Solve : Screen Flashes Red and White After a not Responding Program?

1.	Solve : Screen Flashes Red and White After a not Responding Program?
Answer» I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a UNIQUE name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here's the log: [emailprotected] as DOWNLOADER log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ce424a03787b5a449a8f843cacaa48cb # engine=13635 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-17 12:06:41 # local_time=2013-04-17 10:06:41 (+1000, AUS Eastern Standard Time) # country="Australia" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1799 16775165 100 96 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 117833851 0 0 # compatibility_mode=6657 16777214 0 14 23114310 23114310 0 0 # scanned=265839 # found=5 # CLEANED=3 # scan_time=8117 sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll" sh=800E4F9CAD354DBEF9E64F23375C61DB3107C290 ft=1 fh=cd4294964f0acafb vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\TDDownload\SpeedyComputer.exe"Please run ESET and see if anything shows up.Hi Dave, I ran ESET but nothing came up. No threats was found. I found that my computer is not bad now, and programs are running okay. Except AVG kept saying that C:/program files/autoguarder/autoguarder.exe is still there. I cannot find it in the location provided.Ok, download and install MSE and run a scan and see if it finds the same thing as AVG. Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download Ni Dave, MSE says that Autoguarder.exe is still there, but in a different location. It looks like it copied itself to another location at c:/system32/autoguarder.exe. Now I know that system32 is a very important file so I tried to remove it with MSE. It did, but somehow the virus file come up again after reboot or shutting down. Also I realised that a file(C:/program files/Autoguarder/Folder.bat) was created by something, and my AVG keep detecting them but failed to remove them completely. I opened the batch file in notepad and found that it tries to delete all "dll" files in system32. So everytime My pc boots up a cmd window shows up. But most of the action were denied. However I think 5 dll files were still deleted by the virus.somehow it's not affecting my system mch, but I am very worried. thanks! Ok Please uninstall this program: C:/program files/Autoguarder Please download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan Note: Do not take action against any Rootkit entries until I have reviewed the log. Often there are false positives On completion of the scan click save log, save it to your desktop and post in your next reply Hi Dave, I tried to uninstall Autoguarder.exe, but it say's access denied. I tried changing the security settings on access, but it didn't work. Anyways heres the log: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-22 11:34:16 ----------------------------- 11:34:16.420 OS Version: Windows x64 6.1.7600 11:34:16.420 Number of processors: 4 586 0x2A07 11:34:16.421 ComputerName: JIANSFAMLIY-PC UserName: jian's famliy 11:34:18.848 Initialize success 11:35:16.930 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:35:16.936 Disk 0 Vendor: Size: 0MB BusType: 0 11:35:17.053 Disk 0 MBR read successfully 11:35:17.058 Disk 0 MBR scan 11:35:17.063 Disk 0 Windows 7 default MBR code 11:35:17.070 Disk 0 MBR hidden 11:35:17.077 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63 11:35:17.096 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152618 MB offset 45062325 11:35:17.104 Disk 0 Partition - 00 0F Extended LBA 435857 MB offset 357625856 11:35:17.149 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 435856 MB offset 357627904 11:35:17.187 Disk 0 scanning C:\Windows\system32\drivers 11:35:29.094 Service scanning 11:35:45.144 Modules scanning 11:35:45.169 Disk 0 trace - called modules: 11:35:45.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 11:35:45.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006992060] 11:35:45.541 3 CLASSPNP.SYS[fffff880010bf43f] -> nt!IofCallDriver -> [0xfffffa8004a62200] 11:35:45.552 5 ACPI.sys[fffff88000f9a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac0050] 11:35:45.561 Scan finished successfully 11:36:21.976 Disk 0 MBR has been saved successfully to "C:\Users\jian's famliy\Documents\MBR.dat" 11:36:21.979 The log file has been saved successfully to "C:\Users\jian's famliy\Documents\aswMBR.txt"By the way I cannot find Autoguarder.exe in the Programfiles folder, but 2 other locations, and each of them has a batch file contained called Folder.bat. That's the batch file which tried to delete important files. It says Access Denied when I try to delete it. You could try UnLocker. You can download and install Unlocker . Hello Dave, I got Unlocker and deleted the batch file. :)Thank you very much for helping me through this problem! My computer is running fine now. Good, let's do some cleanup and we'll be finished. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you. **************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. *********************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click YES on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************* Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Hey Dave, after doing the INSTRUCTIONS you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too. Whitebeard1Quote from: Whitebeard1 on April 23, 2013, 07:03:35 PM Hey Dave, after doing the instructions you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too. Whitebeard1 You're welcome. Just one note. WOT is not an Anti-Virus program. It's just an aid to keep you from clicking on some dangerous sites. If you want to dump AVG, I would suggest MSE. I will lock this thread. If you need it re-opened, please send me a pm.

