Solved

Obvious Malware problem but all scans return clean

Posted on 2014-11-10
10
122 Views
Last Modified: 2014-11-30
Windows 7 Desktop unit;  

Many error boxes claiming bad image for .exe file.  Cite many different .dll s as being corrupt or not for use in Win 7.

I have run AVG and Malwarebytes repeatedly.  First run of Malwarebytes returned list of about 20 folders, 12 registry keys.  folders were Perion and IBUpdater which are all now quarntined.  all subsequent runs of Malwarebytes are clean.  all scans of AVG are clean.

have run Malwarebytes root kit [beta] tool and it came back clean.

have run Wise registry cleaner and scans are clean.
tried to uninstall Chrome;  system ignores request.
tried to open system properties;  quick flash error window that i cannot read and then ignored.

Nevertheless i still have all these issues that feel like malware.  

I will rebuild machine if i cannot find a reasonable fix.

booted to safe mode and did *not* have any of these issues.
Any thoughts???
0
Comment
Question by:jim morgenstern
10 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 40433060
I'd try two things: running combofix and fixing file associations with .exe if they are screwed up.

Set the file association for .exe to Windows Explorer (explorer.exe in the Windows directory)
0
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433073
What you could be seeing are the residual effects of the viruses, IE rewrote how exe files are executed. After combofix and / or tdskiller, I would try a sfc /scannow or a repair install of windows. Also, make sure browser extensions for the viruses are removed also.
0
 

Author Comment

by:jim morgenstern
ID: 40433082
i did run combofix.  looking at the directions for running it, it seems to have terminated after backing up registry and when it should have asked about Windows recovery console.  but recovery console is an old XP thing and does not seem to have made it to Win 7? so what was it supposed to do at that point ?
0
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433092
Combofix should continue on. Run it in safe mode. you will have better results that way. After a few minutes you will see things close and blue cmd windows running.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40433154
go to start > run msconfig > startup and see if you see anything strange over there
or check in your task manager if some diff. process is running in the background.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40433169
Also try running Chameleon by MBAM.  Run the svchost file in the Chameleon directory.
0
 
LVL 23

Expert Comment

by:Eirman
ID: 40433377
I'd suggest that you get a free 30 trial of hitmanPro, and update it.
Then reboot into safe mode and scan.
0
 

Author Comment

by:jim morgenstern
ID: 40433452
tried running combofix in safe mode.  get message screen:  do not run in compatibility mode" and then exits.  i am guessing that this message is from malware?  i went into IE and turned off compatibility mode and repeated combofix with same error message.  where else does compatibility mode make sense ? [running Win 7 pro].  

will try chameleon and hitman pro after lunch.

thanks guys for the help.
0
 

Accepted Solution

by:
jim morgenstern earned 0 total points
ID: 40465096
gave up after a week.  reinstalled windows.  all good.
0
 

Author Closing Comment

by:jim morgenstern
ID: 40472371
many generic responses.  tried all the suggestions.  nothing worked.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now