WiredWX Hobby Weather ToolsLog in

 


Help with possible virus

3 posters

descriptionSolvedRe: Help with possible virus

more_horiz
I would like to do a troubleshooting step. Please ensure to write down the product key for your Norton Security software...

Completely Uninstall Norton software using:


  • SymNRT.exe

Instructions

  1. Please download and save SymNRT.exe to your desktop.
  2. Close all programs and double click on the tool.
  3. Follow the on-screen instructions.
  4. Restart the computer if asked.
  5. Then delete the SymNRT.exe tool from your desktop.
  6. Open the Program Files folder on your local disk ( normally C: )
  7. Find and delete the following folders (if present):

    • Norton AntiVirus
    • Norton Internet Security
    • Norton SystemWorks
    • Norton Personal Firewall


descriptionSolvedRe: Help with possible virus

more_horiz
Removal tool cannot be run on 64 bit edition

descriptionSolvedRe: Help with possible virus

more_horiz
Try this link please: https://www.bleepingcomputer.com/download/norton-removal-tool/

descriptionSolvedRe: Help with possible virus

more_horiz
That ran and Norton is uninstalled

descriptionSolvedRe: Help with possible virus

more_horiz
Windows Defender should have re-enabled itself. Run the computer normally for a couple of days and let me know if it seems faster, or if we need to do anymore troubleshooting. Help with possible virus - Page 3 1f603

descriptionSolvedRe: Help with possible virus

more_horiz
The computer isn't running any better in this configuration. Maybe worse than when we started.

descriptionSolvedRe: Help with possible virus

more_horiz
Okay, time to reinstall Norton Security. Hope it works out. Let me know how it runs! Smile...

descriptionSolvedRe: Help with possible virus

more_horiz
Norton is re-installed and all updates ran. Pages load really slow

descriptionSolvedRe: Help with possible virus

more_horiz
Okay... good. Now, let's continue in all patience and diligence...

Help with possible virus - Page 3 1f37b

I believe your security settings are a bit out of sorts, let's do the following please:

Help with possible virus - Page 3 1f527 Tweaking.com - Windows Repair All-In-One (Portable) Help with possible virus - Page 3 1f527  

- Download Windows Repair All-In-One (Portable Version) from  Help with possible virus - Page 3 25b6 here. Help with possible virus - Page 3 2b05

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on Help with possible virus - Page 3 QfBzvq1 and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
Help with possible virus - Page 3 2757 (Windows Vista/7/8 users: Accept UAC warning if it is enabled.) Help with possible virus - Page 3 2757

- A window will appear. Click Step 2.
Help with possible virus - Page 3 2f8o60N

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Help with possible virus - Page 3 Ymy7crZ

- Go to Step 4, then click Do It.
Help with possible virus - Page 3 ZDtdN75

- Go to Step 5. Under System Restore click Create.
Help with possible virus - Page 3 F7lEe1N

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
Help with possible virus - Page 3 PGv2vtD

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply. Help with possible virus - Page 3 1f4e4

descriptionSolvedRe: Help with possible virus

more_horiz
Logs

descriptionSolvedRe: Help with possible virus

more_horiz
CHKDSK /R /F:
Run CHKDSK /R /F from an elevated (Run as adminstrator) Command Prompt. Please do this for each hard drive on your system.

When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter. Then reboot and let the test run. It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors. See "CHKDSK LogFile" below in order to check the results of the test.

descriptionSolvedRe: Help with possible virus

more_horiz
Log Name:      Application
Source:        Chkdsk
Date:          12/16/2016 6:45:29 PM
Event ID:      26213
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Home
Description:
Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

Event Xml:

 
   
    26213
    4
    0
    0x80000000000000
   
    280902
    Application
    Home
   
 

 
   

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

    0091070016FB0300792D0500000000007B0700007D0000000000000000000000
 

descriptionSolvedRe: Help with possible virus

more_horiz
How did you run CHKDSK?

It should be run in CHKDSK /R /F to ensure that it fixes it.

Please try again, but ensure there is one space in between CHKDSK and /R and one space between /R and /F.

descriptionSolvedRe: Help with possible virus

more_horiz
New logs

descriptionSolvedRe: Help with possible virus

more_horiz
Okay, Rick... Let's look a bit closer at the drivers. We are going to purposely make this system reproduce any errors it's having. Please backup your data (many backup sites are free and easy if you don't have one: Box.com, Dropbox.com, OneDrive.com, drive.google.com, etc.). After backing up, please do the following:
Verifier:
in an elevated (run as admin) CMD prompt:
VERIFIER /FLAGS 1 /ALL
Please reboot the computer.

Please upload any minidumps from subsequent crashes for analysis.
Afterwards, when this is all over, go back to default settings by running:
VERIFIER /RESET
Uploading Minidumps:
Upload Dump Files:
NOTE:  If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder.  Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there.  If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP.  If you find it, zip it up and upload it to a free file hosting service.  Then post the link to it in your topic so that we can download it.

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp.  Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html

More info on dump file options here: http://support.microsoft.com/kb/254649

descriptionSolvedRe: Help with possible virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum