Solved

Windows 7 Infected?

Posted on 2014-03-11
11
280 Views
Last Modified: 2014-03-12
Hello,

I'm going to try this for the 3rd time, since my computer seems to love me and have IE crash... :(

Anyways, I have another computer here that a customer brought in stating that it was infected with Advance System Protector.

Here's what the computer is doing.  If you go to anything besides Safe Mode with Command Prompt, nothing opens.  What I mean by that is when you boot into normal mode, I can't even open up 'Computer'.  It tells me The Parameter Is Incorrect.  If you try to run a program, you can't.  You right-click, and not only does it not have the option to Run As Administrator, but it doesn't even have the OPEN function!

Here's things I have tried.

Chkdsk'd the hard drive, no errors.

Ran memtest 86+, no errors.

Uninstalled Avast! with the removal tool.

Ran the command to register all DLL's in C:\Windows.

Scanned with Malwarebytes twice.  Also scanned with SUPERAntiSpyware, TDSSKiller, and AdwCleaner.  Removed some PUP's, but nothing important.

SFC /scannow did not find any integrity violations.

Any suggestions?
0
Comment
Question by:Scott Thompson
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 39921112
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39921119
Sounds like you've spent hours on this.    If it were my situation, i'd format it.
0
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 500 total points
ID: 39921136
You can try using system restore to previous date computer was infected.
0
 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 39921137
You need to uninstall it using Revo Uninstaller (or CCleaner) from http://www.revouninstaller.com/revo_uninstaller_free_download.html
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 39921170
Boot into the Advanced Boot Options screen.
Select Repair your computer.
Folow the repair steps.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 8

Author Comment

by:Scott Thompson
ID: 39921190
Spartan_1337,

I have ran Combofix and it did not find anything important, but I will upload the results form you.

Tailoreddigital,

That is a suggestion that I may have to go with, but I tend to be stubborn if it's not mine.  I want to see if there is a way to fix this first, otherwise, yes, I will backup and reload the system.

Drashiel,

I will give System Restore a try and see what happens.

cmsxpjh,

What do I need to uninstall with Revo Uninstaller?  Oh, and I did forget to mention that I have ran CCleaner on the registry to hope to repair issues, nothing.

I also uploaded a couple other logs of programs I've ran.
ComboFix.txt
Rkill.txt
RKreport-0--S-03082014-123836.txt
0
 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 39921212
The standard Windows uninstaller may not find the program or fails to completely uninstall it.  3rd party ones may have better luck.
0
 
LVL 8

Author Comment

by:Scott Thompson
ID: 39921224
cmsxpjh,

I understand about trouble uninstalling programs, but I don't know what program I'm supposed to be looking for to uninstall... :(
0
 
LVL 8

Author Comment

by:Scott Thompson
ID: 39921297
Drashiel,

I feel stupid!  The system restore worked!  I should have tried that a long time ago, but normally when the machine is this messed up, a system restore only makes it worse.  I'll see if anything else is messed up with it.
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39921334
You're not stupid, it's just that Restore is getting better as time goes on.     I wouldn't have guessed restore would have solve this either.    

Congrats on your quick fix.
0
 
LVL 8

Author Closing Comment

by:Scott Thompson
ID: 39924032
No infections, but system restore solved my issue!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now