Answer» I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a UNIQUE name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Here's the log:
[emailprotected] as DOWNLOADER log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ce424a03787b5a449a8f843cacaa48cb
# engine=13635
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-17 12:06:41
# local_time=2013-04-17 10:06:41 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 117833851 0 0
# compatibility_mode=6657 16777214 0 14 23114310 23114310 0 0
# scanned=265839
# found=5
# CLEANED=3
# scan_time=8117
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
sh=800E4F9CAD354DBEF9E64F23375C61DB3107C290 ft=1 fh=cd4294964f0acafb vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\TDDownload\SpeedyComputer.exe"Please run ESET and see if anything shows up.Hi Dave, I ran ESET but nothing came up. No threats was found. I found that my computer is not bad now, and programs are running okay. Except AVG kept saying that C:/program files/autoguarder/autoguarder.exe is still there. I cannot find it in the location provided.Ok, download and install MSE and run a scan and see if it finds the same thing as AVG.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Ni Dave, MSE says that Autoguarder.exe is still there, but in a different location. It looks like it copied itself to another location at c:/system32/autoguarder.exe.
Now I know that system32 is a very important file so I tried to remove it with MSE. It did, but somehow the virus file come up again after reboot or shutting down. Also I realised that a file(C:/program files/Autoguarder/Folder.bat) was created by something, and my AVG keep detecting them but failed to remove them completely. I opened the batch file in notepad and found that it tries to delete all "dll" files in system32. So everytime My pc boots up a cmd window shows up. But most of the action were denied. However I think 5 dll files were still deleted by the virus.somehow it's not affecting my system mch, but I am very worried.
thanks!
Ok Please uninstall this program: C:/program files/Autoguarder

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
Hi Dave, I tried to uninstall Autoguarder.exe, but it say's access denied. I tried changing the security settings on access, but it didn't work.
Anyways heres the log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 11:34:16
-----------------------------
11:34:16.420 OS Version: Windows x64 6.1.7600
11:34:16.420 Number of processors: 4 586 0x2A07
11:34:16.421 ComputerName: JIANSFAMLIY-PC UserName: jian's famliy
11:34:18.848 Initialize success
11:35:16.930 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:35:16.936 Disk 0 Vendor: Size: 0MB BusType: 0
11:35:17.053 Disk 0 MBR read successfully
11:35:17.058 Disk 0 MBR scan
11:35:17.063 Disk 0 Windows 7 default MBR code
11:35:17.070 Disk 0 MBR hidden
11:35:17.077 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
11:35:17.096 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152618 MB offset 45062325
11:35:17.104 Disk 0 Partition - 00 0F Extended LBA 435857 MB offset 357625856
11:35:17.149 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 435856 MB offset 357627904
11:35:17.187 Disk 0 scanning C:\Windows\system32\drivers
11:35:29.094 Service scanning
11:35:45.144 Modules scanning
11:35:45.169 Disk 0 trace - called modules:
11:35:45.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
11:35:45.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006992060]
11:35:45.541 3 CLASSPNP.SYS[fffff880010bf43f] -> nt!IofCallDriver -> [0xfffffa8004a62200]
11:35:45.552 5 ACPI.sys[fffff88000f9a781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ac0050]
11:35:45.561 Scan finished successfully
11:36:21.976 Disk 0 MBR has been saved successfully to "C:\Users\jian's famliy\Documents\MBR.dat"
11:36:21.979 The log file has been saved successfully to "C:\Users\jian's famliy\Documents\aswMBR.txt"By the way I cannot find Autoguarder.exe in the Programfiles folder, but 2 other locations, and each of them has a batch file contained called Folder.bat. That's the batch file which tried to delete important files. It says Access Denied when I try to delete it. You could try UnLocker.

You can download and install Unlocker .
Hello Dave, I got Unlocker and deleted the batch file. :)Thank you very much for helping me through this problem! My computer is running fine now. Good, let's do some cleanup and we'll be finished.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

******************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
***************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click YES on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Hey Dave, after doing the INSTRUCTIONS you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too.

Whitebeard1Quote from: Whitebeard1 on April 23, 2013, 07:03:35 PM

Hey Dave, after doing the instructions you gave me in the last post, my computer got a lot faster:). Thankyou very much for helping me with malware this time, and I learnt a lot. I am thinking of installing WOT instead of AVG too.

Whitebeard1

You're welcome. Just one note. WOT is not an Anti-Virus program. It's just an aid to keep you from clicking on some dangerous sites. If you want to dump AVG, I would suggest MSE.
I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Screen Flashes Red and White After a not Responding Program?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment