Tweaking.com Support Forums
Main Forum => Tweaking.com Support & Help => Topic started by: cnnashman on January 31, 2013, 04:30:30 pm
-
Hi Shane, i ran your all in one windows repair because i finally was given the green light my Majorgeeks that my computer was malware free. A certain file keeps popping up and i'm not positive why this is not being fixed in your program , it's called msdt.exe and supposedly it's a critical windows system file.
It never came up or showed itself after i used your program in the past so what do you think it is and how do i fix it. I should say i left the repair wmi and repair windows firewall unchecked in my most recent repair because it makes the anti virus unnoticed in action center and i find that annoying even though i can uncheck the box.
Thanks
-
The program doesn't replace or delete any files, thats why I have the system file checker in some of the first steps :wink:
You say that msdt.exe keeps pooping up. We should check to see if somehow it is in one of your startup locations.
The file is Diagnostics Troubleshooting Wizard, and is normally only opened when you click on something in Windows to trouble shoot.
Can you post a screen shot of it when it pops up?
Shane
-
Ok here is the screenshot, when i click it on the following shows up. "C:\Windows\system32\sdclt.exe"\UIMODE\SHOW
-
when i click it on the following shows up
When you click on what?
Shane
-
Oops sorry, when i click on the more info box regarding backing up and making restore points.
-
OK so Diagnostics Troubleshooting Wizard only comes up when you click more info?
What about system restore, if you go and open it directly do you have it open there as well?
I was under the impression the Diagnostics Troubleshooting Wizard was opening by itself every time you started windows :wink:
Shane
-
OK, yes the TDW only comes up when i click more info . When i clicked on system restore i got this pop up (do you want to make changes from an unknown publisher ) and here is what it says (rstrui.exe)
One odd thing is when i want more info on something like a certain file the computer automatically goes to the windows media center page.
Regarding your question about the diagnostic windows tool opening and popping up when going to windows , no it doesn't do that, it does that only when i click on certain files.
I think i'm missing certain files or something because i am seeing this file called winsxs/temp/pending renames when i do a scan.
-
When i clicked on system restore i got this pop up (do you want to make changes from an unknown publisher ) and here is what it says (rstrui.exe)
Something isnt right, have you done a system file check on the system yet?
Also just to be sure your system is clean have you ran tdsskiller.exe, combofix.exe and malwarebytes anti root kit on the system yet?
Shane
-
I have run Tdsskiller a few different times and it found nothing , i have run Malwarebytes and it's rootkit scan and it also came up with nothing. Majorgeeks had me run MG tools and i posted a log and one guy said he saw no malware , but i don't know for sure.
Maybe i need to run the Combofix
-
http://www.bleepingcomputer.com/download/combofix/
Turn off your antivirus when you use it. I use combofix as the last tool in case the others dont find anything.
Shane
-
Thanks Shane, i will run it.
-
Shane where does it tell me what files are suspicious or what would be the next step. I included the file
Thanks
-
It did see something, you will notice by the bull crap names that these are bad files
R0 mjvhhu;mjvhhu;
R0 ovanvq;ovanvq;
R0 pefxbo;pefxbo;
R0 ssuhop;ssuhop;
But the question is are those files gone and where are they if they are not?
Shane
-
Thank you, i will figure it out eventually.
-
Is everything else working ok? If not then a repair install would be the next best thing, you will keep all your programs and settings but Windows will get reinstalled.
http://www.sevenforums.com/tutorials/3413-repair-install.html
And since you have Windows 7 with SP1 you will need a disk of Windows 7 with SP1 already on it, if you dont have one you can grab an image here :wink:
http://en.community.dell.com/support-forums/software-os/w/microsoft_os/3316.2-1-microsoft-windows-7-official-iso-download-links-digital-river.aspx
Shane
-
Thanks Shane, i really appreciate it and yes, i am spreading the word about your site and have been since i first experienced it. Once i find work i plan on donating as well.
Thanks again
-
msdt.exe - Trojan W32.Tilebot-BQ
[A quick search of the issue yielded this result]
Combofix 'should have gotten it', but; you can try the Sophos tool:
--
Virus Removal Tool Free virus detection and removal Removes viruses, spyware, rootkits and fake antivirus
100% free! Totally, absolutely, completely
Supports Windows XP, Vista and 7
Works alongside your existing antivirus
--
===========
W32/Tilebot-BQ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-BQ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: PNP (MS05-039), ASN.1 (MS04-007), and RPC-DCOM (MS04-012), and by copying itself to network shares and Microsoft SQL servers protected by weak passwords.
