suspect virus - unable to run scan, or reach virus protection websites

[chrissib]

Hi, got a problem which I suspect is a virus or virus related.

Started a few days ago, Avg kept detecting and protecting something, but then stopped protecting and just kept popping up at regular intervals. I ran a Avg scan, but it reported nothing. As Avg was playing up, tried to reload it.

Now AVG wont re-install and comes up with an error, code 0xE001C046, could not establish connection. It suggests go on line to view more information, but when I do, I get a connection failure, as if the website is unavailable, with the offer to 'Diagnose connection. As I can reach other sites, and other PC's are working fine, connection is not a problem.

Tried Malewarebytes, but this wont run, and cant get to this website either. Tried to view Windows firewall settings but cant open firewall settings, with error reported 'Due to an unidentified problem, Windows cannot display Windows Firewall settings'...

Ran CC cleaner, did loads of bits and bobs, but nothings changed. Any suggestions would be greatly appreciated. I know there are some internal Windows command line programs which may be able to help, like restoring defaults, but I cant remember what they are. It's Windows XP.
Regards Chrissib

 

[vanthus]

Have you tried a system restore point,if you can't run it from the system try running it from the OS disk.

 

[tom_gr7]

you could try avast, but i think a full system re installation may be required.

 

[chrissib]

Have you tried a system restore point,if you can't run it from the system try running it from the OS disk.

Yes went back a few days before the incident, do you think I should go back further?

 

[chrissib]

went back to last month, still no better. Can use the internet but only certain sites.

 

[ubuysa]

I agree with tom_gr7, I think you've reached the point where a reinstall is required. Either it is a virus and you've had it for some time or something is screwed-up.

Back up your user data first of course

 

[paul1224]

Another option to consider would be to load Windows via Safe Mode with Networking and try to access the internet that way to run some anti virus scans.

It might not work if it is an intelligent virus but may be another option worth considering.

Details on how to do this can be seen via http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

 

[chrissib]

It might not work if it is an intelligent virus but may be another option worth considering.

[/URL]

I think it must be an intelligent virus, as I've tried loading in safe mode, and all I get is a blue screen and a critical stop.

I inherited this laptop, and it has a recovery console, in another partition, is this worth trying?

 

[ubuysa]

I think it must be an intelligent virus, as I've tried loading in safe mode, and all I get is a blue screen and a critical stop.

I inherited this laptop, and it has a recovery console, in another partition, is this worth trying?

Yes that's the best way to restore it (it's the same as a reinstall). There will be a key (or combination of keys) to press on booting to boot to the recovery partition. Depending on how old the laptop is you'll then have tons of Windows updates to do, it's important that you do them though.

 

[chrissib]

Yes that's the best way to restore it (it's the same as a reinstall).

will it affect the data, or just re-install windows

 

[chrissib]

ok this is now beginning to get on my nerves...

To summerise..
tried restore... month earlier
AVG stopped working... wont reinstall... fails connection... website is unreachable
Malewarebytes.. wont run.. website unreachable.. probably same problem
Microsoft web site... unreachable
some websites reachable... so internet ok
Cannot turn on firewall... due to unexpected error...
tried 'sfc /scannow' 'chkdsk /v'...
tried all of the above in safe mode... no different...
now tried booting into recovery console.... just hangs, with cursor flashing at top of the screen...

reluctant to just give in and reload windows without a fight, pretty sure its an infection, a clever one, but there must be something I can do, maybe in the registry or something, with the help of all you experts out there. One thing I forgot to mention in the web site failures, all the one's that fail have a 'infoblockID' showing in the web page debug. I dont know if this is relavent, as I think if I can restore my connection to AVG or Malwarebytes, I think I may be able to clear the infection.

waddyathink...?

 

[ubuysa]

will it affect the data, or just re-install windows

Yes it will affect your data. Everything on the disk will be erased and the laptop will be restored to exactly the state it was in when it was bought. That's why you must back up your data first.

ok this is now beginning to get on my nerves...

To summerise..
tried restore... month earlier
AVG stopped working... wont reinstall... fails connection... website is unreachable
Malewarebytes.. wont run.. website unreachable.. probably same problem
Microsoft web site... unreachable
some websites reachable... so internet ok
Cannot turn on firewall... due to unexpected error...
tried 'sfc /scannow' 'chkdsk /v'...
tried all of the above in safe mode... no different...
now tried booting into recovery console.... just hangs, with cursor flashing at top of the screen...

reluctant to just give in and reload windows without a fight, pretty sure its an infection, a clever one, but there must be something I can do, maybe in the registry or something, with the help of all you experts out there. One thing I forgot to mention in the web site failures, all the one's that fail have a 'infoblockID' showing in the web page debug. I dont know if this is relavent, as I think if I can restore my connection to AVG or Malwarebytes, I think I may be able to clear the infection.

waddyathink...?

I think you've exhausted all reasonable attempts to isolate whatever is wrong here, a reinstall is the only way to be sure you have a clean and properly functioning system. If it were mine I'd have done a factory restore/reinstall long ago.

 

[vanthus]

ok this is now beginning to get on my nerves...

To summerise..
tried restore... month earlier
AVG stopped working... wont reinstall... fails connection... website is unreachable
Malewarebytes.. wont run.. website unreachable.. probably same problem
Microsoft web site... unreachable
some websites reachable... so internet ok
Cannot turn on firewall... due to unexpected error...
tried 'sfc /scannow' 'chkdsk /v'...
tried all of the above in safe mode... no different...
now tried booting into recovery console.... just hangs, with cursor flashing at top of the screen...

reluctant to just give in and reload windows without a fight, pretty sure its an infection, a clever one, but there must be something I can do, maybe in the registry or something, with the help of all you experts out there. One thing I forgot to mention in the web site failures, all the one's that fail have a 'infoblockID' showing in the web page debug. I dont know if this is relavent, as I think if I can restore my connection to AVG or Malwarebytes, I think I may be able to clear the infection.

waddyathink...?

