Vista keeps crashing, no IE or FF and can't system restore

[Soul_Survivor]

Hi

 

Really hoping someone can help me here as this is causing lots of grief!

 

Had a problem yesterday when IE8 and FF both stopped working, am using Chrome at the moment which seems to be ok.

 

Trouble is the PC keeps wanting to reboot itself, saying "Windows encounted a critical problems and will restart"

 

I've tried running a system restore but that hasn't worked. Also run a full scan with AVG and that didn't pick anything up.

 

The problems seemed to start happening while I was downloading some video capture software yesterday afternoon although I'm pretty sure there was nothing dodgy.

 

Looking further into this I have found B.exe listed in windows defender, just trying to find ways to removing this as searches are saying it's a trojan. Can anyone offer any advice on the best ways to get rid of this please?

 

Cheers

Dan

[snow]

Hi Dan, welcome to Extreme Tech Support - Free PC Help.

 

This sounds like a malware issue to me, so I've moved this to the malware forum so that we can better assist you.

 

Here is our malware removal procedure. If you can browse the web and download files using Chrome, then you should be able to follow all of the steps:

 

 

Your computer appears to be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

 

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

 

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

    

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark All the Fixed Drives.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[Soul_Survivor]

Hi Snow

 

many thanks for moving the thread and all the info.

 

I've completed step one and downloaded and installed the Malwarebytes program but am having problems running this. It opened and I clicked perform full scan, then clicked scan. But the program then closed and when I try to reopen I get an error saying:

 

windows cannot access the specified device, path or file. You may not have the appropiate permissions to access the item.

 

I've tried running as administrator and also going directly to mbam.eve on the c: but get the same thing happen.

 

Any ideas on what going wrong

 

many thanks

Dan

 

Edit: just tried to reinstall it, got as far as starting the scan bu then the prog shut down :( and I now get the same error message again. Will try in safe mode!

Edited August 27, 2009 by Soul_Survivor

[snow]

Try booting into safe mode in order to run malware bytes. Do this by re-starting the machine, then pressing F8 repetedly during startup until you get a menu with the option 'start in safe mode'.

 

If it still won't run, then navigate to the malware bytes directory in Program files, and re-name the malware bytes .exe file, then try it again.

[Soul_Survivor]

Ok I'm 99% sure I have got this sussed now. Big thanks to Snow for the tips above, they worked a treat.

 

Had a couple of problems which I'll report back on in case anyone else is searching for this information.

 

I couldn't get the Malwarebytes program to work, it would install and start the scan but then just shut down. It did the same thing when running in safe mode and if I changed the file name.

 

In the end I found the location of the B.exe file (with the trojan in it) and manually deleted. This information from found in Windows defender as a threat blocked, it was located in:

 

c:\users\username\appdata\local\temp\b.exe

 

With this deleted I was able to perform a system restore in Safe mode. Once I had done that I could run the other programs and clean things up properly.

 

Thanks again

 

Dan

[snow]

That's great Dan, glad to hear it's all sorted now :)

 

You're very welcome for the help, though I'd like to thank you as well for coming back and adding what you did to solve the problem, hopefully it can be useful to others in future.