W32/Tilebot-BQ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
W32/Tilebot-BQ includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Tilebot-BQ copies itself to <Windows>\msdt.exe.
===========
hth
-
According to what you have listed, it looks like maybe a trojan. Download this.
http://superantispyware.com/index.html
Just download the portable version (the personal edition is free), that way you don't have to install it, all you have to do is run it (create a system restore first).
Superantispyware is really good at removing trojans (usually). Then you may want to run malewarebytes (use the free version, you will install this one) for good measure.
http://www.malwarebytes.org/
Which antivirus are you running?
Shane, what are your thoughts on this?
Chris
-
Oops sorry guys :omg:. I read the post wrong and you two are on top of it. I need sleep bad :confused: lol Hope I maybe could have helped. So I'll stop making a fool of myself and just go to bed now.
Chris
-
You guys are doing good with it, so didnt think I need to post yet :-)
Shane
-
I have tried to remedy this heur Trojan which i got from a reimage program (has nothing to do with Shane's programs) and i got help from Majorgeeks and Bleeping computer but they are telling me they don't see any malware.
This reimage program continues to pop up on my screen enticing me to click it on . Anti virus programs are finding nothing but i suspect my computer is being controlled remotely at times because the hard drive is always going full bore etc...
Any other ideas guys, very much appreciated.
-
Did you try the anti rootkit by malwarebytes yet?
http://www.malwarebytes.org/products/mbar/
Shane
-
Yes, on numerous occasions, i don't think there is a rootkit remover/antivirus/on demand scanner i have not tried at this point. I am thinking the best thing to do is purchase a recovery disk from my laptops manufacturer (asus) model U56E and reinstall windows because i have even started from scratch a few times by using the partitions without success in ridding it.
My laptop didn't come with the disks unfortunately, and i didn't make them as i should have . I wish i didn't have to purchase them because i have been out of work for a long long time but i will have to if it's needed to correct this.
Do you think this is a good option? Thanks a lot
-
Dont do a factory restore, instead just do a repair install like I said in an earlier post. I even gave you a link to get a windows 7 disk downloaded and a guide on how to do a repair install :-)
Is everything else working ok? If not then a repair install would be the next best thing, you will keep all your programs and settings but Windows will get reinstalled.
http://www.sevenforums.com/tutorials/3413-repair-install.html
And since you have Windows 7 with SP1 you will need a disk of Windows 7 with SP1 already on it, if you dont have one you can grab an image here :wink:
http://en.community.dell.com/support-forums/software-os/w/microsoft_os/3316.2-1-microsoft-windows-7-official-iso-download-links-digital-river.aspx
Shane
-
Awesome, thanks Shane, your the best.
-
No problem :-)
Shane
-
Ok i downloaded the iso file and before i proceed i want to let you know that i don't have anything on this computer that i want to save , am system restore has not worked to rid this infection. So my question, will the repair install be better or more effective than using the asus partition recovery method?
The recovery that i have used shows the screen saying factory installation in progress and after about 20 minutes it says preparing your computer for first use. That has not worked so i am hoping this repair install method will work but i don't care about saving anything because there really is nothing to save.
-
Do the repair install first, if it fails you could go back to the factory default. But the nice thing is you can also do a fresh install where everything is wiped. Just make sure to download and save network drivers to something first so you can get back online after :wink:
Shane
-
Alright i'm going to give it a try, now if this does not work as expected i will need to order a disk from Asus i believe for a complete wipe and reinstall , if that's wrong let me know .
Thanks Shane
-
Well finally got it done but it didn't work unfortunately, guess i need to do a clean install. I think i will need a Asus disk for that.
-
I hate factory default installs. SO much crap installed with them.
Instead, since you dont need to backup anything do a fresh install yourself. :-)
Before you do go to the asus page for your system and download the network drivers. Then save them to a thumb drive. Take the thumb drive out, and boot off the Windows 7 cd. Once in the setup have it format the windows drive and install fresh on it.
