Message boards :
Number crunching :
HELP!! Windows 7 problem - System Check
Message board moderation
Author | Message |
---|---|
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
Windows 7 problem - System Check(Trojan Horse/virus) I can't install an av program like avg or reinstall the OS for the life of Me, although I know how to do this, I may have to get out an older hdd and backup the data that I have. I was able to uninstall Avast as this trojan went right past it, part of the menus that access My hdd/control panel and such are missing, I may need to call Microsoft Monday, I can't even repair the OS. I did get rid of the System Check(Trojan Horse/virus), but so far I can't crunch anymore or install anything, It seems the installer service is not running at all, I tried to start it and it said "access denied". The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
RottenMutt Send message Joined: 15 Mar 01 Posts: 1011 Credit: 230,314,058 RAC: 0 |
i feel for you. i lost a hard drive Sunday morning and was able to recover little. this is the third 1TB Seagate drive I've lost on this system, but the first which wasn't recoverable. I'm just now up and crunching. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
If you can mount the disk in another working PC (as just second data-disk) you can try this to check the disk is clean: ESET Online Scanner http://www.eset.com/us/online-scanner/ Or use some live CD to boot from it and scan: http://en.wikipedia.org/wiki/List_of_live_CDs#Microsoft_Windows-based If the live CD have no browser you can use this: http://www.opera-usb.com/operausben.htm  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
Highlander Send message Joined: 5 Oct 99 Posts: 167 Credit: 37,987,668 RAC: 16 |
and/or use the Avira AntiVir Rescue System, this is a boot-cd which perhaps can help a little bit. - Performance is not a simple linear function of the number of CPUs you throw at the problem. - |
shizaru Send message Joined: 14 Jun 04 Posts: 1130 Credit: 1,967,904 RAC: 0 |
Does Windows System Restore work? If it does you're golden, if not follow BilBG's advice. Good news is your data is most probably ok, you just have to unhide all your stuff. Edit: Maybe this can help you get things installed/uninstalled http://support.microsoft.com/mats/Program_Install_and_Uninstall/ |
Paul D Harris Send message Joined: 1 Dec 99 Posts: 1122 Credit: 33,600,005 RAC: 0 |
I too don't like seagate hdd. Have you tried InstallTakeOwnership.reg http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/ |
Blurf Send message Joined: 2 Sep 06 Posts: 8962 Credit: 12,678,685 RAC: 0 |
This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it |
Lint trap Send message Joined: 30 May 03 Posts: 871 Credit: 28,092,319 RAC: 0 |
Victor, according to BleepingComputer.com, your system is probably still just fine. Disregard all the warnings and trouble reports. The ROGUE virus is just trying to get you to purchase the "repair" program. And don't delete any temporary files or folders, you may need some of the files in them later. If you have Malwarebytes Anti-Malware installed, and can run it, it may be able to remove the virus. Newer versions of the System Check virus install rootkit/s that prevent MBAM, or other AV s/w from running. If you can get to this page and follow the links, the advice may help: http://www.bleepingcomputer.com/virus-removal/remove-system-check Lt |
john3760 Send message Joined: 9 Feb 11 Posts: 334 Credit: 3,400,979 RAC: 0 |
This might be a bit late for you now Vic,but last year I had exactly the same problem. I tried all the usual things,but it got to the point where as soon as my computer booted,I was getting the warning screen directing me to the website to buy their software. Luckily for me I had put two accounts on the computer,and was able to go into the second account and do a system restore to a previous date(something which I couldn't do on the first account). When I rebooted everything was ok and has been since. I know this probably won't help at this moment in time,but when you get up and running again create two accounts on your computer and if anything like this happens again you will have a back door to get in and fix it. good luck john3760 |
shizaru Send message Joined: 14 Jun 04 Posts: 1130 Credit: 1,967,904 RAC: 0 |
I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved. Unless of course you are due for an OS re-install (hard to believe with Win7), or you are just plain bored and feel like doing a clean Win install for kicks... But if you can't and just to calm you down a bit: If you go to Start->All Programs->Accessories->Windows Explorer you'll see all your stuff is still there. And if it isn't just use the "Show hidden files, folders and drives option" in Folder Options. |
arkayn Send message Joined: 14 May 99 Posts: 4438 Credit: 55,006,323 RAC: 0 |
|
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
not his fault Yeah I used Malwarebytes to get rid of the sucker, but I then couldn't get My sound back or any av to install, turns out I was in Normal mode, but Win7 Pro x64 thought I was in safe mode and trying to go into safe mode, a very quick BSOD... Microsoft deserves some kudos for getting Me back online, as My Product Key was not working, the tech there fixed Me right up, good thing I bought a Retail upgrade off of Amazon. :) AVG is according to the site I'd looked at supposed to protect against this piece of crud, I mainly lost info in 1 text file(Monthly Budget), some saved civ game files(oh well) and some MP3 files(I know where the sources are, so it's not a big deal), everything else is accounted for, some's online, some's on the Flash Drive, Boinc 6.10.58 is running again, as is My email and of course Firefox 12.0a1... The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
The one question that comes to mind is what browser were you using and what extensions were installed in it? Firefox, as to extensions, I don't run too many, one of which involves Youtube files, so I'll decline on that. Still Avast is history here. The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved. No kicks here, I'm beyond System restore now, I looked, not even a windows.old folder(unless it's hidden), I'd tried that and it didn't do more than list the points, so I'm starting out from scratch(zero). The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
This might be a bit late for you now Vic,but last year I had exactly the same That's a good idea there, How'd Ya make the 2nd account? The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
Victor, according to BleepingComputer.com, your system is probably still just fine. Ah yes, last I saw they'd went offline for a bit, maintenance I guess. That's how I removed it, but I had a twist, My OS was in Normal mode, but the PC thought I was in Safe mode, aero wouldn't work, avg wouldn't install, avast would install and then wouldn't work, I was able to install 285.38 of course and malware bytes... Going into the real safe mode would have fixed a lot of problems, but soon enough it was bsod central, a real nightmare, now I have 285.62 whql on the pc and I'm crunching with lunatics x41g, boinc tasks 1.30, evga precision 2.1.2 And of course I don't have a cc_config.xml file anymore either... Another file to make... sigh. The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it Yeah, a real piece of work there, I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems). That and It wants You to buy it(haha, send banking data to it more likely), hostageware disguised as something good, no I don't think it got anything of note. It does a lot of hiding of links in 7, puts in 4 links in the registry, makes a hidden partition of 8MB in size off of the hdd and makes the rest of the hdd look like there's nothing missing, shuts down windows task manager. I had It half beat, If I could have gotten into safe mode, My remaining problems would have been fixed in short order... But that was not to be. The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
arkayn Send message Joined: 14 May 99 Posts: 4438 Credit: 55,006,323 RAC: 0 |
The one question that comes to mind is what browser were you using and what extensions were installed in it? Make sure you install NoScript at a minimum. I still have not seen a virus on my systems. |
shizaru Send message Joined: 14 Jun 04 Posts: 1130 Credit: 1,967,904 RAC: 0 |
... I'm pretty sure the guy behind it was a Russian Minister so you might wanna rethink going all John Rambo on his a&&:) Seriously though, glad it ended with minimal losses. |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65690 Credit: 55,293,173 RAC: 49 |
... Yep, Me too. I'm too old and heavy for that now, so no worries, at one time I could hit a moving target w/o prescription glasses at 600M with 1 shot of course. @ Arkayn, among a few others... The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.