Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Warning: mysqli_query(): (HY000/1030): Got error 122 from storage engine in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 1924

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182

Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, boolean given in /home/merizos/public_html/remove-malware/wp-includes/wp-db.php on line 3182
safe mode - Everything Anti-Malware!


Tag Archives | safe mode

Blank Windows Screen or ISAPNP.sys Hang = A Zero Bytes .Sys Driver

I had one hell of a mystery on my hands the other day.  A client called me and said she had a blank screen every-time she booted up her Windows XP computer.  I was pretty busy, so I told her I’d pick it up and work on it over the weekend.  I just figured it was a bad vid card or a corrupted Windows XP install.

Here are the things I tried:

  1. Full Scans using my UBCD4WIN…nothin found…
  2. I tried to load safe-mode but it hung on isapnp.sys everytime.
  3. I ran checkdisk /r
  4. I did an in-place Windows XP repair

….nothing would work.

As I was doing a visual check for standard Windows XP drivers I discovered there was a randomly named zero kb .sys file in c:\windows\system32\drivers.  I simply deleted the file and the PC booted up completely normal.

I just wanted to put this out there because it looks like it’s something new.  I’m not sure if it affects other versions of Windows or not.

Continue Reading · 13

Malware Removal Guide

How To Remove Any Malware for Free Guide – Updated for 2013 

Removing malware from Windows can be a frustrating process for someone who doesn’t work with malware on a daily basis (like myself).  Most people will just hire someone to remove the malware for them and that’s fine.  In fact, I’m available for hire if you can’t follow this guide or just don’t have time to.  

This guide below will show you how to remove any malware for free.  If you don’t have time to read through this guide then please watch the step-by-step video below.

Removal Guide Overview

  1. Backup – How to backup up your important personal documents just in-case your PC become inaccessible.
  2. Gathering the needed software for this guide.
  3. Bootable Antivirus – Why bootable antivirus is the best way to remove malware.
  4. Bootable Antivirus Disc – How to create a bootable antivirus disc.
  5. Bootable Antivirus Disc – How to scan your PC with a bootable antivirus disc.
  6. Cleanup – Round up the remnants and remove them.
  7. Prevent it from happening again.

Step 1 – Backup

If you’re able to login to your pc you should backup your documents to external media.  This could be a flash drive (usb stick), external hard drive or cd/dvd.  If you don’t know how to backup your documents then watch the video version of this guide above.

Step 2 – Gathering the Software Needed for this Guide

  1. Download the Kaspersky Rescue Disk – A bootable anti-malware scanner.  It’s free.
  2. Download MalwareBytes – An on-demand anti-malware scanner.  It’s free.
  3. Download Hitman Pro (if you have a 32 bit version of Windows then download the 32 bit version of Hitman Pro) – Another on-demand anti-malware scanner that is able to detect rootkits and successfully remove them.  It’s free for 30 days.
  4. Download CCleaner – Cleans up all your temp files in seconds.  It’s free.

Step’s 3 and 4

So, why are we going to use a bootable anti-malware (anti-virus) disc to start cleaning our pc?  Simple.  Disinfecting and removing malware from a bootable environment (like Linux) is effective and simple.  

For example, you can tell the bootable anti-malware disc to scan your entire PC and walkway.  At the end of the scan you’ll be presented with a list of files that are infected and suggested methods of dealing with them (like disinfect, quarantine, rename, delete, etc).

Creating your bootable anti-malware disc is pretty easy.  

Follow these steps below.  Depending on how infected your computer is you may need to perform these steps from another PC.

  1. If you haven’t downloaded the software needed for this guide then you’ll need to download the Kaspersky Rescue Disk from here now.  This is an .iso file.  This iso file will be burned with a free program called imgburn.  Imgburn converts this ISO into a bootable disc.
  2. Once your ISO has downloaded we need to burn it with Imgburn.
  3. Open ImgBurn and then click the Write Image File to Disc button.  
  4. Click “browse for a file” and then choose the Kaspersky rescue disc iso you just downloaded (kav_rescue_10.iso).  Click the write button at the bottom.  The burn process should only take about 10-20 minutes.
  5. Now that the disc has been burned/created it’s ready for you to use it as a boot disk.

