Next, at the new prompt, press: Continue, and then, Close > OK

Back at System Properties, select drive C, and press: Create
At the prompt, give a name to the new restore point and press: Create
When finished, press: Close

Good luck!!
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Lets work on the virus removal first .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Back
Top