Ok, I'm REALLY baffled now

RPGC Assistance Forums Technical Support Forum
#1

Since at least this past Monday, my computer keeps giving me the message “windows explorer has encountered a problem and needs to close” EVERY time I start it. And if I click on the pop-up message window (to either accept to send a message about it to microsoft or not) my desktop vanishes, and I no longer can start any programs (the ones I had open still work normally though.) I ran Spybot but it gave an odd message, something about not being able to scan Windows 32 I think. I tried to fix it by doing a system restore to the past week but even that didn’t work!

The only thing that I changed in the past few days was the addition of a device called MagicJACK that allows you to use a telephone through the Internet (it was a gift from a friend.) Could its program be interrupting Windows? I unhooked it but the problem persists.

Here’s the oddest part of all: IF I LEAVE THE MESSAGE WINDOW ALONE, NOTHING HAPPENS! I can continue using the computer normally, as long as I don’t click on the warning window! Of course this means I have to let it stay on my screen, which is annoying (I can drag it almost offscreen though.)

Any idea what is happening, or how can I fix it?

#2

After everything vanishes try restarting explorer from the task manager. Press CTRL+ALT+DEL then go to File>New task, then typre in explorer.exe. This is just a temporary solution.

#3

Press the Windows key + R. Type (or copy and paste) into the prompt:

cmd /c “tasklist|clip”

Now paste what was copied onto your clipboard as a post so we can see what programs you have running.

#4

Good lord, my problems were even worse than I believed!

The thing with Windows Explorer turned out to be a virus- a second run of Spybot found and eliminated it. But then, later, my computer CRASHED! And Windows just wouldn’t turn on!

Fortunately, I was able to start it up on Safe Mode. That way it works fine (hell, it works BETTER than usual- if it had sound I might keep using Safe Mode all the time!) but when I reverted to normal mode, Google Chrome started opening page after after page and I couldn’t stop it! Apparently this is another, new virus, and I’ve tried everything I can, running all my antispyware and even doing a System Restore. It STILL happened! I was forced to remove Chrome from my system. Now I’m getting a window asking for it, which cannot be closed, but if I ignore it I can continue using my computer (as sluggishly as usual).

I’m now using Firefox again, despite even the latest version freezing and closing down on me occasionally. I guess I’m going to have to go back to Internet Explorer. -_- Not to mention that I’m not happy at still having that virus in my PC. Has anybody heard about it, or how it can be removed?

#5

Hmm…if you can, get Malwarebytes. It helps supplement Spybot in getting things it won’t pick up. (Remember, these generally just get rid of Spyware; not an alternative to virus scanning.)
Also, if you don’t have a Virus Scanner, pick up a free one like Avira or AVG, and run a full scan.
As per your particular virus, there could literally be thousands of viruses that do this very thing. Very hard to get specific about it.

#6

Ok, I installed Malwarebytes, and it found over 200 (!!!) infected files (assuming the program isn’t lying to impress people) and cleaned out all but about 3 of them, which it said had to be “deleted on reboot”. I assumed that meant I had to restart the computer, but after that the annoying window still opens. -_- Do I have to start the machine on Debugging Mode and remove those files myself?

#7

Try running the scanners on Safe Mode. If it’s still not working after that, then you can attempt to get rid of the files yourself.

#8

Ok, I ran Malwarebytes while on Safe Mode (and did a deep-system scan) and it found 20 more infections, and removed all except one: something called “gootkit” which (I googled it up) seems to be the latest in Trojans. At least I know exactly where it is so now I can delete it by hand- though I’ve never done that before and I’m worried I might harm my computer. I’ll see if a friend of mine who knows more about that than I can help. In any case thanks for the advice Ultra. :slight_smile:

#9

Update: I downloaded a program called UnHackMe! and used it to remove the registry virus, since I was worried about doing it myself.

I really like this program; it lets you choose what to delete, to keep (presumably inert) file copies in case you delete something important, and even checks online to verify if a suspicious file is a virus or not. Considering the only file it verified as bad was the one I already knew was the Trojan, I guess it did its job. :slight_smile: Though only time will tell of course. It’s only the 30-day trial, but I’m thinking of keeping it.

Let’s hope that’s the end of my virus problems; I was REALLY worried for a while there.

