Messages

1

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 06:35:35 pm »

That's great news - I was in the process of asking you to check if you got the same in a clean boot.

for last reference; run sysinternals again in safe mode and adm mode to double chk any issues

Sorry but I don't know whick one to download: https://technet.microsoft.com/en-us/sysinternals/bb545027
Which one in this list I do have to download? AutoRuns, Desktops, Process Explorer...?

2

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 03:54:10 pm »

Oooh! Now that I complitely removed the virus it looks like also the VGA is working fine again! Not even GTA5 is crashing anymore! Amazing!

3

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 01:20:08 pm »

This is the problem, if you are interested
http://s7.postimg.org/uaj5zrift/20150611_184746.jpg

4

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 12:23:17 pm »

I'm not sure what you mean by "artefacts"

Is there something still on your computer lurking in the background ?

Maybe I spelled that wrong?
Whenever I play a "heavy" game or whatever which "stress" my VGA, it's starting to giving me errors in the screen and crashes...things like this:
https://public.dm2302.livefilestore.com/y2pV4ykwqIn5dlxOm_qlbYjCLIbc92h5peQ6vTJwI2GEZpBoPb2Okqyi-5EAExJax62DTz3vTCo2yefgfl3JpWqdmGJ7h2I6JS8bJSwpt_-L0c/2.jpg?rdrts=109020100


I installed that runthis.exe like one week ago, and I started to have artefacts (is it the right word?) with my VGA like 4-5 days after that installation. So I thought it may be fault of that thing...but I don't know...it still doing it so...I don't know...

5

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 12:05:58 pm »

Well that's good news anyway

Still shame for my gtx770 which is still giving me artefacts. I have to say goodbye only after 1 year and a half...shame.

6

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 11:55:41 am »

So does that mean you are all clear now ?

I really hope so
Thank you for the help

7

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 11:33:26 am »

Well that seems like a result - can you also uninstall the game, or has that gone as well.

EDIT - now those entries have gone, run ADW again to see if it gets rid of Babylon etc.

Yeah I already did the scan with Adw and fixed all the checked files/processes. That's why I said "It unistalled my Koyote Free Video Converter.." because that program was in the list. And it deleted Babylon aswell

EDIT: the game has gone the day before. I got rid of it

8

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 11:15:57 am »

Btw I, once again, start up my PC in Safe Mode: I removed the .exe's (they show up in safe mode too this time, and in safe mode I can remove them with no problem), I removed all the strings on the regedit and now it looks like every part of the virus is gone. 6230blabla is not even showing up in the msconfig anymore. I don't know if that's a good way to remove a virus, but I think that worked...

# AdwCleaner v4.206 - Creato file registro eventi 15/06/2015 in 20:13:27
# Aggiornato 01/06/2015 da Xplode
# Database : 2015-06-14.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : Nico - NICO
# In esecuzione da : C:\Users\Administrator\Desktop\Programmi\Altri programmi\AdwCleaner.exe
# Opzione : Analisi

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Attività pianificate ] *****

Attività Trovato : paretologic registration3
Attività Trovato : paretologic update version3
Attività Trovato : ParetoLogic Update Version3 Startup Task
Attività Trovato : RegCure Pro

***** [ Collegamenti ] *****


***** [ Registry ] *****


***** [ Browser web ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v38.0.5 (x86 it)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R1].txt - [3738 byte] - [15/06/2015 19:09:36]
AdwCleaner[R2].txt - [3796 byte] - [15/06/2015 20:05:21]
AdwCleaner[R3].txt - [1011 byte] - [15/06/2015 20:13:27]
AdwCleaner[S1].txt - [3655 byte] - [15/06/2015 20:10:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1127 byte] ##########

It unistalled my Koyote Free Video Converter tho

9

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 10:55:06 am »

Removing adware shouldn't cause a BSOD - there's something much more serious going on here.

Go back to my Reply #3 and register on the techsupport forum using the link I've posted as well as copying a shortcut to this thread in your opening post.

EDIT - What did you download prior to getting this ?