Booting and Scanning your Infected Computer with the Kaspersky Rescue Disk

  1. Put the CD/DVD you just burned with ImgBurn in your CD\DVD drive.
  2. Now it’s time to boot your PC to the disc in your CD\DVD drive.  This process is different for all computers.  
  3. Shut down your PC.
  4. Click the power button on your PC.
  5. Now you need to select a boot device that contains your Kaspersky Rescue Disc (your CD\DVD-ROM).  On Dells, for example, you could do this by tapping the F12 key as the computer starts and then using the arrows on your keyboard to select the CD\DVD drive and then press enter.  Selecting your boot device options will depend on your computer type and manufacturer, please do a search on how to access your boot device options.
  6. As the Kaspersky Rescue Disc loads please just click enter and accept any default options.  You should see something like the screen below once the Kaspersky rescue disc has finished loading:
    kaspersky-rescue-disc-update
  7. Click “My Update Center” and then click “Start update”.
  8. Click the “Objects Scan” tab and then select “Disk Boot Sectors”,  “Hidden Startup Objects” and C:
  9. Then click the “Start Objects Scan” button.
  10. At the end of the scan (which could take minutes or hours) you’ll be present with a list of options concerning any infections. You should disinfect first (if this option is available), quarantine next and delete third.  Always try to disinfect any infections found.
  11. After all infections have been cleaned/dealt with you can restart your computer.

Cleaning up the Remnants

Now that all the hardcore infections have been destroyed via the Kaspersky Rescue Disc we can begin the process of getting rid of any remnants left behind.

CCleaner:  CCleaner can remove thousands of temp (junk) files in seconds, thus drastically speeding up scans from Malwarebytes, Hitman Pro and your resident antivirus.

  1. Install CCleaner.  You can uncheck any included toolbars.
  2. When CCleaner starts you can say yes to intelligent cookie scanning.
  3. Click Run Cleaner.  CCleaner will delete all temp files for the currently logged in user.

Malwarebytes:

  1. Install Malwarebytes using the default installation options and let it completely update.
  2. Run a complete scan of your PC.  If you don’t have  a lot of time then a quick scan is usually more than enough.
  3. Remove any malicious items found.
  4. Reboot.

Hitman Pro:

  1. Double-click Hitman Pro to open it.
  2. Click Next.
  3. Accept the license agreement and click Next
  4. Select the second option “No, I only want to perform…”
  5. Click Next.  Hitman will scan your PC.
  6. If any threats are found (probably not at this point) Hitman Pro will allow you to activate a 30 day trial license and will remove the malware.  Click Next.
  7. Reboot.

Closing Notes 

At this point your PC should be totally malware free.  If you would like to prevent this from happening again then read my malware prevention guide.

If you need help with removing malware in St. Louis, Mo please check out my computer repair and services business.  I also offer remote computer services.

Continue Reading · 29

Malware Photos from the Field – Issue #2

Well I’ve decided to post photos from at least one of my appointments each week along with a little story about the appointment. Here is this weeks.

Sally called me and said something got through her Avira and was preventing her from opening anything. At this point I knew she was infected with a rogue antivirus that prevents other .exe’s from loading. While this is fairly easy for me to get rid of it’s almost impossible for the average PC user.

When I arrived to Sally’s house I was greeted with a rogue antivirus screen.

Upon further inspection I can see the Rogue Antivirus has been installed to the All Users directory under application data. This is a very common installation path for exe terminating rogues (for now at least).

Let’s open that folder and take a look at the rogue inside…WOW! What a shock. A randomly named exe. Typical.

Next I proceded to load combofix…but wait…it’s not loading. Doh! We’re dealing with a rootkit. Lets rename combofix and try again. Still no dice. Ok…hmmm…lets reboot in safe mode. Nope. Fine…time to break out the anti-malware boot disc.

When my disc loads I immediately start SuperAntiSpyware and scan the System32 directory. SAS quickly lays waste to a few rootkits and some other malware. Once the rootkits are toast I reboot into safemode and peform my typical quick scans with SAS and MBAM.

Now that the malware has been removed from Sally’s PC we need to advise her to start using a sandbox when browsing the web because antivirus just isn’t enough right now (or ever again). I installed Sandboxie and configured the default sandbox to be emptied as soon as the browser closes. After a little training (like 5 minutes) Sally is a Sandboxie pro. I place two shortcuts on Sally’s desktop: Safe Internet and Non-Safe Internet.

Continue Reading · 22

Fatal error: Uncaught exception 'wfWAFStorageFileException' with message 'Unable to verify temporary file contents for atomic writing.' in /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:52 Stack trace: #0 /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(659): wfWAFStorageFile::atomicFilePutContents('/home/merizos/p...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('synced') #2 {main} thrown in /home/merizos/public_html/remove-malware/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 52