Once it is installed put the thumb drive in and install the network drivers. You can now get online. You can then go to the asus page and download the rest of the drivers. Once done do all your Windows updates.
Now the system is ready to go and you are ready to install your programs. If you like I can give you a list of free programs I install on all my customers machines, includes Librea office, antivirus, Firefox, java, flash, cd burning, backups, and some more and they are all free :-)
Shane
-
To do what you recommend i need the CD from Asus correct? Or can i use a copy of the iso file and burn it to CD.
I also noticed there is another method with something called the uifc or something along those lines.
-
Burn the ISO you got to a cd. You now have a clean Windows 7 cd :-)
Boot off the cd and do as I said in the last post :wink:
Shane
-
Thanks a lot much appreciated, i think i would like to know how you do your computers, i didn't even know you offered your own pre configured computers, i'll have to really consider that for myself and friends in the future.
Thanks for the quick response as well.
-
I own and run a computer repair business :-)
So I do a lot of reinstalls.
After Windows is installed and updated run my system tweaker
http://www.tweaking.com/content/page/simple_system_tweaker.html
Then all these programs go on all my installs and are all free:
Zip program - 7-Zip - http://www.7-zip.org/download.html
PDF reader and flash - www.adobe.com
Antivirus - Free version of avast - www.avast.com
Backup - fbackup - www.fbackup.com
cd-burning - CDBurnerXP - http://cdburnerxp.se/en/download
Memory cleanup - My own program CleanMem - http://www.pcwintech.com/cleanmem
Firefox - www.getfirefox.com
ISO burner - ImgBurn - http://www.imgburn.com/index.php?act=download
Java - java.com
Office, Word, Excel, ect. - Libre Office - http://www.libreoffice.org/download/
Email - Thunderbird - http://www.mozilla.org/en-US/thunderbird/
Picture editing - 2 programs
Paint.net - http://www.getpaint.net/
Google Picasa - http://dl.google.com/picasa/picasa39-setup.exe
Shane
-
That's great, i would go out of my way to have you work on my computers, don't know where your located though.
Quick question, at the Asus website what would the drivers i need to put on a thumb drive be listed under, doesn't seem to say drivers just things like utilities, bios, etc...
Thanks
-
What model is your system?
I need the exact model, it will be on a sticker.
Shane
-
I think i figured it out, but the model is U56E BBL6
win 7 2430 intel I- 5 Sandy Bridge Asus
-
Driver page, you will need it after
http://support.asus.com/Download.aspx?SLanguage=en&m=U56E&p=3&s=343
And you will see the LAN driver, thats the one you want so it can get back on the net after the reinstall.
Shane
-
Great, that's the page i have been on and i am just going down the list. So far i have the latest lan driver, graphics driver,chipset, and audio on the thumb drive and will go down the list.
I think i'm doing it right, some say they are drivers and some don't though.
Ya know i just noticed there are around 6 or 7 Microsoft hotfix apps but it doesn't mention what they are for.
-
I cant believe this, i just got done with the new install and booted from the iso dvd and used the Thumb drive for the network drivers and everything went fine. I installed the Kaspersky disk that i have had for awhile and still have coverage until june so i used that to get the anti v up . After all said and done that Reimage program keeps popping up like crazy, i don't know what else i can do.
Ya know i'm starting to think that Reimage program may not be unusual and i am hoping everyone else is seeing the same thing i see. I mean i am almost positive it's a rogue program but i'm curious to see what others see on their screen when they first click on Tweaking.
As soon as i click it on there is always a Mcafee program from Reimage, thats what it says (i know your site is clean ) but i am wondering if others see this program as well and then i would be able to rule out that it's just my computer.
-
There is no way reimage could be on the system if your formatted the drives in the Windows setup.
When you format the drive it wipes everything. I normally just delete the partition and dont format. Windows remakes the partition and all boot records and files are gone in a nice fast way.
Shane
-
After wiping the system by deleting and formatting this is what i still get, whether it's active or not i can't tell but nothing has changed.
Maybe i need to use Dban or something similar because this thing is incredibly difficult to get rid of. Do you think i need to wipe the drive with a more thorough method like with the program above.
Now all the screenshots in the attachments are from the Reimage program , the Seven forums one is difficult to see because it's small but you can see the Reimage logo there as well.
It doesn't matter where i go that pop up is there regardless.
