Lots of Probs

[DrLaney]

I wasn't sure where to post this so I thought I'd start here.

It appears I have a major malware infection. The list of "issues"...

In Normal boot-up:
IE will not run (Firefox does)
Internet Downloads appear to freeze - Although some do download successfully; I do not receive any feedback but I find them in the download folder
Red X on Networking Icon
Can't open Network and Sharing Center
Many services stopped & unable to restart (spooler for one)
SideBar blank
Norton AV finds nothing
Spybot takes several minutes to open; during system scan, pop-ups w/errors referencing problems in the "include files"
Malware Bytes finds nothing

In Safe mode:
IE and FF open/operate
Normal Network Icon
Seems to work normal for safe mode - can't run Norton AV fully in safe mode

That's a little bit of the issues.

Anyone w/a good plan for repairing all this???

 

[Lorien]

Hi DrLaney,

Welcome to Vista Forums!

My first suspicion is that some of this (maybe a lot of this) may be caused by Norton. Please remove Norton with the Norton Removal Tool (in safe mode with networking if necessary): Download and run the Norton Removal Tool to uninstall your Norton product | Norton Support. Then, to protect your system (at least in the meantime), install Microsoft Security Essentials: http://www.microsoft.com/security_essentials/ and, if your Norton product included a firewall, re-enable the Windows Firewall. Reboot and see if that resolved anything.

If you still have problems, do a Startup Repair by booting to the genuine Windows Vista Installation Disk (or one you can borrow from ANYONE) or from a Recovery Disk with recovery options included on it. Here's the procedure: http://www.vistax64.com/tutorials/91467-startup-repair.html. To boot to the CD you may need to change the BIOS to make the CD-drive first in the boot sequence. To do that, wait for the screen that tells you the F key to push to access the boot menu or boot setup. Push it quickly. Make the changes, save your work, and exit. Put the CD in the drive and reboot. When prompted, push any key to boot from the CD.

If you don't have either disk, you can make a bootable Recovery Disk using http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/ along with burning software like: http://www.snapfiles.com/get/active-isoburner.html and, of course, a blank CD (perhaps made on a different computer or perhaps in safe mode with networking if that is working).

If that doesn't work, try to boot into safe mode (repeatedly click the F8 key while booting and go to safe mode with networking – or do so from the command prompt on the disk). Then let's check some of your system files:

Go to Start / All Programs / Accessories / Command prompt and right click on command prompt and click run as Administrator (you can skip this step if using the disk).

If using the disk, cd to C:\Windows\System32. Type sfc /scannow and enter and let it run. It will scan and try to fix some of your system files. Hopefully it will complete with no corruption it could not repair (if there is such corruption post back here or try to analyze it to find the problem file(s) using http://support.microsoft.com/kb/928228. Try to attach the report (you may need to copy it to your desktop before it will permit you to attach it) here so we can see if they can be repaired with good copies from the installation disk (unless there are too many).

While in Command Prompt, type chkdsk /f /r and enter and let it run. It will want to schedule itself to run at the next restart. Answer yes and then reboot to run the program. It will scan and try to fix any corruption or bad sectors on your hard drive and mostly remove that as a potential cause.

If that doesn't work, then please post any repeating error messages from the Event Viewer about the problems you're having(Start / Control Panel / Administrative Tools / Event Viewer). Here's how to use Event Viewer: http://www.petri.co.il/vista-event-viewer.htm. Look in the System section and the Application Section. Click on the error for more information, click on the details tab, copy the contents, and post them in your next reply.

If that doesn't work, try a clean boot http://support.microsoft.com/kb/929135. If the problem goes away then it's just a matter of tracking down the culprit causing the problem. Follow the procedures in the article. Once found, delete, remove, deactivate, or uninstall it. Once done be sure to reset Vista back to normal status as explained in the procedures. If the problem occurs in clean mode then just restore the system to normal status and reboot - this solution is not going to work.

If that doesn't work, download Hijack This HijackThis - Trend Micro USA and run it and attach a copy of the report to your next reply.

Finally, at this point, we need to examine more details about your system. Although not designed for this specific problem, it still provides the same useful information we can use to help with diagnosis. Go to and follow the directions at: http://www.vistax64.com/crashes-debugging/282419-blue-screen-death-bsod-posting-instructions.html.

Hopefully one of these will identify and/or resolve the problem. If not, we'll have more information to analyze to try to find the cause - and that's a good start.

Thanks and good luck!

 

[DrLaney]

Lorien,

Sorry for the delay in getting back w/you. I thought I'd clarify the IE symptom: IE looks like it is loading (hourglass) but never comes up (I've seen other questions w/this symptom).

I've tried most of your suggestions w/no real luck. Some of the suggestions will not work in safe mode because it's safe mode. When I try to perform them in normal mode, the computer usually does nothing. Some of the other things (Hijack this to name one) tell me it cant run in safemode but does nothing (messages/prompts) in normal mode.

