Error Checking after malware removal

[Hum]

I got some RelevantKnowledge folder on my laptop -- I guess from installing dodgy software.

 

It was messing with the Explorer and the Network connection.

 

I stopped and removed the malware.

 

But I wanted to run an Error Check, but for some reason the check cancels itself.

 

I tried System Restore, but this did not fix the problem.

 

Is there a Registry tweak ?

 

Any suggestions ?

 

Thanks.

 

Windows 7 O/S.

[Hum]

Well I was able to run sfc from Safe Mode.

 

It said that it found nothing wrong.

 

Still not able to schedule an Error Check that runs to completion, in the normal way.

[Obi-Wan Kenobi]

That doesn't sound too good, hum. I would use hirens ultimate boot cd, in a mini environment, then run another scan with one of the included scanners. Or you could try running an sfc from within that mini environment. I hope you don't have to do a reinstall or anything. Don't know if this helps, just throwing it out there, and if anyone else had a suggestion that's a better solution, please post it. My curiosity is piqued, and I'd hate for you to lose any data, hum!

[EZRecovery]

Try this: TrendMicro Anti-Ransomware

 

UBCD4Win download ISO and burn, boot from it.

 

Hirens Boot CD is another good tool like +Obi-Wan mentioned.

[+Warwagon MVC]

I got some RelevantKnowledge folder on my laptop -- I guess from installing dodgy software.

 

It was messing with the Explorer and the Network connection.

 

I stopped and removed the malware.

 

But I wanted to run an Error Check, but for some reason the check cancels itself.

 

I tried System Restore, but this did not fix the problem.

 

Is there a Registry tweak ?

 

Any suggestions ?

 

Thanks.

 

Windows 7 O/S.

 

if RelevantKnowledge is all that you had I wouldn't call that malware, just ad-ware. What does the exact message say when the scan stops? Does it say the user canceled the scan or that the scan has been canceled?

 

You may want to try adwcleaner. It's made for this kind of stuff.

 

Could you do a system restore? I would recommend maybe a kaspersky rescue disc scan via a bootable USB. But first I would do safemode. and run ccleaner and remove temp and internet temp files. Makes the scan go faster. Then run hitman pro. See what it finds.

 

Even if you had to reformat, I see no reason why you would have to loose any data. Just hook an external hard drive up boot off a bartpe disc and copy your data over before the refomat.

[T3X4S]

whats malware ?  Havent had it in so long - I forgot !

[Hum]

I managed to get a chkdsk going from the Safe Mode.

 

It gets thru Stage 1, but then seems to get caught in an endless loop in Stage 2.

 

It did this twice.

 

I suspect a Windows Repair will be needed.

 

the scan has been canceled?

 

You may want to try adwcleaner. It's made for this kind of stuff.

 

Yes -- and I did run AdwCleaner. MSE found nothing before or after.

 

I have already removed the 'RelevantKnowledge' crap.

 

Regedit found no trace of RK.

 

But then I wanted to check the System files, and that will not complete in the normal way.

 

So I am wondering what is damaged ...

[+Warwagon MVC]

I managed to get a chkdsk going from the Safe Mode.

 

It gets thru Stage 1, but then seems to get caught in an endless loop in Stage 2.

 

It did this twice.

 

I suspect a Windows Repair will be needed.

 

Yes -- and I did run AdwCleaner. MSE found nothing before or after.

 

I have already removed the 'RelevantKnowledge' crap.

 

Regedit found no trace of RK.

 

But then I wanted to check the System files, and that will not complete in the normal way.

 

So I am wondering what is damaged ...

 

 

not sure how much I trust ad-ware anymore. How about adwcleaner?

 

I don't really remember sfc /scannow having 2 stages I  just thought it went to 100%

 

Oh now you mentioned chkdsk .

 

how about an hdtune error scan. Maybe you just happen to have some flacky sectors

[John.D]

Run malwarebytes in safe mode do a full scan. Update it first

[Obi-Wan Kenobi]

Run malwarebytes in safe mode do a full scan. Update it first

Even better, try malwarebytes chameleon: https://www.malwarebytes.org/chameleon/

[goretsky Supervisor]

Hello,

 

It would be very unusual for a potentially unwanted application (PUA), or even malware, to corrupt the file system of a drive.  After all, they make their money when your computer is available and online.

 

You might want to try testing the disk drive with the manufacturer's diagnostic utility, just in case the problem is with the drive itself and not related to the PUA that was on the system.