That was dumb from me. I did an huge mistake. I downloaded this stuff that should've been an hack for a very old game that no one plays anymore, I wanted to do a private match with 2 friend of mine and have a bit of fun. Obviously the choice was wrong, and I knew before that it was wrong, but I tried and that's what happen when you do dumb things...

10

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 10:36:30 am »

Did this problem start after you downloaded Free Video Converter as it looks like the problem arises from then, especially as it included Babylon which is something you don't want on the computer.

Let AdwCleaner remove those and if you want Free Video Converter back on, choose the Custom install option if it gives you one, else look out for check boxes that will give you unwanted bundled software unless you uncheck them - but first let's see how you get on after the cleaning.

AdwCleaner will produce another report after the reboot to show what it has removed, but if they are still present, then there is another program that I follow ADW with and that is Junkware Removal Tool which is lower down on the AdwCleaner page.

You don't get a preview with that program but it displays its report on completion, but first things first.

Free Video Converter is there since years. This thing which is causing this problems has been installed like 1 week ago...and as far as I know I don't have any Babylon stuff, but maybe I'm wrong...I always do custom installation of programs and choice not to install toolbar, browsers, home pages or other stuff...
I already tried to make Adw remove them, but I get a BSOD...everytime I try to remove them with whatsoever program I get a BSOD...

11

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 10:14:26 am »

I was wanting you to post the Lofile so I could have a look at what AdwCleaner had found - but glad it runs okay on yours.

Log in the post above. Sorry, I edited the post instead of making a new one

EDIT: yes, I tried to fix that, and I had a BSOD, once again.

12

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 10:07:28 am »

That doesn't sound like an infection but possibly adware.

If you uninstall something having unchecked the items in msconfig, it leaves orphaned files so those entries will remain.

In some cases you need to reboot to effect a removal, which rebooting from Safe Mode would have effected.

Can you post a snip of the msconfig so I can have a look at the questionable items ?

They are the first two, the ones called 62300eccecc

well boggin;

sounds like a job for sysinternals to remove one by one...
download this file; Thursday, June 11, 2015  5:21 AM       680600 autoruns.exe
from http://live.sysinternals.com/

You need be able find all instances of runthis.exe
delete it from your system and search any external devices, Iphone etc...

install sysinternals and delete the questionable files loaded;

Once I delete them I close the program I reopen it to see if they are gone but no. They just come back again and again
I'm now going to try with AdwCleaner

There is the LogFile:

# AdwCleaner v4.206 - Creato file registro eventi 15/06/2015 in 19:09:36
# Aggiornato 01/06/2015 da Xplode
# Database : 2015-06-14.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : Nico - NICO
# In esecuzione da : C:\Users\Administrator\Desktop\Programmi\Altri programmi\AdwCleaner.exe
# Opzione : Analisi

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Trovato : C:\Program Files (x86)\Free Video Converter
Cartella Trovato : C:\ProgramData\Babylon
Cartella Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Cartella Trovato : C:\Users\Administrator\AppData\Local\Babylon
Cartella Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Cartella Trovato : C:\Users\Administrator\AppData\Roaming\Babylon
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Trovato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Trovato : C:\Users\Administrator\AppData\Roaming\Adobe AIFF Format CS5 Prefs

***** [ Attività pianificate ] *****

Attività Trovato : paretologic registration3
Attività Trovato : paretologic update version3
Attività Trovato : ParetoLogic Update Version3 Startup Task
Attività Trovato : RegCure Pro

***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Trovato : HKCU\Software\62300faa2bb16b197cdd2a7772441cc8
Chiave Trovato : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovato : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovato : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovato : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovato : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
Chiave Trovato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Chiave Trovato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovato : HKU\.DEFAULT\Software\PennyBee
Dati Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser web ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v38.0.5 (x86 it)


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R1].txt - [3594 byte] - [15/06/2015 19:09:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3652 byte] ##########

What do I have to do? I check everything has to do with the RUNTHIS.exe and try to delete it? I'm pretty sure I'll get a BSOD if I try to delete it tho

13

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 08:05:58 am »

That doesn't sound like an infection but possibly adware.

If you uninstall something having unchecked the items in msconfig, it leaves orphaned files so those entries will remain.

