HELP!! Windows 7 problem - System Check

Message boards : Number crunching : HELP!! Windows 7 problem - System Check
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · Next

AuthorMessage
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207731 - Posted: 19 Mar 2012, 4:18:37 UTC

Windows 7 problem - System Check(Trojan Horse/virus)

I can't install an av program like avg or reinstall the OS for the life of Me, although I know how to do this, I may have to get out an older hdd and backup the data that I have. I was able to uninstall Avast as this trojan went right past it, part of the menus that access My hdd/control panel and such are missing, I may need to call Microsoft Monday, I can't even repair the OS. I did get rid of the System Check(Trojan Horse/virus), but so far I can't crunch anymore or install anything, It seems the installer service is not running at all, I tried to start it and it said "access denied".
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207731 · Report as offensive
Profile RottenMutt
Avatar

Send message
Joined: 15 Mar 01
Posts: 1011
Credit: 230,314,058
RAC: 0
United States
Message 1207755 - Posted: 19 Mar 2012, 6:43:33 UTC - in response to Message 1207731.  
Last modified: 19 Mar 2012, 6:44:16 UTC

i feel for you. i lost a hard drive Sunday morning and was able to recover little. this is the third 1TB Seagate drive I've lost on this system, but the first which wasn't recoverable. I'm just now up and crunching.
ID: 1207755 · Report as offensive
Profile BilBg
Volunteer tester
Avatar

Send message
Joined: 27 May 07
Posts: 3720
Credit: 9,385,827
RAC: 0
Bulgaria
Message 1207764 - Posted: 19 Mar 2012, 8:09:53 UTC - in response to Message 1207731.  
Last modified: 19 Mar 2012, 8:36:54 UTC


If you can mount the disk in another working PC (as just second data-disk) you can try this to check the disk is clean:

ESET Online Scanner
http://www.eset.com/us/online-scanner/


Or use some live CD to boot from it and scan:
http://en.wikipedia.org/wiki/List_of_live_CDs#Microsoft_Windows-based

If the live CD have no browser you can use this:
http://www.opera-usb.com/operausben.htm


 


- ALF - "Find out what you don't do well ..... then don't do it!" :)
 
ID: 1207764 · Report as offensive
Highlander
Avatar

Send message
Joined: 5 Oct 99
Posts: 167
Credit: 37,987,668
RAC: 16
Germany
Message 1207770 - Posted: 19 Mar 2012, 9:16:09 UTC
Last modified: 19 Mar 2012, 9:37:05 UTC

and/or use the Avira AntiVir Rescue System, this is a boot-cd which perhaps can help a little bit.
- Performance is not a simple linear function of the number of CPUs you throw at the problem. -
ID: 1207770 · Report as offensive
Profile shizaru
Volunteer tester
Avatar

Send message
Joined: 14 Jun 04
Posts: 1130
Credit: 1,967,904
RAC: 0
Greece
Message 1207786 - Posted: 19 Mar 2012, 11:33:40 UTC
Last modified: 19 Mar 2012, 11:39:29 UTC

Does Windows System Restore work? If it does you're golden, if not follow BilBG's advice. Good news is your data is most probably ok, you just have to unhide all your stuff.

Edit: Maybe this can help you get things installed/uninstalled
http://support.microsoft.com/mats/Program_Install_and_Uninstall/
ID: 1207786 · Report as offensive
Profile Paul D Harris
Volunteer tester

Send message
Joined: 1 Dec 99
Posts: 1122
Credit: 33,600,005
RAC: 0
United States
Message 1207792 - Posted: 19 Mar 2012, 12:01:20 UTC

I too don't like seagate hdd.
Have you tried InstallTakeOwnership.reg
http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
ID: 1207792 · Report as offensive
Profile Blurf
Volunteer tester

Send message
Joined: 2 Sep 06
Posts: 8962
Credit: 12,678,685
RAC: 0
United States
Message 1207798 - Posted: 19 Mar 2012, 12:43:35 UTC

This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it


ID: 1207798 · Report as offensive
Profile Lint trap

Send message
Joined: 30 May 03
Posts: 871
Credit: 28,092,319
RAC: 0
United States
Message 1207823 - Posted: 19 Mar 2012, 14:11:44 UTC

Victor, according to BleepingComputer.com, your system is probably still just fine.

Disregard all the warnings and trouble reports. The ROGUE virus is just trying to get you to purchase the "repair" program. And don't delete any temporary files or folders, you may need some of the files in them later.

