I just wrote the most gracious and longest compliment to Avast, that I have ever written to anyone BY FAR!
But when I hit post, I had the notion that the captcha, was only for attachments. Sorry guy’s but I couldn’t write that again in a nudred years, As it was an out pouring from the heart for all your years of GREAT service!
I went on to explain that I have a new VIRUS/WORM/ADS, That NO ONE could repair, even MSoft said it was scientificlly designed for a Government, From Russia built At request from China, And just bypassing a TPM 1.2 chip from acrss the globe was not considered possible!
These guy’s made it look easy, undetectable (PRE-BOOT) scan stuck at 54% for 6 hours before I pulled the plug. If I treid to explain ALL it does again, I’d be writing til dawn! I can’t place any blame that a free anit-virus AT LEAST knew there was a problem. NO other corporation
even came close! Msoft asked me to donate it to the NSA!!! MY disabled butt! The NSA can study this virus, After they deliver my NEW laptop, including my cloned clean data!
Any NSA takers out there? Probably a mistake not to have offered! This virus verges on A.I. It will even design and deliver a dialog box and “Lie” to the user! It has Almost EVERYTHING covered! In fact for two days I was not sure my sanity was not the real issue. then 80GB of MP3’s Disappeared. I knew I was not imagining that my PC had a problem.
Your forum and the help from Geeks to Go, It is almost over!
I cannot thank you enough for the years of help I have received from your company! I always recommend you! always will!
THANKS AGAIN,
Ray p.
Welcome to the forum. 
Sorry about the captcha but it’s something Spammers forced this forum to institute and is only there
for your first 3 posts.
It’s refreshing to read a compliment since this is a support forum, most entries are complaints or problems.
I wonder if I can find it ;D
Are you game for me to have a look see, also does the virus have a name ?
If so …
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Hi,
I felt I had to reply as you gave your valuable time for my sake! But the PC degraded before I could! And kept degrading. I have spent everyday since before I made this post ( my first) putting many an hour into getting back to here with no support. Well it was not until today that I regained enough functions & control to go online and tell you of the results. I was NOT ignoring you! I have 30 years in electronics, but they were 95% analog! The digital that I did pick up in the 80’s does not help alot with modern systems. Even though they were top line Government equipment, They were more similar than you would imagine, However, I was not able to remember MANY of the commands that I once knew, In BASIC and DOS. So, I stubbornly kept plugging away, Learning ALOT! But getting near zero results! Perhaps obsessive is a better word. Because I took almost 3 month’s to regain functionality, I found the virus, NO commercial product detected it, Avast’s pre-boot scan (which had never failed me before) got stuck at 54% for hours, so I guess it detected something amiss, but could not deal with a decision. This is an incredible, piece of work! I don’t approve of how it is being used but as far as admitting it, The more I understood how it was done. the more impressed I became! I don’t pretend to have been even on a level to understand it as he was to write it ( team maybe?) So, No working computer, it did not allow printing at all. Or if you’d burn a CD or DVD it showed normal, untill I noticed, the disk was blank! So I had nothing but my word to tell everyone that I had a virus with what seemed to be A.I.!!! It would Lie, cover the dialog box with an exact copy only the yes & no swapped! Or force me to misspell commands while trying to type fast enough to beat a dual Processor 2Ghz machine, Yeah Right! It would grey out the one thing I needed! After a while it made me seriously doubt my sanity! I got lucky, an obscure program in Linux, designed for a very simple recovery shell. Was “test disk 6.14” by Christophe Grenier, It was the only tool, After all the big names came up with “no problems detected!” His little tool, showed that there was a disk overlay with 82 programs/tools/utilities, & and an auto C++ writer called “Panther,” That were hiding on what appeared to be 3-4 hidden Linux or Unix partitions! I was not insane! As, his tool was for recovery, it lacked a simple delete function! I was free to attempt getting back what I wanted gone.