In some cases you need to reboot to effect a removal, which rebooting from Safe Mode would have effected.

Can you post a snip of the msconfig so I can have a look at the questionable items ?

They are the first two, the ones called 62300eccecc

14

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 15, 2015, 06:04:40 am »

So here's what happened yesterday. I tried to remove all the things on safe mode and the results are these:
process didn't show up in safe mode (it did the last time...) not even the two .exe's file did show up, don't know why.
I opened the regedit and not even the string where there anymore (at least in safe mode)
I opened the msconfig and removed the checks from all those automathed processes who the virus created.

I restarted the PC in normal mode and the process flew away, the .exe's disappeared and not even the strings on regedit are there anymore.
In the msconfig the string are no more 4 but 2 and they are unchecked, since the link for the exe and the string they were searching for is empty now.
I tried restarting the PC a couple of time and still the process and the .exe's won't show up again...

Does it even make any sense? Can this virus/rootkit/malware or whatever it is, be the cause of the artefacts on my VGA, or is that just a coincidence...?

15

General Computer Support / Re: Can't delete .exe (virus) and can't kill process

« on: June 14, 2015, 06:07:05 pm »

BlueScreenView could give some clue as to how its removal caused the BSODs http://www.nirsoft.net/utils/blue_screen_view.html

The download choices are at the bottom of the page and posting any it finds could possibly help Shane in seeing where it is attacking.

I'm loathe to suggest using any other disinfection programs, but have you tried your restore points back to before you got caught.

If the infection hasn't removed them, it would be best to do this in Safe Mode.

I don't know why, but that program won't recognize the BSOD. it's not listed...
I have another program, who recognize it (WhoCrashed) and it says:
 

crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: Unknown (0x00000000)
Bugcheck code: 0xF4 (0x3, 0xFFFFFA800A9CCB30, 0xFFFFFA800A9CCE10, 0xFFFFF80003798DB0)
Error: CRITICAL_OBJECT_TERMINATION
Bug check description: This indicates that a process or thread crucial to system operation has unexpectedly exited or been terminated.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue.
A third party driver was identified as the probable root cause of this system error.

I would already did it, but unfortunately I have none of restore points before I installed that .exe. Since I had the artefacts on my VGA, In installed 3Dmark to have some test. All the restore points went to the moment I installed 3Dmark.

I tried to remove the .exe's in safe mode...they just get deleted with no problem in safe mode. Still when I restart the PC in normal mode they are back there...

16

General Computer Support / Can't delete .exe (virus) and can't kill process

« on: June 14, 2015, 04:17:02 pm »

Hi all,
It's pretty tough for me to explain this, since I'm italian and explain all this in english is complicated, but I'm gonna try.
I have been stupid, I know, but I made this error. I executed an .exe file with "shady origins" and what happened?
This .exe created a process and two other .exe's. One in the folder C:\Users\Administrator\AppData\Local\Temp and another in C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup called 62300faa2bb16b197cdd2a7772441cc8.exe
If I try to delete the .exe file (both), windows tells me it can't be deleted. If I open the Task Manager there is this process which say it's User sided, but if I try to kill it, it says that process is crucial for the system and if I'll kill it, the system would be shut down. If I kill it I actually have a BSOD. Same thing if with a proram I force the delete of the .exe's, I'll get a BSOD. This virus also created some string in the regedit, if I delete them, they automatically recteate themselves 1 second later. There are also 4 process in the StartUp menu...if i remove the check from them, nothing will chance, the check will return automatically.

I also tried to fix the .exe with HiJackThis, but when I click on FIX, I have a BSOD. Same thing with ComboFix...one second after I run it, I have the BSOD...

I don't really know what to do, especially because I installed this thing 5-6 days ago, and my VGA started to do artefacts and crashing with "heavy" games like GTA5, and I'm scared this thing created this problem...I'm pretty scared honestly...I already asked for help but noone was able to help me...

Oh, one other thing. I would like to solve this without format W7, since I have 400GB of important things and I don't have an external HDD atm to make a backup...

I'm asking for help...I'll be ready to do everything you ask me...please