Jump to content

Junkware Removal Tool (JRT) crashes, just stops


Recommended Posts

[i postedt this originally on http://www.bleepingcomputer.com/forums/t/593266/junkware-removal-tool-jrt-crashes]

I have a thinkpad which had malware that I am assuming was cleaned.

The PC has Avast Internet Security, and SuperAntispyware (both paid) running when windows starts.

It also has MalwareBytes Antimalware (paid) running daily scans but not real time.

All of these are now clean.

I have not run another root kit detector, altho MBAM's anti-rootkit was enabled.

I downloaded from BleepingComputer AdwCleaner and it found and cleaned things.

I downloaded from BleepingComputer Junkware Removal Tool (JRT) and it did not find anything but crashed in the middle.

 

It just stopped, no error message, no log, no .txt file. The final message in the cmd window was "Checking registry" which had been there for 2-5 minutes. Watching in process explorer, it was forking reg.exe and GREP.DAT processes repeatedly. And a pair of those was the last thing it forked.

 

I suspect this PC has damage from malware.

For example,

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
was empty

This meant that, eg, the %AppData% environment variable had no value and programs were creating %AppData% folders in their current working directories all over the file system.

I repopulated that registry key, and things improved.

But there might still be other damage.

But the only symptom now is JRT problems.

 

A couple notes:

 

The username contains the '&' (ampersand) character, say, "alice&bob". So if you do eg echo %userprofile% in cmd it results in two commands, delimited by the ampersand, and the error "bob is not recognized as a internal or external command...". Of course if you put qoutes around the "%userprofile%" it's fine.

 

One other interesting phenomena is that the initial screen of jrt says click the [x] to exit, but when i do that, nothing happens. And typing Ctrl-C at the very first "press any key to continue..." prompt does not interrupt the batch script, just causes jrt to continue executing.

 

JRT's first step (that it reports) is creating restore point, if i typed Ctrl-C as the 'any key' to get jrt started, then typing Ctrl-C at this point does provide the "Terminate batch job?" prompt.

 

But if i typed another key, then Ctrl-C is ignored during creating restore point, and only works in later steps.

 

Also jrt is printing several "The system cannot find the path specififed." error messages between "press any key" and "creating restore point."

 

The jrt.exe I was using was 7.6.4 09.28.2015:1

sha1: e353aee99d919ca1b5f00f81de3d57c769438ce2

 

Link to post
Share on other sites

Greetings MM_john :)

Regarding your system's issues (like broken/missing user shell folders value), you could try Tweaking.com - Windows Repairs as it's designed for handling precisely these types of issues (broken system components and settings). For example, you'll notice its 'Pre-Scan' under 'Step 2: Optional' (the second tab in the tool's main UI) includes this entry: 3. Environment Variables. This scan is important for both the repairs and most software on your system including Windows itself. Many things depend on the environment variables to know where to find certain files and tools on the system. which is designed to address exactly the issue you discovered and will check other similar/related values/keys on the system to verify they're intact and that they all point where they're supposed to.

Just be cautious as it is quite a powerful utility that does a lot of stuff and it offers backup functions in 'Step 5: Backup' for precisely this reason so I highly recommend you utilize it.

Link to post
Share on other sites

I was about to do that, and I noticed there's a new version with 'big changes'. Anybody have experience with it? Didnt want to be the guinnea pig. I considered downloading the previous version, but what if there was a bug that was fixed with the new version? So I ran MS Check Update Readiness Status instead. Less powerful. But also less dangerous.

 

My other issue with Tweaking.com AIO Repair is that I wish it had a diagnostic pass, and reported what it was going to change. Instead of turning it on and making all the changes. Then it would be nice to pick and choose the repairs individually. There's some interaction with the changes so I know that's sorta hard.

 

@thisisu thanks for the attenion.

Link to post
Share on other sites

Yep, agreed on all points regarding AIO. I haven't used the latest myself so unfortunately I can't advise you there. All I can suggest is that perhaps you check around on some of the various tech sites/forums for reviews, feedback and issues reported on the latest release to see what the current buzz about it is and find out if there are any major bugs showing up.

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

This bug was fixed in upcoming 8.0.0 version which should be available for download soon.

 

Thanks for your patience.

Hi Thisisu,

 

Firstly thank you so for your great tool and secondly: when will the 8.0.0 version be out? I have the same issue as MM_john only that mine vanishes after "checking Mozzila Firefox"....thanks again!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.