Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Blue Screen plus other problems


Recommended Posts

Installed Free Trial of Advanced System Care with AntiVirus 2013 on Vista Pro SP2 machine.

 

First run asked it I wanted to uninstall Symantec. Symantec was not working correctly anyway, so I said Yes.

 

After install, did full scan. Program located about 142 instances of a Win32.??? virus. I wrote it down, but can't find it right now. All files infected were "EXE's". Program told me to restart, which I did.

 

After restart, I had a blue screen only. Could not run Task Manager because it's in the quarantine. So is Explorer.

 

I'm stuck. Any ideas?

Link to comment
Share on other sites

Win32 worms generally are set to run automatically when you start your computer or even register themselves to be run when any other application is started. Unfortunately, you can't just delete the worm file or your computer system might not be able to start your applications (such as Explorer) any more.

 

In order to effectively remove the worm from your computer system, it is often necessary to make additional changes to your system registry. Editing the system registry isn't easy. It can be done but can be difficult for those who aren't computer technicians.

 

Above is Quote from this web-page:

http://www.squidoo.com/how-to-remove-the-trojan-proxy-virus

 

So it may be 'Too Late' and requires Re-installing Windows. :-(

Since it will probably be a great deal of Work to remove everything from the Registry,

the Registry may need to removed before Install of Windows,

which may require a format of Boot-drive, but first try Registry Cleaning to see if that works.

 

BTW - If it was My computer I would get a new Hard-drive and Start-Over! Worm viruses are a Real HeadAche! :-(

(the price of HDs has Reduced again recently)

Link to comment
Share on other sites

Hi Feckless... welcome to the Iobit forums!

 

Your situation is most unfortunate... but there is an alternative to reformat... it relies on you having the Windows recovery disc that came on your machine. Do you have that disc? As a precaution, disconnect your machine from the internet by cutting off the wireless switch (if so configured) or unplugging your wireless router, removing any hardwired internet connection (LAN or otherwise).

 

Then follow the instructions here to boot from your Windows Vista recovery disc... if these instructions don't work the original BIOS settings have been changed and you will require a different set of instructions. Choose the recovery option as opposed to the reinstall.

 

Then restore your system to functionality... (if you need instructions, please ask). Then save any personal data you wish to, as a precaution.

 

Then open a thread here in the Malware removal section by following these guidelines (but it is important that you skip step 2 from the guidelines in your case), where a fully trained Malware Fighter will assist you in healing your Windows if it is possible.

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

Melvin,

From what I have read,

as soon as you install new data, from the Recovery-disk, it is again Corrupted by the virus,

which makes it again impossible to remove, without manually editing the registry.

But maybe there is a way to get around that, that I've Not heard of ?

 

Good Anti-virus programs can Block these viruses but once it gets infected they can Not completely remove the virus,

therefore 'RegEdit' is needed.

Since the infected computer becomes a Proxy-server being controled by the Hackers Server.

(disconnecting it from the internet, while trying to fix it, will help, I think)

 

Of course, all of this is assuming that is the type virus it has, and not something 'Completely Different' ;-)

That's one of the Many questions that cause that 'HeadAche', I was talking about.

Link to comment
Share on other sites

Melvin,

From what I have read,

as soon as install new data, from the Recovery-disk, it is again Corrupted by the virus,

which makes it again impossible to remove, without manually editing the registry.

But maybe there is a way to get around that, that I've Not heard of ?

 

Good Anti-virus programs can Block these viruses but once it gets infected they can Not completely remove the virus,

therefore 'RegEdit' is needed.

Since the infected computer becomes a Proxy-server being controled by the Hackers Server.

(disconnecting it from the internet, while trying to fix it, will help, I think)

 

Hi Toppack,

 

You are correct if this is indeed the case... without examination we don't know the situation.

 

Hopefully, at least Feckless will have the opportunity to save his/her personal data.:grin:

 

It is my experience that you must actually see instead of rely on user posted information in order to determine the factuality of the information supplied, due to the vast discrepencies in user knowledge. As you know Dave is fully trained and I am not... I don't know if Dave could could completely heal or not. Yes disconnect is a good idea, running from a portable medium is ideal if this is indeed the case. I have edited my post per your recommendation.

 

Thank you Toppack!

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

Thanks all, but....

 

I have an OEM machine which does not have ANY DISKS, everything is on the drive. The machine is 5 years old and has worked fine until now. It's up to date, etc.

