Unable to open archive file

[Ante15]

Hello! Here's the summary.
I was infected, dunno if it was worm,malware or something 3rd.
I completely reinstalled my Windows not from the image but from delete everything menu in windows 10 recovery.
When i got back, I thought there were no problems,but now I see I was wrong.
The info of what infection did - it was using 50-90% of my CPU and my memory.
Service local host(18) did that, and I think antimalware service executable.
Antimalware is still using the same amount of data as when infected (60mb) and I dont know what it is.
But lets get to the problem. I can't install antimalware("The system cannot find the path specified") nor this repair("Unable to open archive file").
I tried running portable version is safe mode and when I click repair - it closes and says program has stopped working.
What do I do? Is it possible the infection survived the reinstall or it just caused problems on my PC and how do I fix it?

[Boggin]

It's quite possible that the infection did survive the recovery.

Is the CPU/Memory usage still high in Safe Mode with Networking ?

In that mode download and run ESET Free Online Scanner http://www.eset.com/us/online-scanner/

Check the boxes for the PuPs then click on Advanced and check all of the boxes.

This will extend the scan time substantially but will be thorough.

Process Explorer will show what is running on your system https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

As I already have this program set up, I don't know if Verify Signature and VirusTotal are now auto enabled, but click on Options and ensure Verify Signature is checked and then hover over VirusTotal.com and check its box.

Using the menu will give you various options to kill or find out what a particular process is by right clicking on it and selecting Search Online.

Anything in red in the VirusTotal column with a highish value/~50 will be suspect which you can then do an online search for.

[Ante15]

safe mode with networking wont connect to the interet... i put LAN in and still, is shows little red x and I cant troubleshoot it because its in safe mode, in normal mode LAN works...

[Ante15]

and also win 10 repair disk doesnt load up in advadnced restart mode when i click use repair disk... it is there when i go to manage drivers but i cant boot it up

[Boggin]

Are you able to download the ESET Scanner and/or Process Explorer in normal mode ?

EDIT - Deleted this bit as it relates to another thread

As for booting up with the Win 10 disk, can you get into the BIOS or use F12 to change the Boot order ?

[Ante15]

Are you able to download the ESET Scanner and/or Process Explorer in normal mode ?

In Services, RPC is dependent upon DCOM Server Process Launcher and RPC Endpoint Mapper both being started with their default settings as Started and Automatic - as RPCS should be - can you check those.

As for booting up with the Win 10 disk, can you get into the BIOS or use F12 to change the Boot order ?

Yes I can,but when i boot up from disk, I can but I dont know what do do then, i booted from disk and then nothing, it didnt repair anything.

[Boggin]

Just to clarify, when you boot up normally can you download and run either of those two programs ?

Before going onto trying to repair anything, I think it would be best to run Process Explorer to see what is causing the high CPU/Memory and if necessary - kill it, then run ESET to ensure you are infection free.

I don't have Win 10 to check this out but when I boot up with a Win 7 install disk I get either an inverse window with options or the option to Repair your Computer link in the splash screen to click on.

From these I can select the repair options.

What do you get when you boot up with the install disk ?

[Ante15]

Can run both programes, when I insert install disk, I got option to repair,but it says problem found,but unable to repair!

[Ante15]

Startup Repair diagnosis and repair log
---------------------------
Number of repair attempts: 1

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 140 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 203 ms

Root cause found:
---------------------------
The operating system version is incompatible with Startup Repair

---------------------------
---------------------------
 


this is what I got when tried to repair within windows

[Boggin]

When you selected Startup Repair, can you also select Command Prompt after booting up with the install disk ?

If you can, enter these commands -

bcdedit |find "osdevice"

That is a Pipe symbol before find which is the upper case of \

From the Startup Repair log this should return partition D but using whichever partition letter, enter (assuming D )

sfc /scannow /offbootdir=D:\ /offwindir=D:\Windows

Note the space before each forward slash.

Enter exit to close the cmd window, remove the disk then click on Restart to see how that works.

[Ante15]

what do you think about a new reinstallation? from bios?

[Boggin]

It would have to be a clean install to overwrite everything, but were you able to run the offboot sfc /scannow and did ESEt find anything ?

[Ante15]

was able to run sfc, but cant connect to networking in safe mode. I'll try without safe mode, but that wont get us anywhere

[Boggin]

If you could download the programs in normal mode then you should be able to run them in normal mode.

Downloading and running them in Safe Mode with Networking is just a belt and braces should there be an infection that could block all downloads in attempt to defend itself.

What did the sfc /scannow report ?

[jraju]

Safe mode with networking should work if your net is connected. I do not think there is probem in connectivity. The connection is not allowed. Did you trouble shoot the network connection in safe mode. It would give the solution or the problem details.
                          When in normal mode, if it could establish the connection, some thing is preventing it in safe mode. The troubleshoot would fix it or say what it is? Did you try . Just right click on the network tray icon and click trouble shoot with internet on.

[Boggin]

Safe mode with networking should work if your net is connected. I do not think there is probem in connectivity. The connection is not allowed. Did you trouble shoot the network connection in safe mode. It would give the solution or the problem details.
                          When in normal mode, if it could establish the connection, some thing is preventing it in safe mode. The troubleshoot would fix it or say what it is? Did you try . Just right click on the network tray icon and click trouble shoot with internet on.

Diagnostics can't run in Safe Mode so it's a bit of a Catch22 situation.

Need to know what the sfc /scannow reported but I suspect Ante15 is in the process of a clean install.

[Julian]

That little red x is a lie lol in Windows 10 safe mode it will show disconnected but actually it is connected. Just open up your browser type in Google.com and it will pop up.