You could try stopping the offending issue from running on start up from the system configuration.
type msconfig in the Start Search box and then press enter.
On the General tab, click Selective Startup.
On the startup tab disable all.
Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
Click apply/OK.then restart.
Now try running a full scan with Malwarebytes and/or anti-virus program.

 

[mitchell65]

May I make a suggestion here? Try Windows Offline Defender. You download the software, burn it to a CD then after setting your boot sequence to CD first you can boot up the Defender from the CD nd complete a scan without loading Windows! See full details here:
http://windows.microsoft.com/en-gb/windows/what-is-windows-defender-offline

 

[chrissib]

You could try stopping the offending issue from running on start up from the system configuration.

Ok this is a good idea.. did as you suggested... disabled everything and found a mysterious file that keeps coming back on startup.

'rfyqxeyy' is always there in the startup tab, always ticked even when I uncheck the box.

I have followed the process into the registry and deleted 'rfyqxeyy.exe' there... but it comes back on bootup
I have also searched the file, and the location to doc/settings/application data, but final directory is not showing...
did a search and found the file in windows/prefetch.... deleted
but still came back...
searched on line for the file name, but nothing found on the web..
I feel as though I have found something, and so close to resolving this. Has anyone head of this file. I think if it was supposed to be there, then it would be somewhere on the internet, and how come the target directory isn't showing, hidden fles are enabled..

 

[mitchell65]

Sounds like Malware to me. Do as I suggested in Post #14

 

[chrissib]

ok, tried everything. I thought with a bit of time I could find the offending virus/file and delete it, but all efforts have failed. Not even convinced a restore of Windows will cure it, but I think that's the only way forward.
I have hived off some important files, but in view of a re-install, there are some things which I am concerned about losing. Sound; display; internet; printer; mouse; wireless settings...etc... Is there anywhere outside of Windows I can store stuff on the drive so it will still be there after the restore, and also is there anything in the current installation, that I must preserve.?

 

[ubuysa]

ok, tried everything. I thought with a bit of time I could find the offending virus/file and delete it, but all efforts have failed. Not even convinced a restore of Windows will cure it, but I think that's the only way forward.
I have hived off some important files, but in view of a re-install, there are some things which I am concerned about losing. Sound; display; internet; printer; mouse; wireless settings...etc... Is there anywhere outside of Windows I can store stuff on the drive so it will still be there after the restore, and also is there anything in the current installation, that I must preserve.?

Back up the entire contents of the C:\Users\your_name\ folder (and all folders underneath it). That's where Windows stores stuff like your bookmarks and similar control info that you might want back, including all your user data of course. There is nothing else that you need to save, although you should be sure you have install media (disks, .exe files, etc.) for all the third-party software you have installed.

A completely clean reinstall of Windows will certainly clean out whatever issue you have (whether it's a virus or just a problem with Windows) - unless it's a hardware related problem of course (which sounds unlikely). I would suggest (to be absolutely sure your install is clean) that you choose a Custom Install and in the Advanced section select Drive Options and delete all partitions on your C:\ drive so that all the space shows as unallocated. Then create one partition the size of the whole drive (Windows will automatically create a second, small, partition - this is perfectly normal) and install Windows into the large partition you created.

Once Windows is installed you must install all the appropriate drivers supplied to you on a disk by PCS. Install the drivers in the order they appear in the list, the chipset driver should usually be the first one installed. These drivers will restore your display, sound, Internet etc.

Once you have all the drivers installed you should have Internet connectivity, so now you need to run Windows Update to install all the appropriate Windows updates. Set your Windows Update to install recommended updates as well as high-priority updates. I would suggest that you do not install any driver updates from Windows Update at this point, stick with the PCS supplied ones for now (because we know they work). You will have to run Windows Update many times, usually with a reboot after each installation. Keep running Windows Update until there are no more updates available. This will take a long time, but be patient, you need these updates and it's important you take the time to install them all.

Once your system is updated you should use it for some basic tasks for a while before installing any third-party software or plugging in any external devices. You want to be sure that everything is working ok with a clean Windows system before you start adding extra software and hardware. Once you are satisfied that everything is working normally (and it should be) you can start installing your third-party software and external devices. Be sure to only install one thing at a time and if new software requires a reboot then do that before installing any other software.

Once everything is back to normal you can copy back things like your browser bookmarks etc. from the backup of C:\Users\your_name\ that you made before you started. I would suggest you copy back as little data from here as you can get away with, it's not impossible that whatever virus, trojan or whatever that you had came from something in here and you don't want it back!

 

[chrissib]

Back up the entire contents of the C:\Users\your_name\ folder (and all folders underneath it).

thanks for the info, getting a large external Hardrive today, will copy what you suggested off before I start...

I'll let you know how I get on

 

[ubuysa]

thanks for the info, getting a large external Hardrive today, will copy what you suggested off before I start...

I'll let you know how I get on

The external hard drive is a good idea.

If you've never done a reinstall before it's pretty straightforward. The only tricky bit is deleting the old partitions and recreating the new one, once that's done (and it's not hard) the rest of the installation is pretty easy. Just take your time and be sure you understand what each step is asking you before you go on.