Solved

Obvious Malware problem but all scans return clean

Posted on 2014-11-10
10
131 Views
Last Modified: 2014-11-30
Windows 7 Desktop unit;  

Many error boxes claiming bad image for .exe file.  Cite many different .dll s as being corrupt or not for use in Win 7.

I have run AVG and Malwarebytes repeatedly.  First run of Malwarebytes returned list of about 20 folders, 12 registry keys.  folders were Perion and IBUpdater which are all now quarntined.  all subsequent runs of Malwarebytes are clean.  all scans of AVG are clean.

have run Malwarebytes root kit [beta] tool and it came back clean.

have run Wise registry cleaner and scans are clean.
tried to uninstall Chrome;  system ignores request.
tried to open system properties;  quick flash error window that i cannot read and then ignored.

Nevertheless i still have all these issues that feel like malware.  

I will rebuild machine if i cannot find a reasonable fix.

booted to safe mode and did *not* have any of these issues.
Any thoughts???
0
Comment
Question by:jim morgenstern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 40433060
I'd try two things: running combofix and fixing file associations with .exe if they are screwed up.

Set the file association for .exe to Windows Explorer (explorer.exe in the Windows directory)
0
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433073
What you could be seeing are the residual effects of the viruses, IE rewrote how exe files are executed. After combofix and / or tdskiller, I would try a sfc /scannow or a repair install of windows. Also, make sure browser extensions for the viruses are removed also.
0
 

Author Comment

by:jim morgenstern
ID: 40433082
i did run combofix.  looking at the directions for running it, it seems to have terminated after backing up registry and when it should have asked about Windows recovery console.  but recovery console is an old XP thing and does not seem to have made it to Win 7? so what was it supposed to do at that point ?
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433092
Combofix should continue on. Run it in safe mode. you will have better results that way. After a few minutes you will see things close and blue cmd windows running.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40433154
go to start > run msconfig > startup and see if you see anything strange over there
or check in your task manager if some diff. process is running in the background.
0
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
ID: 40433169
Also try running Chameleon by MBAM.  Run the svchost file in the Chameleon directory.
0
 
LVL 24

Expert Comment

by:Eirman
ID: 40433377
I'd suggest that you get a free 30 trial of hitmanPro, and update it.
Then reboot into safe mode and scan.
0
 

Author Comment

by:jim morgenstern
ID: 40433452
tried running combofix in safe mode.  get message screen:  do not run in compatibility mode" and then exits.  i am guessing that this message is from malware?  i went into IE and turned off compatibility mode and repeated combofix with same error message.  where else does compatibility mode make sense ? [running Win 7 pro].  

will try chameleon and hitman pro after lunch.

thanks guys for the help.
0
 

Accepted Solution

by:
jim morgenstern earned 0 total points
ID: 40465096
gave up after a week.  reinstalled windows.  all good.
0
 

Author Closing Comment

by:jim morgenstern
ID: 40472371
many generic responses.  tried all the suggestions.  nothing worked.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question