 

Spent most of yesterday using built in recovery tools in this order:

 

1. Startup Repair - does not work. Runs for about 10 minutes then terminates with message telling me that it won't work.

2. System Restore - This lets me go through my list of restore points. PROBLEM: I did a lot of uninstalling of applications right before this problem, so all of the restore points are within minutes of each other and ALL FAIL. I'm still stepping through them, but it looks bad.

 

The next step is to restore from a backup, which I don't have, so I'm going to have to go to the mfgr. (HP) and maybe buy a system disk. My machine is a licensed OEM version, so there should not be a big $ charge for that.

 

I also have another identical machine that I might try to copy explore.exe and taskmgr.exe from. If I can get them running again, maybe I can fix the current system. PROBLEM: They're BOTH in the quarantine on the sick machine. That's all that is basically wrong. Before I rebooted (at the command of the application), the application would NOT restore them (along with about 90 other exe's) It seems that once certain exe's go into the quarantine, they can't be brought out.

 

I can see the quarantine. There are three files in there for each exe. I'm assuming that the exe is just enclosed in one of those files. Does it make sense to try to liberate them? Is there a way?

Link to comment
Share on other sites

Rescue Disc

 

Feckless..

As I suggested in previous reply.....you should use a rescue disc. This is not a system disc, so it does not matter that you do not have system discs, unless the rescue discs asks for a system disc, which is very rare and usually means a reinstall is required.

So, I think it would definitely be worth your while to try using a rescue disc... They are quick to download and crerate andthere are many available and they are free. Seeing that you had a virus problem, it may be worth trying the AVG rescue disc. You could download it on another pc.

 

I hope you are successful.

Link to comment
Share on other sites

Hi Feckless.

 

It appears you have gained some access to your machine since your first post. This is a good thing.

 

OEM machines are shipped and delivered with the Windows recovery disc. It is usually packaged in a plastic sleeve in a thin CD case along with a quick start guide or general instruction pamplet. Are you the original purchaser and perhaps have filed or stored the recovery disc somewhere unknowingly? Or perhaps know the original purchaser of the machine who may perhaps still have the disc?

 

Hopefully Scannan's advisement will yield some relief.

 

 

Sincerely,

-Mel

Live long and prosper!

 

I have an OEM machine which does not have ANY DISKS, everything is on the drive. The machine is 5 years old and has worked fine until now. It's up to date, etc.

 

Spent most of yesterday using built in recovery tools in this order:

 

1. Startup Repair - does not work. Runs for about 10 minutes then terminates with message telling me that it won't work.

2. System Restore - This lets me go through my list of restore points. PROBLEM: I did a lot of uninstalling of applications right before this problem, so all of the restore points are within minutes of each other and ALL FAIL. I'm still stepping through them, but it looks bad.

 

The next step is to restore from a backup, which I don't have, so I'm going to have to go to the mfgr. (HP) and maybe buy a system disk. My machine is a licensed OEM version, so there should not be a big $ charge for that.

 

I also have another identical machine that I might try to copy explore.exe and taskmgr.exe from. If I can get them running again, maybe I can fix the current system. PROBLEM: They're BOTH in the quarantine on the sick machine. That's all that is basically wrong. Before I rebooted (at the command of the application), the application would NOT restore them (along with about 90 other exe's) It seems that once certain exe's go into the quarantine, they can't be brought out.

 

I can see the quarantine. There are three files in there for each exe. I'm assuming that the exe is just enclosed in one of those files. Does it make sense to try to liberate them? Is there a way?

Link to comment
Share on other sites

Good luck

 

I am original purchaser and did unpack the machine. I save everything and am certain that there was no cd enclosed. No books either. I have six of these machines. They're HP's. I know not everybody likes HP (for different reasons) but we are a HP shop. We run there servers too.

 

Anyway, Scannman's advice was good. Using another machine, I downloaded the AVG rescue disk and ran it. It asked if I wanted to update, so I said yes. It updated its database and ran. It took over 4 hours. The HD is 160GB. It located 2,500+ copies of WIN32/Expiro.W which were all attached to EXE's.

 

It cleaned them. Then I used MIDNIGHT COMMANDER (ON THE SAME DISK)

to load taskmgr.exe and explorer.exe back on to the machine. It booted up fine, but there were still at least 87 other EXE's that had been taken hostage. Since I did not know which ones they were, I simply restored the Windows and System32 folders from another machine. Now the machine is back, but I still need protection software. What allowed this to happen in the first place was damaged protection software. Don't know how it got damaged either.