-
Those are not popups, those are just ads that are on the sites :wink:
Shane
-
All i am questioning is why am i having all the same Reimage advertisements after i clicked on it once in the past but before i clicked on it i had zero Reimage advertisements .
Granted i don't know whats normal in regards to advertising ads on websites and here's a new one that looks like an ad for XP burner but i know it's not a legit program.
-
Hi
You must have a bunch of tracking cookies or something of that nature reading your surfing habits to give you ad's based on your surfing nature. I hate these, so here are a number of things to try to block them.
http://www.ghostery.com/
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
and something extra for IE
http://www.techgeekandmore.com/2013/02/10/removing-vibrant-in-place-ads-in-internet-explorer/
I use firefox specifically so the top two will work great for firefox (I use them both, They work to well sometimes, so you may need to unblock some cookies and widgets to see certain add's in different sites or may be to log in).
I have set firefox to only keep tracking cookies I want. For example I have set firefox to keep cookies for this website and forum.
When I close firefox it will delete cookies I haven't specified.
As you cant tell I hate being tracked or ad's trying to get me to spend money.
It isn't 100%. But it's a good start.
I also use open dns which helps to block some of this crap as well.
Chris
-
Thanks Chris, i was just curious about having once clicked on the rogue program Reimage (supposedly there's a legit program called that but of course i found the bad one) that when it now appears on pages that i visit that it must mean i'm still infected by it.
-
You need to delete your cookies then use the tools I suggested. Your not infected by anything bad. You have tracking cookies on your system. Every site use's tracking cookies. With out them you wouldn't be able to log into your favorite sites or even look at video. You need cookies for almost everything anymore. You want to do is get rid of the ones that aggravate you and keep the ones that don't.
CCleaner does a good job of deleting cookies.
Download it and run it. Keep the default settings with the exception of tracking cookies, enable this for deletion. Run a system restore first, and stay away from the registry cleaner unless you know what your doing or are prepared for the possible consequences.
Once you delete the cookies, any user I'D's and passwords you have saved will be deleted (they are cookies to). Then set up firefox to keep the ones you want. This with the tools should take care of it. I hope :wink: LOL!
Chris
-
I know about cookies, i have them turned off at all times. The thing that baffles me is that this Reimage program is shown on every page i visit regardless. Before i clicked it on that one time in the past i never have seen the ads for it on any page. The Reimage program is the only ads that i ever see , only very very occasionally do i see any other ads.
Even after two complete reinstalls that ad still always shows itself and cookies are always turned off. I always fill in my login details manually at all sites, never do they fill in themselves.
-
With a fresh install you wouldnt have any old cookies or anything old at all.
Reimage has a huge ad campaign going right now so it is no wonder you are seeing it. But again those are just ads. There is nothing infected or wrong on the system :wink:
Install firefox and use the adblock add on and you wont see ads any more. Even though I make money from ads on my site I use firefox and adblock LOL
Shane
-
Alright thanks, whats your opinion on Chrome vs Firefox? Is Firefox the more secure browser?
-
I use firefox because I like my toolbars for working lol. Chrome is also good but much more cut down on interface. Both are far better than IE and both have adblock add ons. SO try both and use the one you like :-)
Shane
-
Thanks Shane.
-
My windows update auto update stopped working and i have tried everything to get it to auto update but to no avail. It does manually update but i noticed a new file in my temps folder that i can't delete.
It's a system 32 called wuaucpl.cpl . I believe this is a backdoor that is part of that Tilebot Trojan that another member mentioned i had earlier in this thread.
I did a reformat and have not even been to any sites that are even remotely questionable so i'm baffled once again.
-
Thats just the Windows control panel windows update icon. That is normal :-)
If your Windows updates isnt working run my repair tool on it.
Shane
-
Hi Shane, could you post another link that has the win 7 64 bit SP1 iso download available, the other one posted isn't working for me anymore. Thank you
-
Dell removed the page for some reason, so I found another one :-)
https://sites.google.com/site/linuxlablibrary/windows-iso
Shane
-
Thanks, that's great.
-
Hi Shane, i installed the free Avast and like it, however i have a question. While doing a scan Avast flagged the files in the following screenshot.
-
Might be a false positive, might not. It moved it to quarantine, so let it be, but if you system has any trouble then you can restore those files :wink:
Shane