Programs not displaying - malware?

[FeuerFrei]

Got a problem.

I can't run Firefox or Malwarebytes in this pc. There is NO WINDOW on screen to interact with. When launched, they DO show up in Task Manager's Processes tab, but not in the Applications tab. I can kill them from Task Manager. Internet Explorer opens a window but that window won't load webpages, so it's kaput.

I haven't installed anything recently. I used Firefox all day yesterday and it was normal. Can't recall what Firefox version - 32 ? 36 ? I have IE 9 I believe. My OS is Windows Vista.

This just struck out of the blue today, after turning on my PC this morning. I'm forced to use Chrome, for now.

This is highly suspicious - both browsers and Malwarebytes simultaneously blocked. Ugh. Initiating AVG virus scan ...

If anyone's heard of this attack, please share.

UPDATE - SOLVED
------------------------------
Sorry for delayed response. You guys were right though.

Turns out some bad blocks on the hard drive corrupted dxgi.dll (a directX library) to the point where certain programs were unable to display properly. CHKDSK found and repaired the error. Now Firefox and AVG function properly.
So no infection - despite misleading symptoms like invalid file hashes on key files, inability to view help files, and Malwarebytes (initially), AVG, and Firefox not displaying a functional window.

The SystemFileChecker and RogueKiller utilities were both choking on that dxgi.dll.


Thanks for the help, you all. <3 to the forum.
------------------------------

 

[FeuerFrei]

Hmm. Maybe this should be in Security forum. If so .... mooooove.

 

[Ketchup]

Yeah, see what AVG finds. Interesting that Chrome is working. Was it installed very recently?

If you go into Internet options and clear IE cache from there, will it run?

Can you get the Firefox profile editor to come up?
https://support.mozilla.org/en-US/k...refox-profiles#w_starting-the-profile-manager
If so, create a new profile and see if that will work.

 

[FeuerFrei]

Thanks for responding.
AVG found nothing other than an infected email attachment in the Deleted Mail folder. Some email with a .doc attached - nothing I would ever open or view for that matter. I always assume spam with attachments is infected. So I'm disregarding the AVG detection.

I never use IE, or Chrome for browsing. They're only installed so I can verify my website displays properly. Just now I followed your suggestion and cleared IE cache. I started IE and now it loaded a website, so that's an improvement.

Ok ... just tried opening Malwarebytes. It worked! Updated definitions - initiating scan. I'll report back.

Hey Firefox opened too. I can browse the web now. Didn't try the new profile suggestion.

Things are looking up.
No reboots.

 

[FeuerFrei]

After last post I ran into probs.

While scanning with Malwarebyte my scheduled AVG scan kicked in. Not wanting to run two scans simultaneously, I told AVG to stop. Besides I scanned with AVG earlier. I couldn't tell if AVG registered my command, so I repeated it. Then I went to pause the Malwarebytes scan but Malwarebytes is "Not Responding" - grayed out. I tried to open AVG user interface window - but it won't open.

I tried loading more webpages in Firefox, but it quit loading, even though it looked like it contacted the webserver. So I gave up, and closed Firefox. It closed gracefully on command.

Now my start menu is grayed out. Hope this post goes through. I'm restarting the pc.

 

[FeuerFrei]

Still haven't resolved anything - or identified the infection.

Symptoms:

• Cannot interact with AVG 2015 beyond getting the user interface window to pop up. Once I click on the window, it hangs and grays-out with busy cursor. No popup menu on taskbar icon either. Scheduled scans still run and it appears to spontaneously update. At one point before upgrading from 2011 AVG recently, AVG spontaneously alerted that Resident Shield detected a Trojan in deleted email folder - some attachment. I never open spam attachments so not worried. Bothers me that it detected that though. I checked out the deleted mail folder in Windows Explorer, but it froze up when I went to select emails. So I opened Windows Mail and told it to empty that folder, Shazaam, goodbye email.
• Firefox won't open. It'll load into memory though. Can't remember what version - 29? 34? - something like that.
• Internet Explorer 11 opens a window, but won't load websites. Useless. Chrome works fine, BTW.
• Windows Update - At one point this past week I got it to download and install updates ... but, before that, I couldn't open it. :hmm: Haven't tried recently.
• Windows Event Logs - I browsed a bunch of logs - something I never do - so I'm not sure what's normal. Security Log says Integrity Service (?) report that several key files have invalid hashes - a possible sign of unauthorized modification. Files listed (mostly in Windows\System32\drivers\): tcpip.sys (uhoh), mwac.sys (Malwarebytes Web Access Control); mbamchameleon.sys (Malwarebytes Chameleon); avgidsdriverx.sys, avgmfx86.sys, avgidshx.sys (all AVG drivers). Prior to my AVG upgrade from 2011 to 2015 the older AVG drivers were also reported as having invalid hashes. Not sure if this is normal, but sure seems suspicious!

