If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 9:26 PM, Bob_S wrote:
Mike, Just one last thought.Â* You are a good neighbor to have.Â* Taking the time and the headaches involved in diagnosing and trying to save the install takes patience and skill and sometimes the best solution is exactly what you are doing to insure the system is malware free.Â* Get them doing backups so the next time is just a quick reimage.Â* Make sure that you turn on the option for System Restore to create restore points too. Ya did good and I'm sure your neighbor will appreciate your efforts and your generosity. (if not I got this virus you can plant on their hard drive...;-) Bob S. Thanks Rob, I couldn't have done it without help l like yours. Thanks for the laugh too. Mike |
Ads |
#17
|
|||
|
|||
igfxmtc.exe trojan
Mike S wrote:
On 2/8/2018 6:24 PM, KenW wrote: On Thu, 8 Feb 2018 17:58:31 -0800, Mike S wrote: On 2/8/2018 5:48 PM, KenW wrote: The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. There are a few programs out there that are free. If you can find the name of the infection, there are specific free programs for them. You could try running some programs from a usb stick if they won't install. There are many ways to 'skin a cat'. KenW Thanks KenW and GlowingBlueMist, thinking about it from this angle I found this page (link below) but I was imagining a situation where the scanner deleted infected system files and the machine would no longer boot. Do you know if it's possible for me to burn a Win10 DVD that will allow me to run scanners and repair or replace system files? I don't want to wipe out files that make the machine unbootable and then not be able to fix it. Or should I do it in 2 steps, first use one of these bootable scanners to hopefully clean the disk, then boot from a Win10 DVD and repair or replace any damaged or missing system files? "15 Free Bootable Antivirus Tools" https://www.lifewire.com/free-bootab...-tools-2625785 All these years and I never had to restore a single file from a dvd ! With Windows 10 you can do a repair reinstall just as easy as with XP. Just run setup.exe ( or what ever ) from within Win 10 on the dvd. Do not boot the dvd. I thought some others would show up in this thread with help. KenW KenW, I may have found how to do what you're suggesting. I ran ProduKey to get the Windows Key from the infected computer, and am burning a w10 DVD from here. Thanks for pointing me in the right direction. https://www.microsoft.com/en-us/soft...load/windows10 Windows 10 uses Digital Entitlement for the free Win7/Win8.1 to Windows 10 upgrade. After a user has successfully upgraded from Win7/Win8.1, the actual key is stored on the MS server, and a "hash" of hardware identifiers such as the MAC address, is used to verify the license on subsequent re-installs. Activation is automated. What ProduKey would return for Windows 10 upgraders, is the "bogus" key ending in 3V66T (for Pro). These are examples of some bogus keys, that when entered into the Windows 10 key dialog, will be ignored or rejected. VK7JG-NPHTM-C97JM-9MPGT-3V66T (Windows 10 Professional) YTMG3-N6DKC-DKB77-7M9GH-8HVX7 (Windows 10 Home - multi language) BT79Q-G7N6G-PGBYW-4YWX6-6F4BT (Windows 10 Home - single language) A person who owns a $150 copy of a Retail Windows 10, would have entered a "real" "unique" key at the time of key entry. And that's the kind of thing you use on a brand new hardware build. The ProduKey is probably valid on that. If the individual was running Win7, again, it would depend on where the OS came from, as to whether the ProduKey value is of usage. A royalty OEM key would be a generic one. The COA sticker on a Win7 laptop would use an entirely different key, than would be returned by ProduKey for the OEM installed OS. The COA sticker key is the one you want for any "emergency re-installations" of Win7. And many times the COA sticker text is worn off. If you can't find a COA sticker on a Win7 laptop, look in the battery bay, a place where the sticker won't get worn. Brand new Win10 gear doesn't use COA stickers, so you don't need to look for that on those. The key on a newly purchased Win10 machine, is in the BIOS, in the MSDM ACPI table. And that one happens to be unique per machine. Paul |
#18
|
|||
|
|||
igfxmtc.exe trojan
On Thu, 8 Feb 2018 18:30:24 -0800, Mike S wrote:
Thanks KenW. The owner doesn't know if it came with 7 or 10, she did say it's about 6 or 7 yrs old, and there was a Windows 10 Update Assistant icon on the desktop, so I'm guessing it was originally w7 If it's 6 or 7 years old, it definitely did not come with Windows 10. Windows 10 was released in July 2015. |
#19
|
|||
|
|||
igfxmtc.exe trojan
On 2/9/2018 12:31 AM, Paul wrote:
Mike S wrote: On 2/8/2018 6:24 PM, KenW wrote: On Thu, 8 Feb 2018 17:58:31 -0800, Mike S wrote: On 2/8/2018 5:48 PM, KenW wrote: The owner is considering that option, it seems like massive overkill for one infection, but without safe mode or a scanner that can remove it, that may be necessary. There are a few programs out there that are free. If you can find the name of the infection, there are specific free programs for them. You could try running some programs from a usb stick if they won't install. There are many ways to 'skin a cat'. KenW Thanks KenW and GlowingBlueMist, thinking about it from this angle I found this page (link below) but I was imagining a situation where the scanner deleted infected system files and the machine would no longer boot. Do you know if it's possible for me to burn a Win10 DVD that will allow me to run scanners and repair or replace system files? I don't want to wipe out files that make the machine unbootable and then not be able to fix it. Or should I do it in 2 steps, first use one of these bootable scanners to hopefully clean the disk, then boot from a Win10 DVD and repair or replace any damaged or missing system files? "15 Free Bootable Antivirus Tools" https://www.lifewire.com/free-bootab...-tools-2625785 All these years and I never had to restore a single file from a dvd ! With Windows 10 you can do a repair reinstall just as easy as with XP. Just run setup.exe ( or what ever ) from within Win 10 on the dvd. Do not boot the dvd. I thought some others would show up in this thread with help. KenW KenW, I may have found how to do what you're suggesting. I ran ProduKey to get the Windows Key from the infected computer, and am burning a w10 DVD from here. Thanks for pointing me in the right direction. https://www.microsoft.com/en-us/soft...load/windows10 Windows 10 uses Digital Entitlement for the free Win7/Win8.1 to Windows 10 upgrade. After a user has successfully upgraded from Win7/Win8.1, the actual key is stored on the MS server, and a "hash" of hardware identifiers such as the MAC address, is used to verify the license on subsequent re-installs. Activation is automated. What ProduKey would return for Windows 10 upgraders, is the "bogus" key ending in 3V66T (for Pro). These are examples of some bogus keys, that when entered into the Windows 10 key dialog, will be ignored or rejected. VK7JG-NPHTM-C97JM-9MPGT-3V66T (Windows 10 Professional) YTMG3-N6DKC-DKB77-7M9GH-8HVX7 (Windows 10 Home - multi language) BT79Q-G7N6G-PGBYW-4YWX6-6F4BT (Windows 10 Home - single language) A person who owns a $150 copy of a Retail Windows 10, would have entered a "real" "unique" key at the time of key entry. And that's the kind of thing you use on a brand new hardware build. The ProduKey is probably valid on that. If the individual was running Win7, again, it would depend on where the OS came from, as to whether the ProduKey value is of usage. A royalty OEM key would be a generic one. The COA sticker on a Win7 laptop would use an entirely different key, than would be returned by ProduKey for the OEM installed OS. The COA sticker key is the one you want for any "emergency re-installations" of Win7. And many times the COA sticker text is worn off. If you can't find a COA sticker on a Win7 laptop, look in the battery bay, a place where the sticker won't get worn. Brand new Win10 gear doesn't use COA stickers, so you don't need to look for that on those. The key on a newly purchased Win10 machine, is in the BIOS, in the MSDM ACPI table. And that one happens to be unique per machine. Â*Â* Paul There's no COA sticker, the owner is not technical at all and is very sketchy on anything having to do with a computer. Her son did a lot of stuff with the computer and I have no idea what he did or what he knows, so I'm assuming the machine would benefit from some cleaning and optimization. Produkey returned a Windows 10 Home key ending with 3J3DQ. I'm going to do a repair install once she finishes backing up her family photos, so I'll try clicking "I don't have the product key", or entering the one ProduKey returned, in that order, if necessary. Thanks for the detailed post. |
#20
|
|||
|
|||
igfxmtc.exe trojan
On 2/8/2018 9:26 PM, Bob_S wrote:
Mike, Just one last thought.Â* You are a good neighbor to have.Â* Taking the time and the headaches involved in diagnosing and trying to save the install takes patience and skill and sometimes the best solution is exactly what you are doing to insure the system is malware free.Â* Get them doing backups so the next time is just a quick reimage.Â* Make sure that you turn on the option for System Restore to create restore points too. Ya did good and I'm sure your neighbor will appreciate your efforts and your generosity. (if not I got this virus you can plant on their hard drive...;-) Bob S. Bob S., Doing tech support for my neighbors and friends keeps my head in the game and makes for good relations with my neighbors. Thanks for all of your great advice, I did these steps w10 Repair Install Microsoft Windows Malicious Software Removal Tool Rogue Killer (c:\windows\system32\searchfilterhost.exe) Norton Power Eraser (unwanted program scan, system scan) Sophos Virus Removal Tool Malwarebytes Anti-Rootkit BETA Trend Micro Housecall Malwarebytes Anti-Malware sfc/scannow Deleted 2 bugs with no problem as soon as they were identified, Rogue Killer said system32\searchfilterhost.exe was infected but none of the others did so I'm hoping that was a false positive. Everything is working normally so I'm going to hope this is finished. Thanks for all of your help. Mike |
#21
|
|||
|
|||
igfxmtc.exe trojan
One last thing - System Restore points option.