The sfc procedure says it found and fixed problems but no change.

I'm still looking at it and haven't tried checkdisk yet. I'll try to capture some messages/data and post those.

Thanks again. I'll be back...

 

[whs]

This looks like one of those nasty new rootkits. Download all the rootkit removers you can find to a USB stick (from another system) and scan your system with them.

 

[Lorien]

Hi DrLaney,

It's been a while and I was wondering if there was any progress. If not, then please explain the current status again (if anything has changed) and we'll see what other options we can try.

Thanks and good luck!

 

[DrLaney]

Haven't had a lot of time to deal w/this issue.

Per whs's suggestion, I downloaded a few rootkit removal progs. One of the problems is some say they can't be run in safe mode. I can't run a lot of things due to the state the PC comes up in normal mode. So I'm kind of in a catch-22 situation...can't run the programs to fix the problem because the problem prevents the fixes from running!

 

[Lorien]

Hi DrLaney,

If by chance you really are a doctor, then I can understand your dilemma in terms of spending time on the computer when you have a thousand other things to do and the computer should be making your job easier - not taking up a significant portion of your precious time. Perhaps that's true even if you aren't a doctor as well. Unfortunately, your problem requires you spend some time to try to identify and resolve the problem. To do that, you need to try to follow my instructions and not use shortcuts or bypass options that seem too time-consuming. There's generally a good reason for each of my recommendations and I can explain any you think unnecessary in greater detail if you wish or if it will help.

Have you made the recommended Recovery Disk and tried some of the options after booting to the Disk rather than using either normal mode or safe mode? This may work better for some of the options (but not all of them). In fact, it may be necessary for some of the options (like the Startup Repair). And some of the options which can run in safe mode may run better from the disk if there's a problem with your system in general.

Have you removed Norton per the procedures documented above and replaced it with MSE? And then update and run a full scan with MSE? This may solve some or many of your problems. I'd wager you haven't done this, but I strongly recommend it (even if you paid for Norton and it makes you feel like you're throwing money away). Norton doesn't "play well" with Vista and I've seen many problems caused by it (or by not removing it properly). This is especially true if it is a version that also replaced Windows Firewall. Be sure to reactivate Windows Firewall after removing Norton as I don't think it will happen automatically.

What happens when you try to follow the BSOD procedure? Have you tried it and does it too either not work or generate an error? We could really use that information if you can get it to work.

You say SFC found and corrected some problems. Were there any problems it was unable to correct?

How did the chkdsk /f /r go? Did it find and problems and correct them?

Did you check the Event Viewer for error messages? Please do so and follow the above intructions to post the errors here sowe can analyze them to try to identify the problem. It may tell us exactly where the problem is originating so we know where to target our efforts.

Did you try a clean boot to see if that helped? Since it makes normal mode almost into safe mode (not quite, but similar in a way) and safe mode seems to work, this too might work and then if it does, it's a simple matter of following the directions to find the cause. In effect, if the system works with a clean boot, then it's only a matter of time before you find the cause of the problem and resolve by process of elimination.

I don't know if it is a rootkit or not. There's really no evidence to suggest it though it is possible. Here are some options to try. I'd focus on the second paragraph and on the Microsoft products in the third paragraph and then any others you want to try.

As far as rootkit programs go, I'm not sure of one that works in safe mode or that will work in normal mode given the condition of your system, but here are many options you can try: Best Free Rootkit Scanner/Remover.

This one says it has "GMER Safe Mode" which suggests it works in safe mode (though I'm not really sure what it means). It may be worth a try: GMER - Rootkit Detector and Remover.

Here is another list of rootkit removal tools but again,I can't tell if they will run in Safe Mode or if they will work in Normal mode given the condition of your system. I'd give first attention to the Microsoft products: http://www.windowsreference.com/sec...ootkitrootkit-detection-software-for-windows/.

I hope this helps. I realize the time involved in some of this and I wish I could give you shortcuts, but there are no shortcuts and if you try to take them, then it may defeat the purpose of the procedure.

If you don't have time to do these things (and there's no guarantee these will work - more radical steps may be required), and you have the money, then perhaps it would be best to take it to a reputable computer repair shop (not Geek Squad or any place like that but a shop of true professionals) to have it serviced. Backup your system before you take it in as it is common for them to wipe the hard drive during the process.

That choice is up to you, but again it is likely they will wipe the drive and re-install the operating system to see if that resolves the problem. You could do that yourself if you wanted to skip all these repair steps and go directly to the radical step of doing either a repair/upgrade or a clean install (or a restore to factory original conditions). If you want to do that, then post back and I'll provide those procedures.

Good luck!

 

[chaosrealm93]

sounds like a virus to me. if push comes to shove, format. =)