Fruitless scans run:

• Malwarebytes - Older version initially blocked from displaying, but used Chameleon to get the latest version installed ... it'll open, update, and scan like it should. Found nothing.
• AVG - Seems to update and scans on scheduled days. No detections. I can't interact with the UI or do boot-time scans. Online search indicates preWindows scanning is not an option. So, I started up Windows in safe mode w/ command line and ran AVG - no detections. I'd already deleted that deleted email I mentioned earlier.
• Rkill - Downloaded from Bleeping Computer. Designed to kill active malware processes so you can run your usual security software. Runs but doesn't find much other than Windows Defender is disabled. AVG likes it that way, so it might not be suspicious.
• Rogue Killer - Adlice Software? It runs the prescan ok. Once I click "Scan" it checks processes, registry, but in the middle of the "File System" portion it always crashes at the same point because Windows cannot access dxgi.dll for whatever reason. A file in Windows\system32\. Don't know how to exclude files from scan.
• SFC, System File Checker - A command line utility included with Windows Vista. Should find corrupted system files and replace them with shiny wholesome copies. Seems to commence scanning but after a while ends, saying simply "Windows Protection Service could not complete the requested action." Probably found a corrupt file but couldn't replace it ... ?? Not sure. Ineffective for sure.
• Microsoft Safety Scanner - Downloaded it, but it won't run. Error complaining that MSET.exe is not a valid win32 app. Whatever.
• ESET Online Scanner - Downloaded, ran. Everything looks OK.

I'm working with a Dell Dimension here, bought in 2007, running Windows Vista. Not my personal pc.

I resorted to online scanners because I'm concerned my installed Malwarebytes, and AVG have their scanning component compromised, hence delivering false "all clears." I had been using the older MB and AVG software initially, but once I started with noticeable issues I upgraded.

So basically I need to confirmation that the invalid file hashes found are cause for concern and/or signs of infection, and maybe suggestions on boot-time or online scans I can do. Thanks for any help.

 

[Steltek]

The SFC output is telling you that you have a corrupt system file that it can't fix. You might want to try to identify what file is corrupt so you can try to fix it. The following website gives a fairly easy method to use to find out which files are bad:

http://www.dummies.com/how-to/conten...ot-repair.html

If your CBS log file is huge, you might want to rename the CBS.log file to CBS.bak, then re-run SFC /scannow again from an elevated command prompt to recreate the log without all the extra junk to make it easier to search.

 

[Ketchup]

I also am not happy with SFC failures. Is a Windows re-install a possibility?

What you have described could just as easily be a file system issue. You have done enough testing to make me think that Malware is probably not a problem here.

 

[daveybrat]

I also am not happy with SFC failures. It a Windows re-install a possibility?

What you have described could just as easily be a file system issue. You have done enough testing to make me think that Malware is probably not a problem here.

Ketchup is correct and on to something. It doesn't sound like an infection. The computer is an 8 year old Dell. Unless the hard drive has been upgraded at some time, that is getting pretty old for a standard mechanical hard drive.

Sounds to me like it's developing bad sectors on the drive. That will cause almost all of the symptoms you are describing.

Test the hard drive Asap.

 

[VirtualLarry]

Ketchup is correct and on to something. It doesn't sound like an infection. The computer is an 8 year old Dell. Unless the hard drive has been upgraded at some time, that is getting pretty old for a standard mechanical hard drive.

Sounds to me like it's developing bad sectors on the drive. That will cause almost all of the symptoms you are describing.

Test the hard drive Asap.

I concur.

 

[Zahid Iqbal]

scan your computer with KasperSky Antivirus 2015 with trial version. clean up your pc and then move to AVG free version. KasperSky will end after 30 days. But you can scan it with 30 days trial version.
Hope this will solve your problem

 

[FeuerFrei]

Sorry for delayed response. Got things fixed yesterday. You guys were right.

Turns out some bad blocks on the hard drive corrupted dxgi.dll (a directX library) to the point where certain programs were unable to display properly. CHKDSK found and repaired the error. Now Firefox and AVG function properly.
So no infection - despite misleading symptoms like invalid file hashes on key files, inability to view help files, and Malwarebytes (initially), AVG, and Firefox not displaying a functional window.

The SystemFileChecker and RogueKiller utilities were both choking on that dxgi.dll.


Thanks for the help, you all. <3 to the forum.

 

[VirtualLarry]

If your HDD is developing bad blocks, it may be getting time to replace it. I recommend a Sandisk SSD PLUS or a Crucial BX100, either a 120 or 240GB size. (Larger is bigger and faster.)

 

[Ketchup]

Good to hear FeuerFrei!

 

[TheGardener]

If your HDD is developing bad blocks, it may be getting time to replace it. I recommend a Sandisk SSD PLUS or a Crucial BX100, either a 120 or 240GB size. (Larger is bigger and faster.)

If the laptop is 8 years old, could it be an IDE drive? If so, would it support SSD? This is real question. Not suggesting that I know more than you about this stuff.

 

[The Day Dreamer]

Sorry for delayed response. Got things fixed yesterday. You guys were right.

Turns out some bad blocks on the hard drive corrupted dxgi.dll (a directX library) to the point where certain programs were unable to display properly. CHKDSK found and repaired the error. Now Firefox and AVG function properly.
So no infection - despite misleading symptoms like invalid file hashes on key files, inability to view help files, and Malwarebytes (initially), AVG, and Firefox not displaying a functional window.

The SystemFileChecker and RogueKiller utilities were both choking on that dxgi.dll.


Thanks for the help, you all. <3 to the forum.

Was the hard disk of Seagate ?

 

[FeuerFrei]

The bad block(s) discovered were within that one .dll - no other files were affected - so I doubt the whole disk is going bad.

The hard drive is a SATA Western Digital Caviar SE 250 GB. It's an original part in the desktop pc. I did have authorization to buy a new drive, even a whole pc for that matter. I would have gone with a WD Blue.

So ... back to normal without spending any money on hardware or software.