MRGroup
asked on
Cleanup after 'Win 7 Security 2012 virus'
I got the 'Win 7 Security 2012 virus' last night. I was able to restart in Safe Mode and get Malwarebytes to scan. It found 17 infections which it removed. I was then able to boot up normally. I tried to use System Restore to go to a previous Restore point but that errored. I am getting errors that IPSec Policy Agent, IKE and AuthIP Keying Modules, and other services aren't running. When I go into Services and try to start them, I get an Error 1075: The dependency service does not exist or has been marked for deletion. I ran a System File Check Scan and it came back saying it didn't find any integrity violations.
How can I get the missing Services back without having to reinstall the OS. I have a fairly recent backup using Acronis, is there something I can restore from there? Should I restore the registry from the backup also?
How can I get the missing Services back without having to reinstall the OS. I have a fairly recent backup using Acronis, is there something I can restore from there? Should I restore the registry from the backup also?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Run5k - thanks for the kudos.
@MRGroup - Just posting to clarify - NOT for points.
I can almost guarantee you that the Safe Mode scan has not done a complete job of eradicating the malware.
Note that this variant will often modify your registry settings, so until you run that "FixNCR.reg" (mentioned in the Article), you are going to be very limited on what will run on your system.
Post the logs from both RogueKiller and Malwarebytes (in Normal Mode) and let us take a look at them for you.
I have had several systems in my repair shop over the past couple of weeks with these symptoms, and every one of them was accompanied by a 'Rootkit' infection.
To be safe, you should also run ComboFix and TDSSKiller(Trend)/FixTDSS(
@MRGroup - Just posting to clarify - NOT for points.
I can almost guarantee you that the Safe Mode scan has not done a complete job of eradicating the malware.
Note that this variant will often modify your registry settings, so until you run that "FixNCR.reg" (mentioned in the Article), you are going to be very limited on what will run on your system.
Post the logs from both RogueKiller and Malwarebytes (in Normal Mode) and let us take a look at them for you.
I have had several systems in my repair shop over the past couple of weeks with these symptoms, and every one of them was accompanied by a 'Rootkit' infection.
To be safe, you should also run ComboFix and TDSSKiller(Trend)/FixTDSS(
@joinaunion -
Virtually every malware variant we've been hit with for the past year or so has protective 'rogue processes' that will block most tools/scanners from functioning properly.
You might want to read through some of the current EE Articles on malware fighting to get some of the details of how to fight these critters.
Virtually every malware variant we've been hit with for the past year or so has protective 'rogue processes' that will block most tools/scanners from functioning properly.
You might want to read through some of the current EE Articles on malware fighting to get some of the details of how to fight these critters.
Thank for your feedback younghv. In almost all cases of my computer repair that involved rogue programs trojans etc..superantispyware along with spybot search and destroy have rid the computers of the problems.Malwarebytes is ok in most cases after its been run superantispyware finds more afterwards.
I think it all comes down to a personal choice on wich program to use I just find the ones I mentioned to be much more effective.
I think it all comes down to a personal choice on wich program to use I just find the ones I mentioned to be much more effective.
Tha tone did the same thing to a group of open computer we used. As clean as we got htem, we stall had to refer to this
http://www.blackviper.com/2009/05/31/black-vipers-windows-vista-service-pack-2-service-configurations/
There should be some tools out there to do this automatically. this one was great fo rtake care of 50 machines quickly
http://techie-buzz.com/softwares/tweak-windows-7-services-smart.html
http://www.blackviper.com/2009/05/31/black-vipers-windows-vista-service-pack-2-service-configurations/
There should be some tools out there to do this automatically. this one was great fo rtake care of 50 machines quickly
http://techie-buzz.com/softwares/tweak-windows-7-services-smart.html
joinaunion -
The reason I invited you to learn something about current malware fighting techniques was to clarify the characteristics of current variants.
It doesn't matter what tool/scanner you choose - although I haven't see anyone recommend either SuperAntiSpyware or Adware in recent memory - NO tool is going to work unless you stop the rogue processes first.
As far as SuperAntiSpyware "finding" anything after an MBAM scan, perhaps you aren't familar with the "False Postive" rate that tool has.
The Malwarebytes developers include about 15 current and former MS MVP (Security) types who stack up far better than any other company in the business.
If you would like me to arrange an EE "Private Discussion" to take this off-line, let me know and I will make it happen.
The reason I invited you to learn something about current malware fighting techniques was to clarify the characteristics of current variants.
It doesn't matter what tool/scanner you choose - although I haven't see anyone recommend either SuperAntiSpyware or Adware in recent memory - NO tool is going to work unless you stop the rogue processes first.
As far as SuperAntiSpyware "finding" anything after an MBAM scan, perhaps you aren't familar with the "False Postive" rate that tool has.
The Malwarebytes developers include about 15 current and former MS MVP (Security) types who stack up far better than any other company in the business.
If you would like me to arrange an EE "Private Discussion" to take this off-line, let me know and I will make it happen.
ASKER
I ran System Restore in Safe Mode as you suggested and it ran successfully. I then ran FixNCR.reg, and then MBAM. It came up clean. I then ran TDSSKiller and it also didn't find anything.
I think I got pretty lucky this time! Thanks to all who respnded.
I think I got pretty lucky this time! Thanks to all who respnded.
Glad to help! While I am more of a Windows 7 specialist, for future reference you will find that the articles written by Younghv and Rpggamergirl contain some very valuable advice regarding the handling of malware and viruses. When you have a few minutes to spare, read through them... they are great IT educational material and can same you a great deal of time & effort in the future.
http://www.superantispyware.com/