Jump to content

Recommended Posts

Posted

My dad's computer started acting funny this morning. I don't know much about Windows.

When he logged back in this morning the following things were missing:

His desktop picture, his shortcuts in the taskbar were missing, his programs when you click the start button were gone, and Microsoft office longer seems to be registered.

He did have antimalwarebytes delete 2 pups that were in the registry key. We also had someone changing the DSL today but he said he didn't touch the computer. I doubt it was the latter.

Do you know what could be the problem and how to fix it? I don't have Windows 7 disks to reinstall everything and also my dad won't let me do that since he doesn't want to lose more things. Could this be caused by a virus (he has a virus scanner) or is this something that maybe is caused by Windows itself. I read something that implies it might be a corrupted user profile.

Posted

Trying to go through those directions but he has several ntuser.dat files. Do I not copy over all of them?

Also, I don't see any .bak files in the registry so I'm wondering if he really has a corrupted user profile (he also tried restoring to a previous point though).

Posted

I wasn't able to follow the directions (http://windows.micro...e#1TC=windows-7) since the files did not copy over.  I basically followed this and got some progress.  

 

I ran AVG Free Antivirus after this and when I did a popup came up (from F-Secure) saying there was malicious code found in file:  c:\Windows\System32\config\systemprofile\AppData\Local\Avg2015\temp\avg-74fae816-07d4-4657-9215-dell23653425.tmp (said the Infection was Gen: Varian.Symmi.45380).  

 

Evidentally, it didn't fix or change anything because I ran AVG again and the same thing popped up (but AVG says there are 0 threats found - both times).  Should I be concerned for my parents?  

Posted

Re-posted from other thread, plus some notes.

 

Shelly, I'm helping Ken with trying to save his old HP.  If you have the Activation Key (I imagine it's on the sticker on the machine), I can send you to a legal torrent site with the various Win 7 ISO images that Microsoft USED to host through DigitalRiver.  Not sure if there's someone to help your dad in your absence, but it may help.....

 

EDIT: unfortunately, the link is at home so wouldn't be able to send it until later this afternoon/early evening

 

Added notes: ESET is one of the best all-around, has been for years AFAIK.  BitDefender is good from what I've read, you also mentioned Kaspersky as well in the other thread.  Most AV's are good, some are just better and faster.

Posted

Yup, I've used BitDefender, in fact, I should probably go back.

 

I think we've gotten to the point where an AV is only as good as its target profile, I.E. if the hackers are targetting it more or less.  If less, then it's a better AV.  Which is loosely correlated to how popular it is, hence why Norton and McAfee aren't as effective as they used to be -- because they're the most popular.

 

And if not, at least it's a major factor.

Posted

To get you to buy the paid version?

 

(I used the free version, then switched to the paid version, myself.  But I'm also not as sure about what any of them caught and what they didn't.  I am definitely of the mind to do a full install when I suspect something.)

Posted (edited)

By the way, if I just tell my dad to delete the file with the "malicious code" "c:\Windows\System32\config\systemprofile\AppData\Local\Avg2015\temp\avg-74fae816-07d4-4657-9215-dell23653425.tmp,"  will truly horrible things happen (it is in the Windows\System32\config folder after all)? 

 

Do you think this will disappear if AVG is properly uninstalled?  Maybe it really isn't a problem. 

 

I don't know why AVG (or F-Secure according to the top of the pop up window), is saying it has malicious code but then isn't removing it nor is it saying it is a threat.  The strange thing is that it seems to have to do with AVG.  I don't know why it is saying F-Secure... maybe my dad used to have F-Secure (or still has it), and it is popping a warning when AVG runs.  

Edited by shellylh
Posted

I usually go through the interface.  It's usually quarantined (albeit, not in the Windows system folder), and you just go to quarantined items and delete them from within there.

I don't know what F-Secure is.

Posted

It wasn't quarantined.  There were no threats at all.  When I ran it (AVG)  a second time, it came up with the same problem. 

 

F-Secure is another anti-virus program.  My dad says that he has never seen it on the computer (although some part may be left from when my brother had the computer). 

Posted

Is the F-secure "warning" giving a phone number to call to fix the problem?

It all sounds very much like the worm the guy down the street had that was telling him McFee had found a virus even though his son had removed McFee several months earlier and installed Kasperky.

The son had also installed several obsolete registy cleaners which borked all of the user profiles and several other registry keys.