I know you've probably read the threads from some who have used System Restore and say it doesn't work and not worth the effort. That's not a true statement. Yes, some restore points will not work and/or it goes thru the restore process, reboots and tells you nothing was restored. Aggravating but a high percentage of the time it's usually the fault of a 3rd party antivirus, malware program or added-on firewall. Turning those off before doing a System Restore allows the restore to complete. If the restore points have been corrupted - then no, they won't work. If a system went to a BSOD (stop error/system crash), System Restore is a great tool to have and can save you a ton of troubleshooting. System Restore will not get rid of malware. That's a rather broad statement but for the most part it is the assumption to make. But getting a system back to a normal state due to a bad update, failed program install (that use the windows msi installer) and some other mishaps, like losing power during an update or install, it is very useful and should be one of the first things to try. But it first must be turned on for each drive that you want to protect. Now that Win10 has the option for storing documents, apps and programs, etc. to other drives on the system, you have to give consideration to the drive being used in addition to C: drive. This is a nice feature for netbooks and tablets with little main storage available. With Win10 Home taking about 17GB-20GB on a system with only 32GB of main storage, adding a micro SD card or a USB thumb drive can provide the additional storage needed. Turn it on and do yourself and your neighbors a favor. To those that want to argue the point - it's a good bet in your favor and other than a few seconds of your time and some disc space, it doesn't cost you anything. Win10 will make automatic restore points and you can always initiate one yourself if you are doing something like adding some unknown freeware and want some insurance. Bob S. |
#22
|
|||
|
|||
igfxmtc.exe trojan
On 2/11/2018 7:11 PM, Bob_S wrote:
One last thing - System Restore points option. I know you've probably read the threads from some who have used System Restore and say it doesn't work and not worth the effort.Â* That's not a true statement.Â* Yes, some restore points will not work and/or it goes thru the restore process, reboots and tells you nothing was restored. Aggravating but a high percentage of the time it's usually the fault of a 3rd party antivirus, malware program or added-on firewall. Turning those off before doing a System Restore allows the restore to complete. If the restore points have been corrupted - then no, they won't work. If a system went to a BSOD (stop error/system crash), System Restore is a great tool to have and can save you a ton of troubleshooting. System Restore will not get rid of malware.Â* That's a rather broad statement but for the most part it is the assumption to make.Â* But getting a system back to a normal state due to a bad update, failed program install (that use the windows msi installer) and some other mishaps, like losing power during an update or install, it is very useful and should be one of the first things to try.Â* But it first must be turned on for each drive that you want to protect. Now that Win10 has the option for storing documents, apps and programs, etc. to other drives on the system, you have to give consideration to the drive being used in addition to C: drive.Â* This is a nice feature for netbooks and tablets with little main storage available.Â* With Win10 Home taking about 17GB-20GB on a system with only 32GB of main storage, adding a micro SD card or a USB thumb drive can provide the additional storage needed. Turn it on and do yourself and your neighbors a favor.Â* To those that want to argue the point - it's a good bet in your favor and other than a few seconds of your time and some disc space, it doesn't cost you anything. Win10 will make automatic restore points and you can always initiate one yourself if you are doing something like adding some unknown freeware and want some insurance. Bob S. I made a couple of restore points after cleaning the machine and optimizing w10 for speed. Will give that a try if she bsod's it again. |
#23
|
|||
|
|||
igfxmtc.exe trojan
"Mike S" wrote
| My neighbor complained about her machine running really slowly and being | basically unusable.... If you want to deal with it yourself you might find this useful: https://channel9.msdn.com/Events/Tec...2014/DCIM-B368 https://sec.ch9.ms/sessions/teched/n.../DCIM-B368.mp4 It's a video by Mark Russinovich about how to use his Sysinternals tools to handle malware. As he says repeatedly, Task Manager is not the best tool. |
#24
|
|||
|
|||
igfxmtc.exe trojan
On Sun, 11 Feb 2018 22:11:32 -0500, "Bob_S" wrote:
System Restore will not get rid of malware. What, never? That's a rather broad statement but for the most part it is the assumption to make. OK. I agree with "for the most part," but not with the sentence quoted above. But getting a system back to a normal state due to a bad update, failed program install (that use the windows msi installer) and some other mishaps, like losing power during an update or install, it is very useful and should be one of the first things to try. Yes, I agree. No guarantee it will solve the problem, but because it's quick and easy to try, It's almost always worth trying as a first step. But it first must be turned on for each drive that you want to protect. It's only useful for the drive on which Windows is installed. |
