HELP!! Windows 7 problem - System Check


log in

Advanced search

Message boards : Number crunching : HELP!! Windows 7 problem - System Check

1 · 2 · 3 · 4 · Next
Author Message
zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207731 - Posted: 19 Mar 2012, 4:18:37 UTC

Windows 7 problem - System Check(Trojan Horse/virus)

I can't install an av program like avg or reinstall the OS for the life of Me, although I know how to do this, I may have to get out an older hdd and backup the data that I have. I was able to uninstall Avast as this trojan went right past it, part of the menus that access My hdd/control panel and such are missing, I may need to call Microsoft Monday, I can't even repair the OS. I did get rid of the System Check(Trojan Horse/virus), but so far I can't crunch anymore or install anything, It seems the installer service is not running at all, I tried to start it and it said "access denied".
____________

Profile RottenMutt
Avatar
Send message
Joined: 15 Mar 01
Posts: 992
Credit: 207,654,623
RAC: 1
United States
Message 1207755 - Posted: 19 Mar 2012, 6:43:33 UTC - in response to Message 1207731.
Last modified: 19 Mar 2012, 6:44:16 UTC

i feel for you. i lost a hard drive Sunday morning and was able to recover little. this is the third 1TB Seagate drive I've lost on this system, but the first which wasn't recoverable. I'm just now up and crunching.
____________

Profile Michel448a
Volunteer tester
Avatar
Send message
Joined: 27 Oct 00
Posts: 1201
Credit: 2,891,635
RAC: 0
Canada
Message 1207763 - Posted: 19 Mar 2012, 7:52:52 UTC
Last modified: 19 Mar 2012, 7:56:53 UTC

not his fault

I was able to uninstall Avast as this trojan went right past it


not sure, but i think none of the AV detect "system checks false AVs" :(
i always use Malawarebytes Anti-Malwares cause these stupid things, they are such a pain. :( they block all .exe you try to launch :(
____________

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2570
Credit: 5,876,077
RAC: 2,723
Bulgaria
Message 1207764 - Posted: 19 Mar 2012, 8:09:53 UTC - in response to Message 1207731.
Last modified: 19 Mar 2012, 8:36:54 UTC


If you can mount the disk in another working PC (as just second data-disk) you can try this to check the disk is clean:

ESET Online Scanner
http://www.eset.com/us/online-scanner/


Or use some live CD to boot from it and scan:
http://en.wikipedia.org/wiki/List_of_live_CDs#Microsoft_Windows-based

If the live CD have no browser you can use this:
http://www.opera-usb.com/operausben.htm


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

Highlander
Avatar
Send message
Joined: 5 Oct 99
Posts: 143
Credit: 31,058,002
RAC: 60
Germany
Message 1207770 - Posted: 19 Mar 2012, 9:16:09 UTC
Last modified: 19 Mar 2012, 9:37:05 UTC

and/or use the Avira AntiVir Rescue System, this is a boot-cd which perhaps can help a little bit.
____________

Profile Alex Storey
Volunteer tester
Avatar
Send message
Joined: 14 Jun 04
Posts: 535
Credit: 1,629,279
RAC: 419
Greece
Message 1207786 - Posted: 19 Mar 2012, 11:33:40 UTC
Last modified: 19 Mar 2012, 11:39:29 UTC

Does Windows System Restore work? If it does you're golden, if not follow BilBG's advice. Good news is your data is most probably ok, you just have to unhide all your stuff.

Edit: Maybe this can help you get things installed/uninstalled
http://support.microsoft.com/mats/Program_Install_and_Uninstall/

Profile Paul D Harris
Volunteer tester
Send message
Joined: 1 Dec 99
Posts: 1123
Credit: 33,598,472
RAC: 0
United States
Message 1207792 - Posted: 19 Mar 2012, 12:01:20 UTC

I too don't like seagate hdd.
Have you tried InstallTakeOwnership.reg
http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
____________

Profile Blurf
Volunteer tester
Send message
Joined: 2 Sep 06
Posts: 7415
Credit: 6,487,195
RAC: 4,374
United States
Message 1207798 - Posted: 19 Mar 2012, 12:43:35 UTC

This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it
____________


Profile Lint trap
Send message
Joined: 30 May 03
Posts: 859
Credit: 25,819,652
RAC: 12,978
United States
Message 1207823 - Posted: 19 Mar 2012, 14:11:44 UTC

Victor, according to BleepingComputer.com, your system is probably still just fine.

