Running over 1 day?

[larkinbray]

Thus far, this seems like the only program that will actually FIX my issues. 

That being said, I'm stuck on 2/9 in the newest repair version.

It's been more than 24 hours. 

Should I stop the program and reboot into safe mode, and start again?

[larkinbray]

I seem to be stuck this entire day plus in Setting Owner (Administrators) first ...etc... And the process count seems to very slowly be dropping, now it's at 91.  It shows that 2791900 and climbing pretty quickly.

Help?

[Boggin]

While you haven't said which version of Windows you are using, stop Windows Repair, run a cmd prompt as an administrator and enter chkdsk /f

When the machine reboots after completion, go into Event Viewer - expand Windows Logs - click on the name Application - Action - Find and type chkdsk or wininit into the Find box.

Cancel the Find box and read the report in the scrollable pane.

As well as seeing if it repaired anything, make a note if it finds any KBs in bad sectors.

If all is well then boot up into Safe Mode with Networking and run Windows Repair.

[larkinbray]

Hello Boggin, thank you for responding!

Windows 7 - this is an old emachine, that I bought for the kids to use, and they of course spywared it up.

I did several successful removal sessions, but one that stuck hard was aleuron j - and at that time, I was using windows security essentials as my protection - since the kids time on the internet was monitored, I thought I'd be safe using that.

I began getting errors on Windows Firewall not being able to be turned on, in any way - so I started Services.msc, and learned that several of the services were not running, and could not be started.  I got several errors along the way, the most recent of which directed me to this site. 

I tried to run chkdsk /f and got an error, telling me (sorry I didn't write it down) that it was locked and offering to run it on my next startup.

It's running now.

When I ran Windows repair from the safe start menu, of couse, it found nothing. 

All I really want to do is get the system cleaned up enough to be able to reinstall a decent internet security program, I've narrowed it down to Panda, and one other which I can't remember the name of.

Once this chkdsk runs I'll update.

Thank you again - I will definitely be buying the pro version, this site, the software, everything - have impressed me so much.

[Boggin]

I occasionally run ESET Free Online Scanner for an in depth scan but it seems to be a but chewy downloading at the moment, but you can give it a try. http://www.eset.com/us/online-scanner/

Check the two boxes for PuPs and PuMs then click on Advanced then check the box for unsafe applications - you don't normally need to do the archives or Proxy.

A useful program to have installed is the free version of MBAM https://www.malwarebytes.org/mwb-download/

When it has updated its Definitions click on Settings/Detection and Protection then use the dropdowns to change to Treat as malware for the PuPs and PuMs.

It also has a box for Rootkits if you want to select that for its initial scan but will extend the scan time.

I go into services.msc and disable the MBAM service to stop it starting with Windows as I prefer to decide what runs in the background.

When you are satisfied that you are infection free, run this ESET program to repair services usually damaged by infections and then check if the services are or can be started.

This is an active link - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

If that doesn't do it, you can download the services from http://www.sevenforums.com/tutorials/236709-services-restore-default-services-windows-7-a.html

The left hand column are all active links for their download.

You'll probably need Windows Firewall, Base Filtering Engine, Windows Defender, Security Centre (which I don't see listed but you can get it from http://download.bleepingcomputer.com/win-services/7/wscsvc.reg), Base Intelligent Transfer Service (BITS), and Windows Update.

[Shane]

File permissions, which is repair #2, are stored on the file system, so if you are running the repair in safe mode so no 3rd party program is messing with it, then when it runs that slow either the drive has bad sectors, is really slow and dying, or there is some corruption in the file system. When you run chkdsk it will repair the file system, if there are bad sectors you need to replace the drive.

Once chkdsk is ran and hopfully the files system is fixed see how the repair does then

Shane

[larkinbray]

I've been unable to work on this pc but back to it today.  I've run chkdsk, all good.  I think I've accidentally been killing process #2 - the Program dialog box is up, and then a grey dialog box showing updates has been popping up - It says output to this window has been stopped - but it seems to slowly, so slowly, be processing files.  I was closing that out - presuming the program would continue to run behind it.  I'm guessing that is not the case, so this time, I am leaving it up and running all the way through.

I've tried so many fixes in the meantime - Windows Update Agent, etc - because so many services will not start or are not present.  All having no impact.  I can't update Windows, it shows that it's never been updated - but I can see that it's SP1 and I see the SP in the list of previous updates! 

This little PC is worth so little, I really should just pull all the data to my WD external, and trash it.  But I can't stand knowing there something wrong like this and not fix it!!!

I will update again once this current run of WR finalizes.

[Boggin]

Go back to my Reply #4 and run those antimalware scans then use the other links to repair/reinstall the services and then run WR.

[larkinbray]

Done!!!  Boggin, your steps worked.  Changing subject and making donation!  WR is still taking hours, however, all I had issues with after the ESET fix was BITS and I found a .bat file to run which installed it in services!    Now I can FINALLY update this puppy!  Thank you guys SO MUCH!!!!

[Boggin]

Did you run a chkdsk /f prior to WR as much to check for bad sectors as to repair any file corruption ?

WR shouldn't be taking hours unless it is coming up against corruption or bad blocks.

[larkinbray]

The Chkdsk /f didn't find any problems the times I ran it during this process.

I did get all the viruses gone but MSE is still finding Alureon J, which I have run MB Rootfix, TDSSkiller, and several others that cannot find it.  But all my services are back up and running, my firewall is working, Windows Defender started with no issues.  I was able to install the gajillion (ok, 200) Windows updates.

I'll run chkdsk again tomorrow and then try to re-run WR.  Since I have everything else clean, I can let it run as long as it wants, now.

An off subject question - What is YOUR preferred internet security program?

[Boggin]

It could be the Trojan that's causing the problem with WR having read this manual removal article.

http://blog.mitechmate.com/trojandosalureon-j-virus-removal/

Given that it can open up your computer to other nasties, do not use your computer for sensitive operations such as banking or even your email until it has been removed.

As the removal steps involve deleting registry items, create a system image onto DVDs - while it would be an infected image, it would still give you a fall back should removing the wrong items cause problems and when you've gotten rid of it, you can dump the DVDs and create a fresh new image.

If you want to try another Rootkit scanner before going the registry route etc. then you could try Norton Power Eraser.

https://security.symantec.com/nbrt/npe.aspx

I don't normally advise running NPE in rootkit mode because of it's aggressive nature, but it may take something like it to find this Trojan.

Ever since I got my first laptop in 2010 I have been using Norton.

First with Norton 360 and now with Norton Security Deluxe (without Cloud) which has superseded 360 and that has kept me safe.

However, no AV program is 100% effective, it's just that some are more effective than others.

Norton 360 wasn't without its problems as after any Windows Updates, I had to do a manual check for its Definitions before it would let me open IE, but Norton Security doesn't seem to have that problem, although both it and 360 have blocked downloading AdwCleaner from http://www.bleepingcomputer.com/download/adwcleaner/ which I occasionally run a scan with.

Kaspersky seems to be at the top of the heap in paid for AV program reviews at the moment and is cheaper than Norton, but the free Panda Cloud has come up through the ranks of late - have a Google for best free AV programs.

However, there's no defence against a user clicking on the wrong links except a system image, which is also the only defence to combat Ransomware.