 

Regards,

 

Aryeh Goretsky

[dafox]

Anything in the in the sfc log file? Malwarebytes and spybot should do the trick. Try the shell mode in spybot, I have found it quite handy with some malware/ PUA's

[Hum]

So far, nothing has fixed the Disk Checking error.

 

I ran a custom scan of MSE, it found the following --

 

I don't how much they affect Windows.

[John.D]

Well obviously the keygen is used to register whatever program. So you dont have to pay for it.

 

The Java one. You should keep Java up to date. If you use it. Uninstall all previous versions. And install the latest version of Java ONLY. You can get this (what MSE picked up),  if you visit a malicious / dodgy / hacked site with a vulnerable version of Java.

 

Since old versions of Java have vulnerabilities. And you can get hacked if you dont remove old versions. Use Javara to remove the rest of the entries, once you've uninstalled old versions of Java

 

And sulunch!gmb. Not too sure what this can do, but it is a trojan. I would also download / run tdsskiller. See if you've got any rootkits

[Hum]

^ I have not installed any key generators on my laptop -- and certainly not in the Win32 folder.

I updated Java 2 or 3 weeks ago.

I did run some Trendmicro rootkit program, which found nothing.

I guess I will live with my laptop for now.

The slowness of Explorer is gone, and the Network connection seems at normal.

I do thank you guys for your efforts to help. ;)

[John.D]

But did you uninstall the old versions of Java after installing the later version? Even if you install newer versions, if you dont uninstall older versions, they've got vulnerabilities. And you can get hacked if theyre still installed

 

I would uninstall ALL  versions of Java then use Javara so it'll remove the rest of their entries. Then reinstall the latest version

[FiB3R]

HackTool:Win32/Keygen

 

This just means that the Keygen is a Win32 app, not that you have actually installed it on the system.... Yet :)

 

Really wish AV progs would ###### off and leave my Keygens alone. They know damn well they are no threat to my system.

[JJ_]

The chkdsk error might be due to the hard drive going bad. Download HDDScan (no install required), select your OS drive, click the round circle -> S.M.A.R.T. Take a snippet of the table and attach it as picture.

[Hum]

The drive is a little over a year old and the laptop has not been dropped:

 

 

[T3X4S]

OK Hum, this is where I play Captain Obvious....   Why dont you have a backup solution ?

Even if its just a manual boot CD of Acronis 2014 that you have to direct to a secondary HDD or NAS - if done regularly, if this happens, who cares ?  Restore.

What pr0n were you looking at ?  Was it the midget stuff, or farm animals ?  You seem like the midget stuff, pr0n cosplay.  :D

[Hum]

Even if its just a manual boot CD of Acronis 2014 that you have to direct to a secondary HDD or NAS - if done regularly, if this happens, who cares ?  Restore.

I have never once gotten Acronis to run right -- so I do not use it.

 

I did try regular System Restore, if that is what you mean.

 

 

Well, I feel better now -- I got Check Disk to run from Safe Mode, and this time it completed. :)

[Hum]

I wanted to run an Error Check, but for some reason the check cancels itself.

 

Is there a Registry tweak ?

You are correct. ;)

 

Resolved:

 

This problem was caused by a Registry entry gone missing.

 

 

 It is quite possible that the BootExecute data value in the Registry has been changed or got corrupted.

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

 

Ensure that the default value of BootExecute in the right side, has been set at:

 

autocheck autochk *

 

http://www.thewindowsclub.com/check-disk-will-not-run-at-startup

 

 

 

The BootExecute registry value was gone completely, so I re-entered it.

 

I restarted the computer for the changes to take effect.

 

Then I opened C:/Properties/Tools/Error Checking, and scheduled a 5 stage disk check.

 

I rebooted again, and Error Checking proceeded in the normal way.

 

Perhaps this will help someone else in the future.

 

 

All is as it was. :happy:

[goretsky Supervisor]

Hello,

 

Can you remove the hard disk drive from this computer, mount it as a secondary drive in another one, and perform the Chkdsk operation from there?

 

Regards,

 

Aryeh Goretsky

[Obi-Wan Kenobi]

I'm glad you figured it out hum! That's awesome man, good job!

[+BudMan MVC]

 

I have not installed any key generators on my laptop -- and certainly not in the Win32 folder.

 

 

 

 

At a loss for words to be honest ;)  Here I grabbed something I knew would trigger MSE that I is clean useful software

 

http://www.nirsoft.net/utils/internet_explorer_password.html

 

Next time you get a warning about something

[John.D]

It says / states on the nirsoft site that AV programs may detect that as a false +

 

And their blog