Author Topic: TWEAKING IDENTIFIED AS A VIRUS & HOW ABOUT A BOOTABLE TWEAKING TOOL ???  (Read 9322 times)

0 Members and 1 Guest are viewing this topic.

Offline LIGHTTY-1

  • Newbie
  • *
  • Join Date: Sep 2014
  • Posts: 7
  • Karma: 0
    • View Profile
I suspect a DEEPLY hidden infection on my MBR.. I ran a "bootable" SOPHOS Anti-Virus tool & it showed the "tweaking" program as a "Virus" today.. It apparently cleaned it up though- whichever file was "infected" because subsequent scans did not find it.. THe Tweaking programs I use are still on my desktop so it must've just been a file or files ??

Also, I can't get my computer to go into SAFE MODE with or without NETWORKING Anymore.. I went out of my way to do "Drive cleansing" via Seagate Disc Wizard ( DOD Standards & Quick ), ran Darin's Nuke & Boot a few times, reinstalled my Windows-7 Home Premium & still can't get into SAFE MODE.. I used Tweaking Repair - free version ) in NORMAL mode a few times & SELECTED "fix safe mode" but STILL can't get into SAFE MODE ???? Sometimes it will let me log into SAFE MODE then I see right after it shows "GROUP POLICY CLIENT", it immediately Re-Boots so the Computer starts in NORMAL Mode ???? YOU SHOULD CREATE AN ISO that can be burndt to CD so your program can launch from the DOS MODE for users who can't get into SAFE MODE !!!!

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
I assume you had to reinstall Windows Repair after the Win 7 reinstall ?

Check Event Viewer to see if it has anything recorded for Group Policy errors and check in Services that the Group Policy Client is showing as Started and Automatic.

However, I would have thought that an OS reinstall would have sorted out any system anomalies.

What AV program are you using ?

Offline LIGHTTY-1

  • Newbie
  • *
  • Join Date: Sep 2014
  • Posts: 7
  • Karma: 0
    • View Profile
Yes, I re-installed Windows Repair..I use FREE AVG AntiVirus- HIGHLY recommended by a Computer repair expert in Wisconsin.. Any other ideas ?? Event Viewer is not very helpful to me. It did show something about the UPnP device host & SSDP Discovery services not started but even after RESTARTING those & setting those to AUTOMATIC- Same issue- Can't go into ANY SAFE MODE ????? I've burndt ISO's onto CD's today which are  bootable Recovery Tools by SOPHOS, AVG, Kaspersky, COMBO FIX, etc. done Scans & nothings being found ??

The last 5 files I see loading in SAFE MODE before I get to the LOG-IN Page are AVG files ( last one being avgidsha.sys ), but thing is, my other Computer ALSO shows the exact same thing but that one gets me into SAFE MODE OK....

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
I've seen AVG cause problems before and while I'm not saying it is responsible in this case, either turning it off or using its Uninstaller to eliminate it would be a first step I would take.

I use Norton Security on two laptops and it has blocked an otherwise known safe program on one machine while not taking any action against it on the other.

You can force a Safe Mode boot through msconfig by going Start - type msconfig and press enter then under the Boot tab check the box for Safe boot and then the one for Network - Apply - Ok then reboot, but do not check the box to make settings permanent.

You can also use the bcdedit commands from a command prompt run as an administrator to boot into the various Safe boot options, but Group Policy in Home Premium is a difficult one.

http://www.sevenforums.com/tutorials/69585-safe-mode.html

The reason for running Windows Repair in Safe Mode is to isolate the AV program as it can interfere with the Permissions and you don't need the Networking aspect of Safe Mode for Win 7, so see if any of the alternate options to boot into Safe Mode will work and then run WR a couple of times.

If disabling or uninstalling AVG or any of the alternate methods don't resolve the Safe boot problem, then disable AVG and then run WR.

Windows Firewall will still be active but you could disconnect from the Internet for the duration.

As you suspect, a boot sector infection will also prevent you from booting up into Safe Mode and a scan with the Kaspersky Rescue disk is recommended to check for that.

This article recommends running Combofix but I think it is a dangerous program in that it can take out legit files - it did once for me, so create an external system image before running it.

 https://malwaretips.com/blogs/cant-boot-into-safe-mode/


Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
first off tweaking.com WR is not a virus. sophos bootable cd most likely detected it as a generic most A/V programs detect harmless software as generics kinda annoying to be honest. anyways there are reasons why wr can not be bootable because it calls on the registry and files of the loaded os so if it's bootable then it will only call the live os not the offline os.
Julian