If you have Malwarebytes Anti-Malware installed, and can run it, it may be able to remove the virus. Newer versions of the System Check virus install rootkit/s that prevent MBAM, or other AV s/w from running.

If you can get to this page and follow the links, the advice may help:
http://www.bleepingcomputer.com/virus-removal/remove-system-check


Lt

ID: 1207823 · Report as offensive
Profile john3760
Avatar

Send message
Joined: 9 Feb 11
Posts: 334
Credit: 3,400,979
RAC: 0
United Kingdom
Message 1207843 - Posted: 19 Mar 2012, 15:17:13 UTC

This might be a bit late for you now Vic,but last year I had exactly the same
problem.
I tried all the usual things,but it got to the point where as soon as my computer
booted,I was getting the warning screen directing me to the website to buy
their software.
Luckily for me I had put two accounts on the computer,and was able to go into
the second account and do a system restore to a previous date(something
which I couldn't do on the first account).
When I rebooted everything was ok and has been since.
I know this probably won't help at this moment in time,but when you get up
and running again create two accounts on your computer and if anything like
this happens again you will have a back door to get in and fix it.

good luck

john3760
ID: 1207843 · Report as offensive
Profile shizaru
Volunteer tester
Avatar

Send message
Joined: 14 Jun 04
Posts: 1130
Credit: 1,967,904
RAC: 0
Greece
Message 1207844 - Posted: 19 Mar 2012, 15:17:49 UTC

I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved.

Unless of course you are due for an OS re-install (hard to believe with Win7), or you are just plain bored and feel like doing a clean Win install for kicks...

But if you can't and just to calm you down a bit:
If you go to Start->All Programs->Accessories->Windows Explorer you'll see all your stuff is still there. And if it isn't just use the "Show hidden files, folders and drives option" in Folder Options.
ID: 1207844 · Report as offensive
Profile arkayn
Volunteer tester
Avatar

Send message
Joined: 14 May 99
Posts: 4438
Credit: 55,006,323
RAC: 0
United States
Message 1207913 - Posted: 19 Mar 2012, 17:23:29 UTC

The one question that comes to mind is what browser were you using and what extensions were installed in it?

ID: 1207913 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207921 - Posted: 19 Mar 2012, 17:38:24 UTC - in response to Message 1207763.  

not his fault
I was able to uninstall Avast as this Trojan went right past it


not sure, but i think none of the AV detect "system checks false AVs" :(
i always use Malawarebytes Anti-Malwares cause these stupid things, they are such a pain. :( they block all .exe you try to launch :(

Yeah I used Malwarebytes to get rid of the sucker, but I then couldn't get My sound back or any av to install, turns out I was in Normal mode, but Win7 Pro x64 thought I was in safe mode and trying to go into safe mode, a very quick BSOD...

Microsoft deserves some kudos for getting Me back online, as My Product Key was not working, the tech there fixed Me right up, good thing I bought a Retail upgrade off of Amazon. :)

AVG is according to the site I'd looked at supposed to protect against this piece of crud, I mainly lost info in 1 text file(Monthly Budget), some saved civ game files(oh well) and some MP3 files(I know where the sources are, so it's not a big deal), everything else is accounted for, some's online, some's on the Flash Drive, Boinc 6.10.58 is running again, as is My email and of course Firefox 12.0a1...
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207921 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207923 - Posted: 19 Mar 2012, 17:40:17 UTC - in response to Message 1207913.  

The one question that comes to mind is what browser were you using and what extensions were installed in it?

Firefox, as to extensions, I don't run too many, one of which involves Youtube files, so I'll decline on that. Still Avast is history here.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207923 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207926 - Posted: 19 Mar 2012, 17:42:50 UTC - in response to Message 1207844.  

I highly recommend (again) the first thing you do is check whether System Restore is working or not. The XP version of this virus won't let you, but maybe Win7 will. If it works, then problem solved.

Unless of course you are due for an OS re-install (hard to believe with Win7), or you are just plain bored and feel like doing a clean Win install for kicks...

But if you can't and just to calm you down a bit:
If you go to Start->All Programs->Accessories->Windows Explorer you'll see all your stuff is still there. And if it isn't just use the "Show hidden files, folders and drives option" in Folder Options.

No kicks here, I'm beyond System restore now, I looked, not even a windows.old folder(unless it's hidden), I'd tried that and it didn't do more than list the points, so I'm starting out from scratch(zero).
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207926 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207928 - Posted: 19 Mar 2012, 17:47:51 UTC - in response to Message 1207843.  

