Solved

Issues After Malware Removal

Posted on 2013-11-26
10
372 Views
Last Modified: 2013-12-09
Toshiba Satellite L505D
AMD Athlon Dual II Core M300 2.00Ghz
Windows 7 Home Premium SP1
3 GB RAM

I uninstalled suspect programs like PC Fix Speed, 24 x 7 Help and Search Protect by Conduit.  Unable to update Malwarebytes database on laptop so removed hard drive and ran full scan from another computer with updated Malwarebytes database.  Malwarebytes cleaned 0Access rootkit.  

I am now unable to log into laptop normally. After entering password, laptop produces blank screen with arrow.  At this point, if I can get task manager to open, within a minute, CPU reports 100% usage.  Laptop no longer responds.
 
I can access laptop in Safe Mode.  In Safe Mode, I am unable to see any errors in event viewer that would be related to any issues logging into Windows normally.

There is no recovery disk, but I have an image of the HD before starting the cleaning process.
0
Comment
Question by:charismatic100
10 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39677505
Repair install might be your best choice now. If you do not have a system recovery disk you can order one from Toshiba, I think.
Or borrow an Windows 7 HP SP1 install disk from someone.

HTH,
Dan
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 39677513
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39677577
I discourage you to continue using this installation.
If you are able to manually clean it, you should. If not, don't trust it just because some automatic malwarebytes program does not find anything anymore.

It could be that the error you experience is caused by other malware or components of the old that are still active.

Best would be to backup the files and recover/reinstall.
0
 

Author Comment

by:charismatic100
ID: 39677624
Downloading iso now.  It will take 3-4 hours.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39677828
I would run some of the simple tools in my article to help clear up the issues.  Problem is probably due to your host file being edited and hijackers left in the registry.  

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 24

Expert Comment

by:aadih
ID: 39677995
Save your important data and files and reinstall.
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39678008
If all you see is a blank screen with the cursor, it means that the explorer process (explorer.exe) could not start.

Either was replaced on registry by malware with another file and you deleted that file or was replaced on disk and the A/V damaged it on cleaning.
0
 
LVL 91

Expert Comment

by:nobus
ID: 39680056
try a repair : http://www.sevenforums.com/tutorials/681-startup-repair.html
if that does not work -  try a system restore to an earlier date

if these do not produce the wanted result -  backup and reinstall from fresh
it is the only guaranteed method
0
 

Author Comment

by:charismatic100
ID: 39707373
Repair module of Win 7 HP SP1 did not detect Windows partition.  Recovered data files and did fresh install of Win7 using ISO from website suggested by DanCraciun.  All is well.
0
 

Author Closing Comment

by:charismatic100
ID: 39707376
Thank you.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now