I'm not sure if its configuration or infection

[canamalar]

I have just realised there is another icon which is not showing up on any of the scans, Personal Safe,
it has been there for a long time but I dont remember installing it or using it.
When I try to open it it flickers on then disappears.

 

[Fiery]

I'm out of ideas.. the files don't show up in any scan so I don't really know what to do..

How is the help from Microsoft?

 

[canamalar]

They keep referring me to different scan programs that I should run in safe mode problem is they tell me to boot up safe mode with network and my WLAN does not seem to be included in the network scheme so cant run or download.
A bit like the issue we had with trying to boot up with the flash drive giving no bootable partition in the table, I think if we could solve that, then I could download their suggestions onto the flashdrive and go from there.

Whilst looking through the task manager processes I see explorer.exe and MsMqEng.exe (Antimalware service executable) show very high numbers of page faults, I'm thinking this could be a big part pf my problem.

 

[canamalar]

sorry MsMpEng.exe

 

[Fiery]

sorry MsMpEng.exe

MsMpEng.exe is part of Windows Defender, Microsoft's built-in anti-malware tool. You can disable windows defender by: http://windows.microsoft.com/en-ca/windows-vista/turn-windows-defender-on-or-off

I think with all these issues, the fastest way out would be to reformat the PC. Would you consider such an option?

 

[canamalar]

My problem is I am abroad and dont have a lot of the disks I need to replace things like office and autocad as well as a few other fundamental tools I need to work with.
If there is some way to retain the installation exe for these and reinstall them after reformatting, then I'd definately thinlk about it, in fact I dont have the vista disc with me either so not sure how we could do it.

 

[canamalar]

Windows defender is already turned off, that may be why there are so many faults, I was going to end the process tree but not sure of the total effect

 

[canamalar]

Just had a look at the properties and its showing created jan 2013 and last accessed feb 2013, just another mess

 

[canamalar]

I was directed to this, which I think is more suited to your level knowledge than mine

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

It certainly looks as thought it will be very useful to you

 

[canamalar]

In fact his instruction as follows, I hope this works and is useful for you too, wish me luck

 

[canamalar]

Are the programs starting and just disappear like they never ran? If so it is probably a virus.



Advanced Clean Boot




Download Autoruns from http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx



Start the program by right clicking and choosing Run As Administrator and click Options menu - Filter Options and tick Hide Microsoft entries and clear Include Empty Locations. Go to the Everything tab and untick everything left.



Reboot. Try to run both Malwarebytes and MS Safety Scanner.

 

[canamalar]

In fact Fiery your going to love this tool, I followed the instructions had problems rebooting but restored to our restore point, however the tool did save the settings and the startup programs i unticked remained unticked, I am now running malware bytes and already found one object, I will also run the program he gave me and advised me to use and let you know, here's the link.

http://www.microsoft.com/security/scanner/en-in/default.aspx

 

[Fiery]

Hmm I never heard of Microsoft Safety Scanner before.. it's not commonly used that's for sure.

I'm sorry but I'm confused and lost as to what problem is being resolved here. Can you send me the malwarebytes log? It's under the logs tab when you start Malwarebytes.

 

[canamalar]

Hi Fiery,
I was referring to the other autorun tool, which allowed me to stop lots pf programs from starting at start-up and allowed malware to scan properly, the microsoft security scanner found nothng, then again I used malware first which found the trojan.
malware log attached

Hmm I never heard of Microsoft Safety Scanner before.. it's not commonly used that's for sure.

I'm sorry but I'm confused and lost as to what problem is being resolved here. Can you send me the malwarebytes log? It's under the logs tab when you start Malwarebytes.

 

[Fiery]

The detection is a zip file in a temporary folder, I don't think it was a malware though. Your system appears clean, we have ran many tools.

So there's just the shortcut issue remaining? That one is a toughy.. :S

 

[canamalar]

Its certtainly behaving as though its clean, its dream time, but knowing my luck I'm speaking too soon

I noticed on booting up this morning the command prompt appeared again before the desktop loaded, any idea why this would happen

The detection is a zip file in a temporary folder, I don't think it was a malware though. Your system appears clean, we have ran many tools.

So there's just the shortcut issue remaining? That one is a toughy.. :S

 

[Fiery]

The command prompt can be normal as I have seen it pop-up in Enterprise or Business versions of windows

 

[canamalar]

Thanks for all your help, I hate to speak too soon but the laptop has never worked better, even from new.

one last question hopefully, (unless you come up with an idea for the shortcut\icon issue.

If the antimalware service executable is a windows defender process, why is it still running if microsoft essentials disables it automatically when installed.

anyroadup, time to donate, thanks agian.

 

[canamalar]

Whats even more impressive is its near impossible to find a DONATE link, is there one

 

[canamalar]

I managed to get that frst.exe run in safe command prompt, so I thought what the hay, reports attached.
I'm sure I seen a donate button somewhere

Whats even more impressive is its near impossible to find a DONATE link, is there one