#25
|
|||
|
|||
igfxmtc.exe trojan
"Ken Blake" wrote in message ... On Sun, 11 Feb 2018 22:11:32 -0500, "Bob_S" wrote: System Restore will not get rid of malware. What, never? That's a rather broad statement but for the most part it is the assumption to make. OK. I agree with "for the most part," but not with the sentence quoted above. But getting a system back to a normal state due to a bad update, failed program install (that use the windows msi installer) and some other mishaps, like losing power during an update or install, it is very useful and should be one of the first things to try. Yes, I agree. No guarantee it will solve the problem, but because it's quick and easy to try, It's almost always worth trying as a first step. But it first must be turned on for each drive that you want to protect. It's only useful for the drive on which Windows is installed. Ken, If you are running Win10 check out the options for making restore points (you can select all drives) and then type Storage in the search window and go to Storage. Scroll to "More Storage settings" and select "Change where new content is saved". If you have a USB thumb drive or a micro SD card installed, it will show those as storage devices that can then be selected under each category such as shown (New apps will save to and then you can select the device. So if you have apps installed on a storage device other than C: and you or the system make a restore point, it will include the references to the storage device and restore the registry and setting needed. Not sure if you are the same Ken Blake but here's a post I found: https://answers.microsoft.com/en-us/...88c5cb2?auth=1 This is one reference about the recovery options in Win10: https://support.microsoft.com/en-us/...covery-options. You can do a search yourself to discover what others think about the effectiveness of using a restore point to get rid of malware. You will find quite the opposite. But that aside, you agree with the basic premise. I did not say 'never" in my comments and I qualified it in the following sentence. I think you're over analyzing things. Bob S. |
#26
|
|||
|
|||
igfxmtc.exe trojan
"Mayayana" wrote in message news "Mike S" wrote | My neighbor complained about her machine running really slowly and being | basically unusable.... If you want to deal with it yourself you might find this useful: https://channel9.msdn.com/Events/Tec...2014/DCIM-B368 https://sec.ch9.ms/sessions/teched/n.../DCIM-B368.mp4 It's a video by Mark Russinovich about how to use his Sysinternals tools to handle malware. As he says repeatedly, Task Manager is not the best tool. Thanks. Had not seen that video in the past but was worth watching to see how to use some of the more detailed features in his tools. The .mp4 version is a bit easier on the eyes. Bob S. |
#27
|
|||
|
|||
igfxmtc.exe trojan
On 2/12/2018 4:41 AM, Mayayana wrote:
"Mike S" wrote | My neighbor complained about her machine running really slowly and being | basically unusable.... If you want to deal with it yourself you might find this useful: https://channel9.msdn.com/Events/Tec...2014/DCIM-B368 https://sec.ch9.ms/sessions/teched/n.../DCIM-B368.mp4 It's a video by Mark Russinovich about how to use his Sysinternals tools to handle malware. As he says repeatedly, Task Manager is not the best tool. A w10 repair install andscans with 5 scanners and sfc/scannow has it looking good, hope I got all of the bugs. I'm watching the video now, thanks! |
#28
|
|||
|
|||
igfxmtc.exe trojan
On 2/12/2018 4:41 AM, Mayayana wrote:
"Mike S" wrote | My neighbor complained about her machine running really slowly and being | basically unusable.... If you want to deal with it yourself you might find this useful: https://channel9.msdn.com/Events/Tec...2014/DCIM-B368 https://sec.ch9.ms/sessions/teched/n.../DCIM-B368.mp4 It's a video by Mark Russinovich about how to use his Sysinternals tools to handle malware. As he says repeatedly, Task Manager is not the best tool. Mayayana, GREAT video, thank you. I downloaded the video and Sysinternals to a USB stick for future use. For anyone curious Scan/Clean Strategy - Disconnect from network - Identify malicious processes and drivers - Terminate identified processes - Identify and delete malware autostarts - Delete malware files - Reboot and repeat Look for processes that - have no icon - have no description or company name - unsigned MS images - live in Windows directory or user profile - are packed (compressed or encrypted) - include strange urls in their strings - have open tcp/ip end points - host suspicious dlls or services Use Process Explorer (vs Task Manager) - looks for dll versioning problems - finds locked files - looks for memory leaks, hung processes - it has a window finder which shows you which process owns a window - pink are windows processes, blue are your processes - can verify all process digital signatures, e.g. present/valid/revoked (must be connected to network) - has integrated malware scanner (uses VirusTotal.com online malware scanner) Sysinternals Suite By Mark Russinovich Updated: December 12, 2017 Download Sysinternals Suite (22.6 MB) https://docs.microsoft.com/en-us/sys...nternals-suite Major Geeks Microsoft Sysinternals Suite February, 2018 Author: Microsoft Corp. Date: 02/12/2018 08:10 AM http://www.majorgeeks.com/files/deta...als_suite.html |
Thread Tools | |
Display Modes | Rate This Thread |
|
|