 

So, the machine is back, but is sill sick. However, I'm in a position to better solve any further problems.

 

So. a big thanks to Scannman for waking me up to the AVG Rescue Disk. It worked GREAT!:-D:-D

Link to comment
Share on other sites

Protection

 

Feckless,

 

I am glad you are back on the road to pc health, and that you found the rescue disc successful.

However, I am a bit confused as to why there is still 87 instances of the virus.

Why did avg not clean them out also?.

As to which protection software to use.... this is a personal choice and with so many programs available it requires some searching and investigation in order to choose.

I would though, recommend always to run Malwarebytes Anti-Malware. I am reluctant to recommend other Av's on this forum, since Iobit have excellent offerings in this area. However, malwarebytes has become pretty much the standard for checking for infections.

I would be interested to hear your reply regarding the 87 infections still remaining.

Link to comment
Share on other sites

Regarding oether quarantined files

 

It was not that AVG did not clean these files. It was because the AntiVirus 2013 software had put them in its quarantine and would not let them out. At least I could not get them out. Later on, after running AVG, I did not even try.

 

Antivrus 2013 began running immediately after the install and started reporting how many infections it had located right away. It was running with default settings, which I had not even looked at. Later, I saw that it was set up, as I understand it, to quarantine infected files so that the user could review them and selectively restore them, whitelist them or delete them (I think.) That was also an option as the software discovered things too. I had the choice to whitelist them, quarantine them or make them inoperable (I can't remember the word on the menu and I don't have the software running anymore) from the dialogue box that appears on the bottom right of the screen as the program runs.

 

What was happening was that, after the first scan, I had over 400 exe's in the quarantine, including the tskmgr.exe and explorer.exe, along with all kinds of others. At least I thought the scan was over. That's as I recall it.

 

When I went to the quarantine, I could only release files from the quarantine. There was no option to clean and release (as I recall.} Anyway, I assumed that the software would clean and release the files, so I selected them all and told it to go. As soon as they were released, the software started detecting infections and quarantining stuff again. I specifically remember both the taskmgr.exe and explorer.exe being in the first batch. Also, in the first round, they got released. Then they got trapped again and I could not get either one out of the quarantine. At that point, after numerous attempts to release them, the software still had 90 files in the quarantine, including taskmgr and explorer. It prompted me to reboot. With misgivings. that's what I did, knowing that I had already lost explorer and task manager.

 

When the software restarted, I only had a desktop with nothing on it, no tray, no explorer, no task manager, no nothing. I could boot in safe mode, but none of the restore programs would work because (I'm assuming) some of the trapped exe's were them. The machine was really messed up at that point.

 

I was able to "safeboot with command prompt", so I could look at the quarantine. It actually has three files for each exe. I can't remember the extensions, but one was "dat" and one was something like "qbd" and a third one. I assumed that those extensions worked only with AntiVirus 2013 for it's own purposes. I'm pretty sure that each exe was wrapped up inside one of them.

 

The AVG disk found over 2,500 instances of the virus. However, I'm not sure if it found the virus in the Antivirus 2013 quarantined files or not. Also, if it did find and clean those files, they were left in the quarantine in their "wrappers."

 

I did try to inspect those files and I could see the file names in clear text along with code. However, I made the decision to NOT try to fish each one back. Rather, I chose to just get Windows going again and reinstall anything that did not work correctly. I thought that was where I would wind up anyway.

 

So, the short answer is that AVG did every thing it was supposed to do. I assume it cleaned the files in the quarantine, but I would have had to use AntiVirus 2013 to get them out of the quarantine. I had shut that down and elected to not restart it.

 

Any application that won't start will just get reinstalled. So far that has not been a problem.

 

I have not had a chance to really finish up the machine, but will later this week. It's running all of it's principal apps, so it's working at it's primary jobs now. I'm sure there will be other app problems, but nothing that will be unsolvable.

 

Thanks again for your advice.

Link to comment
Share on other sites

Hi Feckless.

 

Hi Feckless,

 

Hope you don't have anymore problems, but I strongly suggest that you open a thread in Spyware-Malware Removal Help! section following the procedures in Guidelines for requesting malware removal assistance thread and let Malware Fighter Superdave look after your PC.

 

Cheers.

 

Hi Feckless:smile:!

 

I also strongly urge that you follow Enoskype's suggestion!!!

 

I am glad that you have recovered part of the system... please save any important personal data.

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...