The Win32:Tibs-EOE[Trj] virus caused a lot of unusual problems for me in the last week.
However, after using the Avast Boot Time Scan and 2 full scans with Updated MBAM, I managed to get my Windows Vista Home Premium to boot up (or apparently boot up as normal).
My problem now is that None of my Programs or Browsers will operate.
Although the program links and desktop Icons appear to be trying to load they simply stop and nothing operates.
So although the Bootup appears normal, nothing seems to be operational when Clicked.
This was also the case after the first MBAM scan and I have had to upload everything in the “Safe Mode with Network”.
I’m pleased to note that everything appears to be working in “Safe Mode”, but I need to know what can be done to restore things to normal.
Another thing that I’ve noticed is that although my Avast anti-virus updates automatically as normal, it does not register in my Windows security setting, which now always warn that it is out of date.
Thank you for any help and advice anyone can provide following this nasty and frustrating week.
Follow the directions for obtaining OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). We can then analyze this in the meantime for any malware, and if any malware is found we will refer you to one of our malware experts.
In the meantime, since we don’t know if your Security Center is accurate in seeing your antivirus (AV) or not, you may want to turn on Windows Defender (if you have it), make it Resident, and update the definitions; it will not conflict with Avast. Thank you.
When you say that the malware you got “caused a lot of unusual problems for me in the last week,” can you tell me what kinds of problems you experienced? Please be as specific as possible so we can help you.
I look forward to your posts with your logs. Please let me know if you have any questions. Thank you.
I am going to contact one of our Certified Malware Removal Experts, named Essexboy, to assist with your malware removal once you post your logs (esp. the OTL log). He will give you further instructions here in this thread. He is on UK time zone, so please check this thread at least daily, even if you have to check from another PC and print the instructions.
In the meantime, please remove all personal data, banking information, passwords, etc. from the affected machine as a “just in case.” I will still be assisting you in the meantime and once Essexboy arrives, I will remain in the background.
What firewall do you use?
Please let me know if you have any questions. Thank you.
I am splitting this post into 2 parts, as initially it exceeds the 10000 characters limit.
I will post the “Cut & Paste” copy of the MBAM log in Part Two…
I’m currently using my PC in “Safemode” and hope that I can provide all the correct information and logs to help solve the problem.
I first posted a reply to the post entitled “Win32:Tibs-EOE[Trj]”
stating that I too had been getting continuous Avast Warning messages over 2 days that amounted to many hundreds and wondered how to overcome them.
I followed the instructions on that post and Downloaded the MBAM program and ran a Full Scan - Logs Attached
Unfortunately when I tried to Boot up my PC I was getting a Blue Screen Warning that Quickly Closed down and I was then able to Boot Up using “SafeMode with Networking”.
Currently, My PC does appear to Boot Up to my Windows System, but none of my Program Links or Desktop Icons links are operational, although when clicked on, they do appear to be trying to open up, but simply just stop with no results.
That’s the current situation and I’m using my PC in Safe Mode to reply to your request…
the Vista Home premium is 32-bit
The Avast is Avast - Internet security 5.0 (3 PCs for 1 year)
element 5 - order number: 338926985
I think this is Pro version. (paid for)
Here is the Copy of the MBAM Log … (SEE PART 2)
= = = = = = = = = = = = = = = =
Following your reply I have downloaded OTL and ran a Full Scan.
I have attached the 2 OTL Files to this post.
Currently everything is working in “SafeMode”.
Thank you once again for your help and advice. It is much appreciated.
Here is the Copy of the MBAM Log with a considerable amount of Infected Files cut off because the full file exceeds the 10000 character limit considerably.
We may not need to do a deep AV scan depending on the results of these two runs. But if we do the scan could take up to 5 hours. So please be prepared for that. Both programmes may be run in safe mode
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
@ Essexboy, I had instructed the OP in my first post to turn on WD as Resident since Avast was not recognized in the Security Center. I also did not know he had SAS. I see both in his Combofix logs. I’ll let you analyze the logs since you are the expert in this area.
Thank you John for providing the logs. Essexboy will continue from here.
This morning my PC booted up OK and I think everything may be back to normal???
However, one thing I omitted to add to me previous posts was that there is a problem with my Windows Defender.
It does not Turn On Automatically and when I try to start the Program from the Program Icon or try to Open it I get and Error message
“Application Failed to initialize: 0x800106ba. A problem caused this program’s service to stop.”…
I don’t think everything is back to normal yet. Did you have this WD problem prior to the malware problem?
I know Essexboy has other tools to use that I’m sure, and I’m sure he will be giving you further instructions. So stay posted to the thread for his post. Thank you.
I’m honestly not sure whether the problem with WD was there prior to the Virus.
I only became aware of it when trying to follow your instruction to enable WD.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Once this is complete we will look at the remaining problems with WD
Go to control panel > administrative tools > services
Locate windows defender
Right click windows defender and select properties
Ensure that startup type is automatic (delayed)
Ensure that the service is started, if not try to start it
If it fails note the error generated
I found a Windows Defender in the Control Panel itself, but when Double-Clicked or Right clicked and “Opened” it always shows the attached Error Message.
From the Start menu, select All Programs > Accesories > Right click Command Prompt and run as Administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Press Enter
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.