Solved Weird message upon startup (totally confused)

guillotine20

New Member
Messages
5
I'm not sure what I installed for this to happen, but every time I turn my Windows 8, Sony Vaio laptop on, I get a dialog box that pops up in Russian. Using Google Goggles on my Android smartphone, I was able to roughly translate it to "A mistake some files were not created. Close all programs, restart Windows and re-install"
I'm guessing I must have installed some form of malware at some point, but I have absolutely zero clue as to how to get rid of it this message, or the components that have caused it. Can anyone shed some light on this?


Here is the message that shows up, in all of its Russian glory.
Russian Message.png
 

My Computer

System One

  • OS
    Windows 8
I'm sorry but this Russian translator is best I can do. Hopefully someone knowing Russian will jump in soon.
 

My Computer

System One

  • OS
    8.1
    Computer type
    PC/Desktop
    CPU
    i7-3770K
    Motherboard
    ASRock Z77 Extreme4
    Memory
    16 GB
    Graphics Card(s)
    onboard
    Monitor(s) Displays
    17" 24"
    Hard Drives
    1 TB WD
    PSU
    550w
Some of the keyboards have both English & Russian characters.

You might be able to type the message into notepad from the keyboards and paste into google followed by translate.
 

My Computer

System One

  • OS
    8.1
    Computer type
    PC/Desktop
    CPU
    i7-3770K
    Motherboard
    ASRock Z77 Extreme4
    Memory
    16 GB
    Graphics Card(s)
    onboard
    Monitor(s) Displays
    17" 24"
    Hard Drives
    1 TB WD
    PSU
    550w
This may be a virus.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
I've run a full scan through Windows Defender of my computer's hard drive, and both of my external hard drives, and have been met with zero results. Should I look into another spyware program to try and root out the problem?
 

My Computer

System One

  • OS
    Windows 8
This is the second part of the Russian message that comes up when I start my computer. I'm going to try and see what I can derive from it.
Russian Message 2.png
 

My Computer

System One

  • OS
    Windows 8
Task Manager

What does your Task Manager say whilst that window is open?

Try this:
  1. Take a screenshot of the Processes tab
  2. Close the mystery window
  3. Take another screenshot of the Processes tab
See if you can determine which process has stopped and then search for info about it.
It make take several tries (and screenshots) depending on how many processes your PC is running (i.e. the list may be too big to fit on the screen).

Also, post the "before" and "after" screenshots here, so that people can check them out.
 

My Computer

System One

  • OS
    Windows 7 Ultimate SP1 (64 bit), Linux Mint 18.3 MATE (64 bit)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    n/a
    CPU
    AMD Phenom II x6 1055T, 2.8 GHz
    Motherboard
    ASRock 880GMH-LE/USB3
    Memory
    8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2)
    Graphics Card(s)
    ATI Radeon HD6450
    Sound Card
    Realtek?
    Monitor(s) Displays
    Samsung S23B350
    Screen Resolution
    1920x1080
    Hard Drives
    Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA), Western Digital 3 TB (SATA)
    Case
    Tower
    Mouse
    Wired Optical
    Other Info
    Linux Mint 16 MATE (64 bit) replaced with Linux Mint 17 MATE (64 bit) - 2014-05-17
    Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
    Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
    RAM & Graphics Card Upgraded - 2013-01-13
    Monitor Upgraded - 2012-04-20
    System Upgraded - 2011-05-21, 2010-07-14
    HDD Upgraded - 2010-08-11, 2011-08-24,
You can tell by where WinRAR is etracting that to - It is PROBABLY unwanted. That looks like a Self-Extracting Archive. Whatever you do do NOT allow that program to finish the process, you may be in some dire trouble if you do.

You see that it is extracting to your Temp folder, and wanting to add something to SVCHOST.

Is there any way you can copy the characters out and post them straight into the message so I can translate them? If we had the actual characters we could see what it is.

This is starting to smell familiar, and it is bringing up something very unpleasant into my hind brain. that WINRAR window reminds me of something bad that happened. It's probably in your TASKS - Look in there for any progam launching from withing your temp folder. Disable it but do not delete it, try to copy the actual letters.

Also check all of your startup items, use CCLEANER to check that, under "Tools/Startup" - See if there is ANY program launching from your temp folder. If there is, DISABLE it.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
I managed to fix the problem. I downloaded Malwarebytes and ran a full scan on my C drive, which found the "svhost.exe" located in my temp files, and it nuked it. Rebooted the computer to have it fully delete it, and the Russian message has disappeared, along with my CPU's performance drastically increasing. I can't really say much else about it, but I will most definitely be sure to keep a tab on what I'm downloading from here on out.
 

My Computer

System One

  • OS
    Windows 8
You got it! but you should also run the Malwarebytes Rootkit program, which can be downloaded from the "other tools" tab. I believe you may have one. Try the TDSSkiller program from kaspersky as well.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.
Back
Top