1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem Help removing malware? Made several attempts but got nowhere.

Discussion in 'Windows - Virus and spyware problems' started by wheelstb, Feb 23, 2016.

  1. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Hi guys,

    Thanks for the replies. I appreciate it.

    I ran CC cleaner when I got into this mess. So, I'm good there.

    I freed up at least 49 GB on my C: drive.

    I tried to defragment and I got a window telling me that the defragmenter had stopped working.

    Where to now?
     
    Last edited: Feb 28, 2016
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Bravo! I'm proud of you, wheels.........
    If you have that much free space then run ccleaner again.. Then press windows key +r and type in cleanmgr then OK, OK and delete files...
    Go to Start -> Computer -> select Boot drive C Right click -> properties -> tools tab -> defragment now ok..

    This should get you back where we can get you going again.... may take a little more time...

    let me know..
    2oG
     
  3. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    In my geekier days, I think I knew that 20% free space for a hard drive was ideal in terms of minimum amounts. I had forgotten that and never imagined it would cause problems beyond defragmenting, storage, slow performance etc.

    I guess I didn't run CCCleaner in the beginning of my fiasco. It pulled off 467 MB worth of stuff. I didn't have a regimented schedule for running it. I thought I read it fairly frequently. I guess not. I also thought I had disk cleanup and defragmenter scheduled to run. Wrong on that account too. Unless they were not being executed due to the space issue. More than likely I was just wrong.

    I ran everything in safe mode because I am having difficulty getting things to run with a typical boot. I was able to get everything to run except for the defragmenter. Should I try to use a third-party defragmentation tool?

    Thanks
     
  4. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    ccleaner can be enabled to run at startup as that is what I do on mine & my customers' computers. I haven't used disk cleanup in years.
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    He He.. I have ccleaner on a sked to run starting at 6am thru the day at 15 minute intervals..
    I use MyDefrig instead of MS and have for years.. it does a great job. will run daily, weekly and monthly skeds for daily defrag, weekly defrag with some optimization and monthly defrag with full optimization....

    Running in safe mode is ok for now, we'll get you back soon, just hang in there...
    Go ahead and defrag with MS and we'll see what else it necessary....

    You were in pretty bad shape so don't get discouraged and just hang in there for a while....

    2oG :)
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Wheels,
    were you able to get a defragger to work???
    Let me know what's happening...
    Run the system files checker. Type SFC /scannow in the run box, windows key +r, to repair bad system files and see if that helps...
     
  7. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    No. I'm not. I will try that
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    what is the defragger doing, if anything, any error messages???
     
  9. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    We had an interesting turn of events this morning. Last night, I could not run the defragmenter. I believe I got an air message that said something to the effect of "defragmenter cannot run" it was the same window I was getting earlier that was telling me that the various files and applications were crashing.


    When I booted the desktop this morning I was paying very little attention to what was going on because I was also working on my laptop. It seemed to freeze during the boot. I had nothing but black screen for a while. I pushed the reset button on the tower.

    On this boot attempt, things booted properly then, before I could reach the desktop it said, do not turn off or restart computer. Windows is cleaning up. When the computer finally got to the desktop everything was fine. I haven't received any messages of programs, files or applications crashing. I was receiving numerous instances of that previously. (Probably 20 or upwards)

    I'm also pretty sure that Internet Explorer was being hijacked or I was getting fake error messages when I used it.

    Now everything seems fine.

    I am able to open the defragmenter. It says that my operating system disk is 1% fragmented and the defragmenter was run as scheduled on 2/24/16. I will run the defragmenter anyway. And report back.

    I'm curious as to why all of the problems have vanished. Could you shed some light on that for me? Was it simply a matter of malware and not enough room on the operating system hard drive? Or did you hack into my computer overnight and fix it?

    I will run the defragmenter. Where to now?
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Your drive was so full and fragmented that windows couldn't download and install updates and they were backing up.. When you gave it enough room to work, the updates were downloaded, installed and cleaned up afterwards.
    The problems were due to the lack of room to work in. You really didn't have any malware and just one bad program (SpyHunter 4) not really malware but not real good & sometimes causes problems. uninstall it...
    At first I was getting signs that you had a zero-access trojan but those sighs were false due to the windows errors.. And no, I didn't hack into your computer.. lol

    Run me a fresh copy of FRST Logs so I can see where we need to go next:

    [​IMG] Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
      When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
    Please attach both logs to your next reply.

    2oG :p
     
  11. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    Okay, now I'm back to having the same kind of problems I did before. I was unable to run FRST on a regular boot. And I am getting error messages.

    COM Surrogate has stopped working.
    Windows Shell Common DLL has stopped working. I get a multitude of both of these messages.
    I'm not sure of the exact wording of this one, but I also get an error message saying that Windows media player networking has stopped working (something like that)
    also
    Task Scheduler Engine has quit working


    For what it's worth, the hard drives were being defragmented as scheduled. Even though I could not run them myself. The operating system drive was only 1% fragmented. Might be a helpful piece of information. I don't know

    I ran the recovery scan. It had to be done in safe mode. Here are the logs.
     

    Attached Files:

  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Oh wheels, :confused:
    I think my first thoughts that this was a poweliks trojan were in fact correct... I have looked every where and cannot come up with a solution. It evidently is a new variation of the poweliks that ESET has not put out a fix for...
    On your last FRST Logs it is still there and has replicated to another file in windows media player, wmpnscfg.exe and still in dllhost.exe.
    At this point in time I am uncertain of just what steps to take, give me some time to do some research with some of my malware helper buddies to see what we can come up with... por favor

    2oG :(
     
  13. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    My My spoken Spanish is barely passable. My written Spanish is worse than that. Long story short, take all the time you need. Since things are replicating should I keep the infected computer powered off as much as possible?
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yes, it's probably a backdoor and may have to pave and reinstall to be sure it's gone... We'll see what can be done.
    This has sure turned into a mess.. :(
     
  15. GrandpaBW

    GrandpaBW Active member

    Joined:
    Feb 28, 2004
    Messages:
    3,730
    Likes Received:
    17
    Trophy Points:
    68
    I doubt that I would have ever gotten myself into that position, but if I did, I would have done a Format C: a long time ago. :)
     
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    You know, Grandpa, since my early win 98 days when I learned to make image backups, I have never had to format and reinstall windows on any of my or my family's computers..
     
  17. GrandpaBW

    GrandpaBW Active member

    Joined:
    Feb 28, 2004
    Messages:
    3,730
    Likes Received:
    17
    Trophy Points:
    68
    I do backups, with Ghost, all of the time. I don't think that wheelstb has. That is why I mentioned the Format C:
     
  18. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I am pretty sure wheels doesn't have a backup and got hit with the worst zero access trojan out there.. an ounce of prevention etc.

    I used Ghost until Acronis came out and now I'm using AOMEI backupper and really like it..
     
  19. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    26
    I hate to rain on the parade, but I do have a backup image of my C Drive. I started hoping I wouldn't have to use it. If there is no other option. I do have it.
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    That's not rain where I come from, it's sunshine.. I would say, at this point in time, that would be the way to go...
    I just pray for you that your backup is not as over stuffed as the one you had on the machine before you cleaned it up.

    p.s. I will continue to work on a fix for this new malware.. I just can't live with being defeated. :mad:
     

Share This Page