#10

ARRRGH. So much for it being over. No sooner do I open the system in regular mode that I get a multitude of self-opening Windows Explorer boxes (remember that the whole thing started with WE problems?) Why is this still happening? Is the virus invisible to both programs I downloaded or is someone re-infecting my machine? (I read that the purpose of some of these trojans is to steal passwords.) I’ll change my password this time just in case.

#11

Wildredo Martinez needs a new computer. Isn’t is always breaking?

#12

Oh yeah, if I could afford it I would have dropped this old thing LONG ago. Maybe if I get that study grant money I applied for I’ll be able to buy one.

PS. I’ve run both antimalware programs and they SWEAR the virus is gone but I keep getting the multiple-window thing. Maybe I should update my Windows Explorer?

#13

How exactly does one go about updating Windows Explorer

#14

Maybe he meant just updating windows in general?

#15

Zero: Yeah, that. But it’s academic now… MY PC HAS LOST ALL INTERNET CONTACT! : bowser:. (I’m posting this from a friend’s PC.) Also, I can’t close the firewall and all System Restore points were erased. I guess I got hacked REAL bad. I’m working with some friends on the matter but nothing’s worked yet; we tried bypassing the Ethernet card but the computer won’t accept the modem’s program, nor will it load the Ethernet drivers a friend brought on a pen drive. I have no idea if this is a software or hardware problem… or both. -_- Any suggestions? (Besides “buy a new computer” thank you.) I’m serious, folks, if I can’t fix this, this is it for Martinez’ online presence.

#16

You can easily run Windows in “safe mode” and have sound, you just have to start the services manually. Also, I’d avoid Firefox. That browser sucks.

#17

As i said on another thread, my computer problems are mostly fixed after a through reformatting. However… I fear the virus might STILL be in my PC.

Why? Because I can’t access my firewall; it’s turned off, and I can’t reopen it to start it up again. Also, my sound card isn’t working, in fact Media Player says it doesn’t even detect it anymore!

The only thing saved over from my older format were my Document files and music files (and I didn’t even intend to save the music, but my friend Frank assumed I would.) I think the virus, or a copy, might have been hiding in there.
Anyway, we did a full scan with AVAST and it doesn’t find anything, however a screen saying “Avast has blocked a DCOM exploit” keeps popping up.

So, what do I do now?

  • Should I run some other program to find the virus (all the ones I had downloaded were also erased in the reinstallation. Even this copy of AVAST is new.)

  • I suspect the sound card browsers might have been erased or corrupted. Should I reinstall them (and how do I find out WHICH ones I need?)

(Unrelated: Looks at Kasey’s new avatar… Geez, you’re already posting mocking pictures of your child online? You’re a baaaad girl!) :hahaha;

#18

be very careful what you are downloading, the programs could only compound the situation. alot of the malware removers, etc contain hidden stuff themselves.
that program unhackme is one I have never heard of . . . which doesn’t mean much. I have learned over the years that the so called removal tools actually plant back door trojans and other hidden toys on your system.
doing a system restore is unhelpful in this situation because some vicious infection just loooooooooooooooooove to hide in the restore files, hence why up until i install win 7 I always disabled the system restore.
ultimately it may come down to you having to do a low level format on your hard drive (option might be in your computer’s base system setup), I suggest getting the drive tools from the hard drive manufacturer and doing the low level format that way and then trying to reinstall your OS

#19

For the DCOM thing, read this: http://www.killertechtips.com/2010/01/14/avast-network-shield-blocked-dcom-exploit/
For the sound card, make sure to update/reinstall drivers for it. If you wiped everything, you won’t have nothing for it. As for finding what it is…no clue.

As far as the firewall goes, what firewall do you use exactly? Best recommendation I can offer for a firewall is ZoneAlarm.

#20

Thanks for the tips, folks. I tried reinstalling the Sound Card driver but it didn’t work. Might be that, since my PC is such an old model, the update did not fit, I got that warning from the download site. We’ve decided, to be 100% sure that the virus is dead, to reinstall AGAIN tomorrow, this time leaving the music files out. As I said, I’m only going to listen to Youtube music from now on anyway.

Dunno what you mean by “low level reformat” tho. Oh well Frank should know.

PS: The affected firewall is the Windows Firewall.