So, I have spent hundreds of hours more labor than the machines are worth! learning and trying! I am to the point that I control the PC and am able to go online! All my commands in Win 7 pro are back, But I do not know how to get the partitions merged, or how to flash the BIOS/ CMOS to boot normally, If I disable the remaining virus components, I will have to boot from a recovery disk, then may may or may not get Windows back without great difficulty, at times it boots better than any windows ever made, They designed a boot system that seems indestructible! I cannot imagine not selling it to a Major Corp. like Msoft or Mac, for more than they could ever get from credit cards, It is so fast that on my Gateway notebook they run a full memory test just to stall! My wifes Compaq, 1 year older but a superior price range desktop. Handles this infection so well that it could be run for months, without the user suspecting very much, age and driver glitches would probably get the rap! But they do not have a similar memtest, so it is at the login window in seconds! At that time they bypass windows and run their OS using win sys32 dll’s and other files! They even have an “Autoexec.bat” that I was sure was history, It’s simply is a dummy file for NTVM and changes dirs. to branch off right at the start to a non windows, windows clone! Problem is they have acces to all the keys logged, can take control from their location, even change keybrd values and engage the mic. & camera! If they want. But for some bug the winsxs dir. Keeps growing until it is forced to recycle to and from the recycle bin, at that point it begins to lose track of where all the files are and file begin to move in and out of the oddest directories untill you have a mess that finally crashes! And you reinstall over the virus and start fresh. The virus slowly but surely has you in a matter of 12 hours to 24 maybe 36 hours, then you are not authorized to do any more, so you try in DOS to do what you can untill it self destructs again! I have moved some files it needs that I was allowed to, And a rename is ignored but reversing 2 letters or adding one, you can sometimes pull off, especially if you open about 100 processes then make the moves you plan to attempt when the machine is beginning to run out of memory! Also I can alway’s pull the plug when it becomes confused and locks up. This disables more functionallity than if you allow it time for resolutions! That Bullet Proof boot enables this crazy method! Especially when I found that it does not REALLY boot from a windisk unless it cannot reconfigure within x=msecs, which I reduced in the registry to force it more issues. I could eventually relocate and delete untill I have nothing left but windows OEM. But I have no clue how to repair the dozens if not hundreds of registry rewrites!
So, I will begin by following the advice you gave me last month and run OTL then paste the two logs. After putting in this many hours, I am quite willing and ready to have a little help from those who know!!!
Thanks, Sorry about the delay!
Ray P. :o
The name on the recovery disk called it “1 CD Russian Financial Enterprise 8,” (82 items), I wrote all down if needed? If you don’t hear from me again right away (sometime in the morning), 530-261-0295 may be my only recourse! Thanks again!
If need be we could even work with an inert windows, I have two programmes that could do that from either USB or CD
Thanks for your kind remarks, I wrote a bit of a long winded sort of apology/explaination on Beta test site and some feedback was a bit insulting, It’s always refreshing that some folk’s still have manners!
Thanks again,
Ray F. Potter
Hi the destructions for OTL
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
Dear Sir, Essexboy,
May I ask if that name is due to you being from Essex? OK I ran the OTL with your script, Then I crashed again, made many changes, apologized to the Beta test Forum, (for vanishing as soon as I downloaded the software, I felt obligated to explain!) I did not find an Extra.txt file After the scan, I did put some other logs in a zip file and meant to send it yesterday, but had to configure my new router and make some repairs, At this moment everything seems stable, best in a long time! So, I am thinking that I should take an hour (hopefully) and generate a new report. I can add it to the zipped files, I assure you anything that was harmful has had it’s extension changed to DOT XML.LOG for example. If you would prefer I’ll just run the new scan and send the new data only. I will check post prior to attatching?
Thank you so much, I have noticed that you are VERY busy! Over 100 pages of post’s, I certainly appreciate your time and Will cooperate with which ever way you Prefer.
Thanks once more,
Ray F. Potter
The OTL log can be added as an attachment to your next post. There is only an extras report on the first run
Sorry Guy’s,
But I tried to run OTL again to get that “extras.txt.” And did not notice that it was stuck on the Czech boot directory! I left it there until the hour pause that Avast gave me to run it, was up, then windows upgrade kept coming up every 5 minutes and screwed it up, (Could this be what made it stick? Should I retry offline? Should I download a new OTL, as this virus is capable of ruining programs it see’s as a threat!
How it makes that determination I have no clue! As far as a name for it not that I could find as it is never detected, I did use a simple recovery tool that was the first software that actually could see the partitions and that they were in Linux, Unix, maybe Mac? I hear it has command lines very similar to unix/Linux. I do remember from Rockwell that used Unix, if you put a . in front of a file name, it became a hidden write protected file, with no name showing just . I was told that if the password was lost so was the file. But that was in the 80’s
I am Sorry that we are having all these delays but as soon as I hear which plan to use I’ll try again! If I can disable windows upgrade, I’ll just go ahead, then we will know what stuck OTL!
Hanging in there,
Ray P.
Ray P.
OK lets work outside of windows
Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
https://dl.dropbox.com/u/73555776/peazip.jpg
Download the following files to the desktop … Right click the links and select save as…then select desktop
Right click OTLPE on your desktop and select …Open as archive
https://dl.dropbox.com/u/73555776/Unzup%20archive.png
Select OTLPE standard
https://dl.dropbox.com/u/73555776/select%20archive.PNG
Click Extract, ensure that desktop is selected
https://dl.dropbox.com/u/73555776/extract%20archive.PNG
Insert the USB stick Then run Rufus
https://dl.dropbox.com/u/73555776/rufus.JPG
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
https://dl.dropbox.com/u/73555776/RufusISO.JPG
Once the USB has burnt then
[*]Download Farbar Recovery Scan Tool and save it to the flash drive.
[*]Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
[]As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[]Your system should now display a Reatogo desktop.
[]Locate the flash drive and run FSRT
[]The tool will start to run.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.