Solved

Obvious Malware problem but all scans return clean

Posted on 2014-11-10
10
128 Views
Last Modified: 2014-11-30
Windows 7 Desktop unit;  

Many error boxes claiming bad image for .exe file.  Cite many different .dll s as being corrupt or not for use in Win 7.

I have run AVG and Malwarebytes repeatedly.  First run of Malwarebytes returned list of about 20 folders, 12 registry keys.  folders were Perion and IBUpdater which are all now quarntined.  all subsequent runs of Malwarebytes are clean.  all scans of AVG are clean.

have run Malwarebytes root kit [beta] tool and it came back clean.

have run Wise registry cleaner and scans are clean.
tried to uninstall Chrome;  system ignores request.
tried to open system properties;  quick flash error window that i cannot read and then ignored.

Nevertheless i still have all these issues that feel like malware.  

I will rebuild machine if i cannot find a reasonable fix.

booted to safe mode and did *not* have any of these issues.
Any thoughts???
0
Comment
Question by:jim morgenstern
10 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 40433060
I'd try two things: running combofix and fixing file associations with .exe if they are screwed up.

Set the file association for .exe to Windows Explorer (explorer.exe in the Windows directory)
0
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433073
What you could be seeing are the residual effects of the viruses, IE rewrote how exe files are executed. After combofix and / or tdskiller, I would try a sfc /scannow or a repair install of windows. Also, make sure browser extensions for the viruses are removed also.
0
 

Author Comment

by:jim morgenstern
ID: 40433082
i did run combofix.  looking at the directions for running it, it seems to have terminated after backing up registry and when it should have asked about Windows recovery console.  but recovery console is an old XP thing and does not seem to have made it to Win 7? so what was it supposed to do at that point ?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433092
Combofix should continue on. Run it in safe mode. you will have better results that way. After a few minutes you will see things close and blue cmd windows running.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40433154
go to start > run msconfig > startup and see if you see anything strange over there
or check in your task manager if some diff. process is running in the background.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40433169
Also try running Chameleon by MBAM.  Run the svchost file in the Chameleon directory.
0
 
LVL 23

Expert Comment

by:Eirman
ID: 40433377
I'd suggest that you get a free 30 trial of hitmanPro, and update it.
Then reboot into safe mode and scan.
0
 

Author Comment

by:jim morgenstern
ID: 40433452
tried running combofix in safe mode.  get message screen:  do not run in compatibility mode" and then exits.  i am guessing that this message is from malware?  i went into IE and turned off compatibility mode and repeated combofix with same error message.  where else does compatibility mode make sense ? [running Win 7 pro].  

will try chameleon and hitman pro after lunch.

thanks guys for the help.
0
 

Accepted Solution

by:
jim morgenstern earned 0 total points
ID: 40465096
gave up after a week.  reinstalled windows.  all good.
0
 

Author Closing Comment

by:jim morgenstern
ID: 40472371
many generic responses.  tried all the suggestions.  nothing worked.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question