This might be a bit late for you now Vic,but last year I had exactly the same
problem.
I tried all the usual things,but it got to the point where as soon as my computer
booted,I was getting the warning screen directing me to the website to buy
their software.
Luckily for me I had put two accounts on the computer,and was able to go into
the second account and do a system restore to a previous date(something
which I couldn't do on the first account).
When I rebooted everything was ok and has been since.
I know this probably won't help at this moment in time,but when you get up
and running again create two accounts on your computer and if anything like
this happens again you will have a back door to get in and fix it.

good luck

john3760

That's a good idea there, How'd Ya make the 2nd account?
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207928 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207933 - Posted: 19 Mar 2012, 17:58:26 UTC - in response to Message 1207823.  

Victor, according to BleepingComputer.com, your system is probably still just fine.

Disregard all the warnings and trouble reports. The ROGUE virus is just trying to get you to purchase the "repair" program. And don't delete any temporary files or folders, you may need some of the files in them later.

If you have Malwarebytes Anti-Malware installed, and can run it, it may be able to remove the virus. Newer versions of the System Check virus install rootkit/s that prevent MBAM, or other AV s/w from running.

If you can get to this page and follow the links, the advice may help:
http://www.bleepingcomputer.com/virus-removal/remove-system-check


Lt


Ah yes, last I saw they'd went offline for a bit, maintenance I guess. That's how I removed it, but I had a twist, My OS was in Normal mode, but the PC thought I was in Safe mode, aero wouldn't work, avg wouldn't install, avast would install and then wouldn't work, I was able to install 285.38 of course and malware bytes... Going into the real safe mode would have fixed a lot of problems, but soon enough it was bsod central, a real nightmare, now I have 285.62 whql on the pc and I'm crunching with lunatics x41g, boinc tasks 1.30, evga precision 2.1.2

And of course I don't have a cc_config.xml file anymore either... Another file to make... sigh.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207933 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207945 - Posted: 19 Mar 2012, 18:07:17 UTC - in response to Message 1207798.  

This is a brutal virus....does major damage. Installing an AV after it is already infected probably won't fix it. We've had to have people go in and do major registry repairs to resolve it

Yeah, a real piece of work there, I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems). That and It wants You to buy it(haha, send banking data to it more likely), hostageware disguised as something good, no I don't think it got anything of note. It does a lot of hiding of links in 7, puts in 4 links in the registry, makes a hidden partition of 8MB in size off of the hdd and makes the rest of the hdd look like there's nothing missing, shuts down windows task manager. I had It half beat, If I could have gotten into safe mode, My remaining problems would have been fixed in short order... But that was not to be.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207945 · Report as offensive
Profile arkayn
Volunteer tester
Avatar

Send message
Joined: 14 May 99
Posts: 4438
Credit: 55,006,323
RAC: 0
United States
Message 1207955 - Posted: 19 Mar 2012, 18:20:24 UTC - in response to Message 1207923.  

The one question that comes to mind is what browser were you using and what extensions were installed in it?

Firefox, as to extensions, I don't run too many, one of which involves Youtube files, so I'll decline on that. Still Avast is history here.


Make sure you install NoScript at a minimum. I still have not seen a virus on my systems.

ID: 1207955 · Report as offensive
Profile shizaru
Volunteer tester
Avatar

Send message
Joined: 14 Jun 04
Posts: 1130
Credit: 1,967,904
RAC: 0
Greece
Message 1207962 - Posted: 19 Mar 2012, 18:34:16 UTC

...
I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems).


I'm pretty sure the guy behind it was a Russian Minister so you might wanna rethink going all John Rambo on his a&&:)

Seriously though, glad it ended with minimal losses.
ID: 1207962 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65689
Credit: 55,293,173
RAC: 49
United States
Message 1207992 - Posted: 19 Mar 2012, 19:19:20 UTC - in response to Message 1207962.  

...
I'd love to find the guy and... He ought to be glad I'm older now, I had some serious military skills at one time w/an M16 rifle, today forget it, too much work to maintain one(rust problems).


I'm pretty sure the guy behind it was a Russian Minister so you might wanna rethink going all John Rambo on his a&&:)

Seriously though, glad it ended with minimal losses.

Yep, Me too. I'm too old and heavy for that now, so no worries, at one time I could hit a moving target w/o prescription glasses at 600M with 1 shot of course.

@ Arkayn, among a few others...
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 1207992 · Report as offensive
1 · 2 · 3 · Next

Message boards : Number crunching : HELP!! Windows 7 problem - System Check


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.