Disregard all the warnings and trouble reports. The ROGUE virus is just trying to get you to purchase the "repair" program. And don't delete any temporary files or folders, you may need some of the files in them later.

If you have Malwarebytes Anti-Malware installed, and can run it, it may be able to remove the virus. Newer versions of the System Check virus install rootkit/s that prevent MBAM, or other AV s/w from running.

If you can get to this page and follow the links, the advice may help:
http://www.bleepingcomputer.com/virus-removal/remove-system-check


Lt

Profile john3760
Avatar
Send message
Joined: 9 Feb 11
Posts: 334
Credit: 3,400,979
RAC: 0
United Kingdom
Message 1207843 - Posted: 19 Mar 2012, 15:17:13 UTC

This might be a bit late for you now Vic,but last year I had exactly the same
problem.
I tried all the usual things,but it got to the point where as soon as my computer
booted,I was getting the warning screen directing me to the website to buy
their software.
Luckily for me I had put two accounts on the computer,and was able to go into
the second account and do a system restore to a previous date(something
which I couldn't do on the first account).
When I rebooted everything was ok and has been since.
I know this probably won't help at this moment in time,but when you get up
and running again create two accounts on your computer and if anything like
this happens again you will have a back door to get in and fix it.

good luck

john3760
____________

Profile Alex Storey
Volunteer tester
Avatar
Send message
Joined: 14 Jun 04
Posts: 535
Credit: 1,629,279
RAC: 419
Greece
Message 1207844 - Posted: 19 Mar 2012, 15:17:49 UTC

I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved.

Unless of course you are due for an OS re-install (hard to believe with Win7), or you are just plain bored and feel like doing a clean Win install for kicks...

But if you can't and just to calm you down a bit:
If you go to Start->All Programs->Accessories->Windows Explorer you'll see all your stuff is still there. And if it isn't just use the "Show hidden files, folders and drives option" in Folder Options.

Profile arkayn
Volunteer tester
Avatar
Send message
Joined: 14 May 99
Posts: 3594
Credit: 47,339,185
RAC: 327
United States
Message 1207913 - Posted: 19 Mar 2012, 17:23:29 UTC

The one question that comes to mind is what browser were you using and what extensions were installed in it?
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207921 - Posted: 19 Mar 2012, 17:38:24 UTC - in response to Message 1207763.

not his fault
I was able to uninstall Avast as this Trojan went right past it


not sure, but i think none of the AV detect "system checks false AVs" :(
i always use Malawarebytes Anti-Malwares cause these stupid things, they are such a pain. :( they block all .exe you try to launch :(

Yeah I used Malwarebytes to get rid of the sucker, but I then couldn't get My sound back or any av to install, turns out I was in Normal mode, but Win7 Pro x64 thought I was in safe mode and trying to go into safe mode, a very quick BSOD...

Microsoft deserves some kudos for getting Me back online, as My Product Key was not working, the tech there fixed Me right up, good thing I bought a Retail upgrade off of Amazon. :)

AVG is according to the site I'd looked at supposed to protect against this piece of crud, I mainly lost info in 1 text file(Monthly Budget), some saved civ game files(oh well) and some MP3 files(I know where the sources are, so it's not a big deal), everything else is accounted for, some's online, some's on the Flash Drive, Boinc 6.10.58 is running again, as is My email and of course Firefox 12.0a1...
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207923 - Posted: 19 Mar 2012, 17:40:17 UTC - in response to Message 1207913.

The one question that comes to mind is what browser were you using and what extensions were installed in it?

Firefox, as to extensions, I don't run too many, one of which involves Youtube files, so I'll decline on that. Still Avast is history here.
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207926 - Posted: 19 Mar 2012, 17:42:50 UTC - in response to Message 1207844.

I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved.

Unless of course you are due for an OS re-install (hard to believe with Win7), or you are just plain bored and feel like doing a clean Win install for kicks...

