?
Solved

Obvious Malware problem but all scans return clean

Posted on 2014-11-10
10
Medium Priority
?
138 Views
Last Modified: 2014-11-30
Windows 7 Desktop unit;  

Many error boxes claiming bad image for .exe file.  Cite many different .dll s as being corrupt or not for use in Win 7.

I have run AVG and Malwarebytes repeatedly.  First run of Malwarebytes returned list of about 20 folders, 12 registry keys.  folders were Perion and IBUpdater which are all now quarntined.  all subsequent runs of Malwarebytes are clean.  all scans of AVG are clean.

have run Malwarebytes root kit [beta] tool and it came back clean.

have run Wise registry cleaner and scans are clean.
tried to uninstall Chrome;  system ignores request.
tried to open system properties;  quick flash error window that i cannot read and then ignored.

Nevertheless i still have all these issues that feel like malware.  

I will rebuild machine if i cannot find a reasonable fix.

booted to safe mode and did *not* have any of these issues.
Any thoughts???
0
Comment
Question by:jim morgenstern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 40433060
I'd try two things: running combofix and fixing file associations with .exe if they are screwed up.

Set the file association for .exe to Windows Explorer (explorer.exe in the Windows directory)
0
 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433073
What you could be seeing are the residual effects of the viruses, IE rewrote how exe files are executed. After combofix and / or tdskiller, I would try a sfc /scannow or a repair install of windows. Also, make sure browser extensions for the viruses are removed also.
0
 

Author Comment

by:jim morgenstern
ID: 40433082
i did run combofix.  looking at the directions for running it, it seems to have terminated after backing up registry and when it should have asked about Windows recovery console.  but recovery console is an old XP thing and does not seem to have made it to Win 7? so what was it supposed to do at that point ?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 13

Expert Comment

by:Gabriel Clifton
ID: 40433092
Combofix should continue on. Run it in safe mode. you will have better results that way. After a few minutes you will see things close and blue cmd windows running.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40433154
go to start > run msconfig > startup and see if you see anything strange over there
or check in your task manager if some diff. process is running in the background.
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 40433169
Also try running Chameleon by MBAM.  Run the svchost file in the Chameleon directory.
0
 
LVL 24

Expert Comment

by:Eirman
ID: 40433377
I'd suggest that you get a free 30 trial of hitmanPro, and update it.
Then reboot into safe mode and scan.
0
 

Author Comment

by:jim morgenstern
ID: 40433452
tried running combofix in safe mode.  get message screen:  do not run in compatibility mode" and then exits.  i am guessing that this message is from malware?  i went into IE and turned off compatibility mode and repeated combofix with same error message.  where else does compatibility mode make sense ? [running Win 7 pro].  

will try chameleon and hitman pro after lunch.

thanks guys for the help.
0
 

Accepted Solution

by:
jim morgenstern earned 0 total points
ID: 40465096
gave up after a week.  reinstalled windows.  all good.
0
 

Author Closing Comment

by:jim morgenstern
ID: 40472371
many generic responses.  tried all the suggestions.  nothing worked.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question