virus stops virus scan at windows folder
- Thread starter JarJar
- Start date
- Status
IndiGenus
Emeritus- Malware Team
You had said it was in the system32 folder so I was hoping you could see what the file was.
IndiGenus
Emeritus- Malware Team
Yes, if it is BSOD'ing then the error code produced may help. It may not even be Malware related. Could be something overheating. How old and what type of PC is this?
Bsod
I tried to disable restart and got a message that Alerter needed to be turned on and that I had to do that in Admin Tools. Well I couldn't find admin tools so I haven't figured out how to do that yet. Then while trying to explain all this a couple days ago the computer shut down in the middle of my message. Fed up so I gave it a rest until today.I am on a different computer right now.
We got our computer in 2004 I think. Not sure what kind - it says Impacta by ASUS on the tower. Was built for video editing. Found out much too late that they did not put a big enough power source in when it was built and yes, it overheats, but usually will stay on most of the day. At least it did before this latest virus or whatever it was. We have it on top of the desk with the side off and a fan blowing on it when it's in use (one of the internal fans stopped working) - that has helped.
It does confuse things because I'm not always sure when it shuts off that it is because of the current infection. But it seemed back to "normal" until I ran that online virus scan and it found that worm file.
If I can get the computer to stay on long enough to work with files can I try pulling off pictures and video files/projects to a new external drive? I mean I guess I can, but is this worm going to affect everything I'm moving off? Most of my files are in a separate drive, but some are on the C drive.
I tried to disable restart and got a message that Alerter needed to be turned on and that I had to do that in Admin Tools. Well I couldn't find admin tools so I haven't figured out how to do that yet. Then while trying to explain all this a couple days ago the computer shut down in the middle of my message. Fed up so I gave it a rest until today.I am on a different computer right now.
We got our computer in 2004 I think. Not sure what kind - it says Impacta by ASUS on the tower. Was built for video editing. Found out much too late that they did not put a big enough power source in when it was built and yes, it overheats, but usually will stay on most of the day. At least it did before this latest virus or whatever it was. We have it on top of the desk with the side off and a fan blowing on it when it's in use (one of the internal fans stopped working) - that has helped.
It does confuse things because I'm not always sure when it shuts off that it is because of the current infection. But it seemed back to "normal" until I ran that online virus scan and it found that worm file.
If I can get the computer to stay on long enough to work with files can I try pulling off pictures and video files/projects to a new external drive? I mean I guess I can, but is this worm going to affect everything I'm moving off? Most of my files are in a separate drive, but some are on the C drive.
IndiGenus
Emeritus- Malware Team
That's up to you, and is sometimes the way to go when things keep shutting down and giving errors. It won't help if it's a heat related issue.
Chances are good if you are just backing up documents, pictures, and personal files that they will not be infected. You can always run a scan on your backup drive before importing it all back to the fresh OS.
You may have told me but I cannot remember and don't have time this second to review, but did you run a full system scan with Avast? If not I would suggest trying that. We can also try another online scanner too.
overheating
I just want to get my "stuff" off before it completely wears out - so I probably will do that and continue to work on cleaning it up also. I was able to run the avast scan in standard mode and it didn't find anything. Spybot found and fixed things and nothing else seemed to. I would like to try another on-line scanner. Guess I will run the long version of the avast scan. Takes forever - hope it doesn't overheat in the middle of it.
I just want to get my "stuff" off before it completely wears out - so I probably will do that and continue to work on cleaning it up also. I was able to run the avast scan in standard mode and it didn't find anything. Spybot found and fixed things and nothing else seemed to. I would like to try another on-line scanner. Guess I will run the long version of the avast scan. Takes forever - hope it doesn't overheat in the middle of it.
IndiGenus
Emeritus- Malware Team
The quick scan on this one, which is the default, doesn't take too long.
TrendMicro™ HouseCall Scan
Post any details about the scan in your next reply along with a fresh DDS log and a description of how your PC is behaving.
TrendMicro™ HouseCall Scan
- Please go HERE to run the Trend Micro™ HouseCall Scan.
- Select the appropriate version from this page (32 or 64 bit) and download it to the desktop.
- Run the executable file.
- Read and put a Check next to I accept the terms of the license agreement.
- Click Next.
- Click the Scan Now button.
- Please be patient while it scans your system.
- Once the scan is complete, it will take you to the summary page.
- Under Cleanup options, choose clean all detected infections automatically.
- Click the Clean now>> button.
- If anything was found you may be prompted to run the scan again, you can just close the browser window.
Post any details about the scan in your next reply along with a fresh DDS log and a description of how your PC is behaving.
the end
Just to let you know my status. Computer will start and sits on the screen showing the motherboard brand and pentium4 - whatever that screen is. About 1 out of 10 times it will open in safe mode but not long enough for me to get any of my files off to the external drive. Not sure if it's the end of the hard drive or if I need to re-load windows. Probably going to hook up the DVD drive and try it - can't hurt at this point. Thanks anyway.
Just to let you know my status. Computer will start and sits on the screen showing the motherboard brand and pentium4 - whatever that screen is. About 1 out of 10 times it will open in safe mode but not long enough for me to get any of my files off to the external drive. Not sure if it's the end of the hard drive or if I need to re-load windows. Probably going to hook up the DVD drive and try it - can't hurt at this point. Thanks anyway.
IndiGenus
Emeritus- Malware Team
Hmmm.....
Another option is to make a PE disk, then boot off of that. Then you could run some tests on the drive, backup your files, etc... that's if it's not something like a RAM issue or other hardware issue (not hard drive). Do you have another PC and the resources to do this?
Here are the instructions for a disk one of our developers created that will allow you to do that and run some scans. Let's get a scan here and while you're in there you can use the explorer to copy your personal files. Let me know how you make out.
Please print these instruction out so that you know what you are doing
File details OTLPEStd.exe
Bytes=97,702,766
MB=93.1
MD5=FC1A07D156DE710955032B1CF7891671
File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A
Another option is to make a PE disk, then boot off of that. Then you could run some tests on the drive, backup your files, etc... that's if it's not something like a RAM issue or other hardware issue (not hard drive). Do you have another PC and the resources to do this?
Here are the instructions for a disk one of our developers created that will allow you to do that and run some scans. Let's get a scan here and while you're in there you can use the explorer to copy your personal files. Let me know how you make out.
Please print these instruction out so that you know what you are doing
File details OTLPEStd.exe
Bytes=97,702,766
MB=93.1
MD5=FC1A07D156DE710955032B1CF7891671
File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A
- Download OTLPEStd.exe to your desktop
- Download OTLPENet.exe to your desktop
- Ensure that you have a blank CD in the drive
- Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Drag and drop this attached scan.txt into the Custom scans and fixes box
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system.
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
IndiGenus
Emeritus- Malware Team
:bigthumb:
You're essentially bypassing the hard drive for loading the system. Hopefully you can still "see" it so you can copy your data. If it still won't load from a PE disk then it's probably not the hard drive or OS, and some other hardware issue.
IndiGenus
Emeritus- Malware Team
No problem and thanks for checking in. We'll keep the thread open as long as you need as long as you check in within 5 days or so.
great 
I'm at my mom's house trying to load the two PE executables to a CD and it keeps saying cannot format medium-incompatible medium. I've used 4 CD's and it happens with all of them at about 83%. So I guess I will try it at some other computer but not sure when or where that will be. rats
I'm at my mom's house trying to load the two PE executables to a CD and it keeps saying cannot format medium-incompatible medium. I've used 4 CD's and it happens with all of them at about 83%. So I guess I will try it at some other computer but not sure when or where that will be. rats
- Status