I backed up the documents and such to an external drive, did a system restore from the Dell restore disks, put all of the documents back where they were, installed Bitdefender free and it's been good for almost 6 months now even though his wife has like 426 frigging facebook games.... 

(just went an installed a NIC for him the other day and was impressed that malwarebytes did not find much to complain about )

 

BTW if you have a retail serial number you can get a restore image from Microsoft.

 

http://www.microsoft.com/en-us/software-recovery

Posted

 ^^^ That's good advice.....seen those fake Virus Scan ads as well, McAfee was one I cleaned from an acquaintance's machine a few years back.  Had to remove her HDD and scan it completely via another machine.

 

The tough part about the MS download is (as you say) it's for retail versions.  Most pre-loaded desktops/laptops use the OEM version.  I found that the DigitialRiver ISO's work almost always, just pop in the OEM key on the sticker.

Posted (edited)

No phone number to call, it just looks like a windows popup (I guess I was stupid to press ok but I did) and F-Secure in the title of the Window (if you know what I mean).  

 

I guess I posted this in the wrong place (in the Windows software thread where I was asking for AV software).   

 

 

copied from other thread:

 

"Look what I found at home.

post-1008-14381303741665_thumb.jpg (see other post for picture)

One of them is the disks that I bought to upgrade to Windows 7, the other is an OEM I bought at Amazon.

Will my dad* be able to use either too do a clean install? Which would be better to try? Only the " upgrade" includes a 64bit version.

If feel more comfortable sending these rather than something that was downloaded from a torrent site (even if legal).

*Or someone who knew what they were doing?"

 

I was going to send these disks in the mail to my dad today.  It would be too frustrating for him to download the software and make a DVD for installation himself.  I assume that the OEM version should work with a clean install.  (The upgrade disk probably won't work if the disk is wiped I am guessing.)  Is this correct?  

Edited by shellylh
Posted (edited)

I think upgrades will work if you have a valid install disk from the old install (IE, it may prompt you for the old CD/DVD to validate you have a legal Windows copy).  I'm NOT sure that the upgrade would work with the OEM as the original disk, though.

 

The upgrade disk may or may not work with the machine as-is, but it also doesn't remove any malware if it exists.  If the issue truly is one of corrupt registry files, then this WOULD help.

 

Another possible option for a corrupt file would be to create a new user and try to move to that.  Creates a new NTUSER.DAT file under that profile.

 

One last other option is to find or purchase the original machine's recovery disks.  They often can be had for ~$25 or so from the manufacturer.  This way, if he needs to do a completely clean install, at least the drivers and original configuration would be intact, rather than loading/building from scratch.  of course, this also wipes all the existing content off....

 

No simple answer, sorry.  It's always easier with an expert nearby, opens up options more.....

Edited by skullguise
Posted (edited)

He doesn't have any of the original disks (since it was my brother's computer - who passed away). 

 

Shouldn't the OEM disk work by itself (even though he will have to build from scratch)?   The computer came with a bunch of shit installed so it would be better not to have all that stuff.  

 

I'm not so worried about the corrupted user profile.  I am just concerned about the malicious code in the file that keeps popping up when running AVG. 

Edited by shellylh
Posted (edited)

OK, yeah the OEM disk should work on a full re-install, just loading the drivers will be the pain point (they should be downloaded and saved to CD or USB before starting the re-install, as more often then not the network drivers don't load automatically with a Windows re-install). 

 

It also sounded like it's a 32-bit version of the OS for the OEM, yes?  Not that it would make a huge difference, but I always like the 64-bit.....

Edited by skullguise
Posted (edited)

Yeah, it is a 32-bit.  I don't think he will mind though.  He doesn't use it for much.   I'm guessing he would not have a good time with the drivers.  I wish I were still there to do this.  

 

I am wondering if he would just let me buy he a new desktop (I tried this Christmas and he said no).  This seems decent and Dell doesn't put bloatware on the computer. 

 

http://www.dell.com/us/p/inspiron-3647-small-desktop/pd?oc=fdcwst315bw10&model_id=inspiron-3647-small-desktop

 

Unfortunately, it does come with Windows 10 (which he probably won't like since he probably won't be able to run Microsoft Office 2000 on).  Now that I think about it, I doubt Windows 8.1 is compatible with Office 2000.  :(

Edited by shellylh

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.