But if you can't and just to calm you down a bit:
If you go to Start->All Programs->Accessories->Windows Explorer you'll see all your stuff is still there. And if it isn't just use the "Show hidden files, folders and drives option" in Folder Options.

No kicks here, I'm beyond System restore now, I looked, not even a windows.old folder(unless it's hidden), I'd tried that and it didn't do more than list the points, so I'm starting out from scratch(zero).
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207928 - Posted: 19 Mar 2012, 17:47:51 UTC - in response to Message 1207843.

This might be a bit late for you now Vic,but last year I had exactly the same
problem.
I tried all the usual things,but it got to the point where as soon as my computer
booted,I was getting the warning screen directing me to the website to buy
their software.
Luckily for me I had put two accounts on the computer,and was able to go into
the second account and do a system restore to a previous date(something
which I couldn't do on the first account).
When I rebooted everything was ok and has been since.
I know this probably won't help at this moment in time,but when you get up
and running again create two accounts on your computer and if anything like
this happens again you will have a back door to get in and fix it.

good luck

john3760

That's a good idea there, How'd Ya make the 2nd account?
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207933 - Posted: 19 Mar 2012, 17:58:26 UTC - in response to Message 1207823.

Victor, according to BleepingComputer.com, your system is probably still just fine.

Disregard all the warnings and trouble reports. The ROGUE virus is just trying to get you to purchase the "repair" program. And don't delete any temporary files or folders, you may need some of the files in them later.

If you have Malwarebytes Anti-Malware installed, and can run it, it may be able to remove the virus. Newer versions of the System Check virus install rootkit/s that prevent MBAM, or other AV s/w from running.

If you can get to this page and follow the links, the advice may help:
http://www.bleepingcomputer.com/virus-removal/remove-system-check


Lt


Ah yes, last I saw they'd went offline for a bit, maintenance I guess. That's how I removed it, but I had a twist, My OS was in Normal mode, but the PC thought I was in Safe mode, aero wouldn't work, avg wouldn't install, avast would install and then wouldn't work, I was able to install 285.38 of course and malware bytes... Going into the real safe mode would have fixed a lot of problems, but soon enough it was bsod central, a real nightmare, now I have 285.62 whql on the pc and I'm crunching with lunatics x41g, boinc tasks 1.30, evga precision 2.1.2

And of course I don't have a cc_config.xml file anymore either... Another file to make... sigh.
____________

zoom314
Avatar
Send message
Joined: 30 Nov 03
Posts: 45791
Credit: 36,415,773
RAC: 7,048
Message 1207945 - Posted: 19 Mar 2012, 18:07:17 UTC - in response to Message 1207798.

This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it

Yeah, a real piece of work there, I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems). That and It wants You to buy it(haha, send banking data to it more likely), hostageware disguised as something good, no I don't think it got anything of note. It does a lot of hiding of links in 7, puts in 4 links in the registry, makes a hidden partition of 8MB in size off of the hdd and makes the rest of the hdd look like there's nothing missing, shuts down windows task manager. I had It half beat, If I could have gotten into safe mode, My remaining problems would have been fixed in short order... But that was not to be.
____________

Profile arkayn
Volunteer tester
Avatar
Send message
Joined: 14 May 99
Posts: 3594
Credit: 47,339,185
RAC: 327
United States
Message 1207955 - Posted: 19 Mar 2012, 18:20:24 UTC - in response to Message 1207923.

The one question that comes to mind is what browser were you using and what extensions were installed in it?

Firefox, as to extensions, I don't run too many, one of which involves Youtube files, so I'll decline on that. Still Avast is history here.


Make sure you install NoScript at a minimum. I still have not seen a virus on my systems.
____________

Profile Alex Storey
Volunteer tester
Avatar
Send message
Joined: 14 Jun 04
Posts: 535
Credit: 1,629,279
RAC: 419
Greece
Message 1207962 - Posted: 19 Mar 2012, 18:34:16 UTC

...
I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems).


I'm pretty sure the guy behind it was a Russian Minister so you might wanna rethink going all John Rambo on his a&&:)

Seriously though, glad it ended with minimal losses.

1 · 2 · 3 · 4 · Next

Message boards : Number crunching : HELP!! Windows 7 problem - System Check

Copyright © 2014 University of California