I've been infected, and I'm still infected, I downloaded one file from Freelancer.com, employer was "seeking for beta testers", and it didn't do anything, just asked permissions to run, so I accepted...
On next windows bootup(today) I noticed many startup applications didn't launch (including F-Secure). I wanted to launch it from its folder but it's permissions were weirdly messed. And a lot of other permissions too. So I changed owner of Program Files (x86) to Administrators, then edited the F-Secure folder and its children to only have Admins and my user in users, and gave it all permissions. But still, I was having problem - now I couldn't launch any file: it says "device, path or file wasn't found" etc. Yet as it was seen F-Secure's services and processes were running in background(And action center doesn't display anti-virus issues)..
Then I tried to do SFC (which couldn't correct some errors), I tried to restore all file security properties from CMD (fsecedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose), repeated same things from Safe Mode, then I found that there's cvtres.exe process running until I open Task Manager, and fortunately it takes few moments to end that process, so I found it's name, but nothing more. As some suggested on the web I did use AdwCleaner, then tdsskiller by kaspersky, with no result. Still in Safe Mode I followed some .exe file opening-ability fixing solution provided by Microsoft(yet now instead of "run" or "open"(I don't remember) it displays "%1" %* and after restart I can launch almost all exe files (all but system restore - "windows cannot find 'c:\windows\system32\rstui.exe'. Make sure you typed the name correctly, and then try again"(opening from that directory does the same)).
I can launch applications after having Windows up and running, but I guess half of startup items don't start at startup, they don't even exist in msconfig..
I think I have found the infected file and removed it(actually I gave the DeepGuard order to allow it as it seems yesterday... But now I denied it and deleted that file, and CPU loads no more).
Yet, can anyone help me with startup problem?
A lot of programs don't start, including FS, and reinstalling of one of them didn't help that either.
Sounds bad. If it was my PC I would restore a full backup(system image) that re-formats the hard disks first. But I assume that's not an option in your case.
So your best option is probably to get rid of all traces of the infection. You could give these a try:
http://www.f-secure.com/en/web/home_global/online-scanner Standalone portable app
http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 Create a Rescue CD/USB to boot from
http://www.malwarebytes.org/chameleon/ Gets Malwarebytes Anti-Malware installed on infected machines
http://www.surfright.nl/en/hitmanpro/ Standalone portable app
http://www.surfright.nl/en/hitmanpro/kickstart Create a USB flash drive to boot the infected PC from
http://www.microsoft.com/security/scanner/en-us/default.aspx Microsoft Safety Scanner
Did any of the tools NikK suggested solve the issue?
I recommend the Rescue CD or the system restor that NikK linked.
@Janiashvili If you want to do some detective work and hopefully you're able to run the tools from Sysinternals without the "infection" blocking them from launching:
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions