Computer Hope
Software => Computer viruses and spyware => Topic started by: mikeanti on April 06, 2018, 08:46:06 AM
-
Dear Helpers,
Never had a virus. Couple days ago I went to a movie streaming site. AVG reacted a couple times (like 8 times same trojan/virus). Computer got slow, cant open .exe files, log in wallpaper changed, cant open taskmanager, cant update Malwarebytes. Scanned with AVG and Malwarebytes cant find anything. Scanned with ESET online scanner nothing, HouseCall Trend Micro nothing. Went into safe mode installed Avast and ADW Cleaner nothing. Discovered this site...
Have Windows 10 64bit, AVG, Malwarebytes.
I cant do step 2 of the Malware removal guide and you said too stop and ask. So i stopped and am asking... what to do?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
What happens when you try to run MBAM? Please run a complete scan with AVG. Please go to Start, Control Panel, Program and Features to see if there are any new programs installed since the problem began.
*************************************************************
Download Security Check by screen317 from the following link and save it to your desktop.
Security Check (http://www.bleepingcomputer.com/download/securitycheck/)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Thanks Dave for taking the time to help me out.
I noticed some strange things in the mean time 1 that the icon of the garbage bin changed to the icon in safe mode (square instead of round). 2 recommended youtube videos extremely diff from what i normally watch 3 the screen sometimes get gray and loads the desktop again (like it gets stuck).
I couldnt run the .exe (not bat??) file of security check in normal mode. Error appears with couldnt find file and the path C:/... to file.
So installed and scanned from save mode.
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
AVG Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Secunia PSI (3.0.0.7011)
AVG Web TuneUp
Duplicate Cleaner Free 3.2.6
Adobe Flash Player 29.0.0.113
Google Chrome (65.0.3325.181)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
The Security log shows you have multiple AV's active on your computer. Windows Defender is the resident AV for with Windows 10. You should uninstall AVG and Avast because there is a good chance that they will cause conflicts.You should take the time to back-up your important data just in case we do a recovery. Please check to see if you have a Restore Point prior to this event and run the Restore. Do you have the installation disk (s) for Windows 10 or is there a Recovery on a separate partition of your harddrive?
-
Thats because i couldnt find anything the 2nd time with AVG so installed Avast instead. AVG for real time protection, Avast is only set up for passive virus scanning. AVG found the virus the first time just after the visited website but I think couldnt remove it. Anyways, will remove AVG and Avast if you say so. I do not have a fairly new backup. If i start backing up now on a usb stick; wouldnt the virus migrate to the usb and therefore to the new OS install?
I get an error if i want to see if i have a restore point. Same .exe file error like the other one. I think the OS is factory set in a seperate partition on my hdd. Is it possible the system kicked me out of administrator settings? Also if the virus is operating within the system could i with a Linux bootable USB scan my hdd without letting the virus get active? Sorry for the dumb questions. What to do next?
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Superdave.
-
Anyways, will remove AVG and Avast if you say so.
It is my opinion that AVG and Avast give a lot of false-positives. You're better off with Windows Defender.
I do not have a fairly new backup. If i start backing up now on a usb stick; wouldnt the virus migrate to the usb and therefore to the new OS install?
What I meant by back-up was your important data such as pictures, videos, music and other important documents; not the whole OS
I get an error if i want to see if i have a restore point. Same .exe file error like the other one. I think the OS is factory set in a seperate partition on my hdd. Is it possible the system kicked me out of administrator settings? Also if the virus is operating within the system could i with a Linux bootable USB scan my hdd without letting the virus get active? Sorry for the dumb questions. What to do next?
What does the error say? Have you tried in Safe Mode? You can check your harddrive by clicking on My Computer or This PC. You should see the additional partition. Please run a scan with Windows Defender to see if it finds anything. This is not acting like a virus but something may have messed the OS.
-
What I meant by back-up was your important data such as pictures, videos, music and other important documents; not the whole OS I meant the same thing. If I back these pics up in a usb, wouldnt a virus migrate with those pics to the usb and to the clean install later on?
What does the error say? Have you tried in Safe Mode? You can check your harddrive by clicking on My Computer or This PC. You should see the additional partition. Please run a scan with Windows Defender to see if it finds anything. This is not acting like a virus but something may have messed the OS.
It says, translated from my native language: Can not find the file C:\WINDOWS\system32\ RecoveryDrive.exe. Check that you have entered the correct name and then try again.
It took extremely long to scan with Windows Defender. But found Trojan:Win32/Dynamer!rfn . Tried to remove it with Defender. Also took some time. Decided to scan again just to be sure. Found the same trojan in the same folder again. Deleted again. I guess its still there and cant be deleted somehow. It was in the guest account. Tried to log in and let Defender scan only that file to make it faster to delete it instead of doing the whole scan of 40 hours again. Guest account desktop couldnt be loaded. Got the error: Shell InfrastructureHost doesnt work. Opened task manager > processes > there were 69 processes with the name svchost.exe. Dont know what that is.
Anyway the found Trojan in that folder was there a long time ago. So it couldnt be the new virus i got a couple days ago. I know this for sure because: 1. my brother downloaded that program like more then 4 years ago and it was in guest account 2. Problems started right after i went to the movie streaming site and AVG reacted to that. What should I do next since Defender cant find anything?
-
It was in the guest account.
Try to delete that guest account and create a new one if needed.
Problems started right after i went to the movie streaming site and AVG reacted to that.
You will need to uninstall AVG. Windows Defender is your resident AV.
ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
Download and execute ESET OnlineScan (http://eset.com/onlinescan) (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
Enable detection of potentially unwanted applications;
Scan archives;
Scan for potentially unsafe applications;
Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
(http://i424.photobucket.com/albums/pp322/digistar/Lilp6C2_1.png) (http://s424.photobucket.com/user/digistar/media/Lilp6C2_1.png.html)
After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
(http://i424.photobucket.com/albums/pp322/digistar/PbI6QoP_1.png) (http://s424.photobucket.com/user/digistar/media/PbI6QoP_1.png.html)
Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
(http://i424.photobucket.com/albums/pp322/digistar/iYk249p_1.png) (http://s424.photobucket.com/user/digistar/media/iYk249p_1.png.html)
After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
(http://i424.photobucket.com/albums/pp322/digistar/SQWS56I.png) (http://s424.photobucket.com/user/digistar/media/SQWS56I.png.html)
Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
(http://i424.photobucket.com/albums/pp322/digistar/OkgGDKc_1.png) (http://s424.photobucket.com/user/digistar/media/OkgGDKc_1.png.html)
Once you're done, click on the Back button;
Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
-
I cant delete the guest account because I dont longer have administrator rights. Also cant change my account to administrator via configurations screen.
Also cant acces the hidden WIN 10 Administrator account via REGEDIT and HKEY_LOCAL_MACHINE. I get the following error:
No program is associated with the specified file for this operation. INSTALL a program or, if this is installed,
create a link in the Default Programs section of the control panel.
C: \ Users \ AppData \ Local \ Microsoft \ Windows \ WinX \ Group3 \ 01 - Command Prompt.Ink
Already uninstalled AVG.
When i start the ESET Online Scanner it says: Warning ESET Online Scanner is not bein run with administrator privileges, and may not be able to remove all threats. We advise you to run it again with administrator privileges.
Should i run it anyway. I used it before and couldnt find anything.
-
Yes, run it again. I just want to be sure that the computer is clean before we start dealing with those other issues.
-
Scanned with ESET scanner. Couldnt find anything. But yesterday Windows Defender reacted again with the same trojan i reported earlier in the guest account. I think it cannot delete it or it keeps coming back. Also, cant delete the guest account.
What to do next?
-
Also, cant delete the guest account.
What sort of error do you receive? Can you try running MBAM and post the log.
Please download AdwareCleaner onto your Desktop. AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
(http://i424.photobucket.com/albums/pp322/digistar/AdwCleaner-icon.jpg)
If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.
(http://i424.photobucket.com/albums/pp322/digistar/untitled.png)
AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.
(http://i424.photobucket.com/albums/pp322/digistar/3.png)
AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
-
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-10-2018
# Duration: 00:00:53
# OS: Windows 10 Home
# Scanned: 40734
# Detected: 2
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
PUP.Optional.Legacy mysearch.avg.com
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-10-2018
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Not Deleted mysearch.avg.com
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
I couldnt start ADWcleaner in normal mode. Scanned in Safe mode. In the first log it said it deleted the Adware in the HKEY. But then scanned again and still the HKEY adware popped up so delete it again. I believe it still there.
-
Does the computer operate in Normal Mode?
-
It operates. But cannot open .exe files , or change something in settings, sometimes extremely slow, programs that used to work fine cannot be opened.
I am getting a litle bit frustrated by this since its like 2 times already that Defender removed the Trojan (which i think didnt cause all this since it was there like 6 years already) and it keeps coming back. Also Adware cleaner cant remove the HKEY registry adware it found. And i cant acces or delete the guest account where the Trojan is.
Should i just format and start again and copy user files from usb. That will take me 1 or 2 days. I have to work with this only laptop i got (banking, buying stuff, logging in health care, college stuff etc.)?
-
At this point I would suggest that you save all your important data and reinstall the OS. Do you have the OS disk (s) or do you have the recovery on a D drive?
-
I dont have a OS cd. SO i guess its preinstalled in separate space of the HDD. Is there maybe some other way to acces the restore points other then the usual way with settings (since i cant acces that). That will save me some time installing all programs.
Also with a clean install can i be 100% nothing remains of viruses? What about using a restore point?
I now have to manually copy and paste all files in a usb. Is there any program that makes an image of all my personal files other then windows or the programs so it makes the process of backing up easier?
-
Is there maybe some other way to acces the restore points other then the usual way with settings (since i cant acces that). That will save me some time installing all programs.
Also with a clean install can i be 100% nothing remains of viruses? What about using a restore point?
I now have to manually copy and paste all files in a usb. Is there any program that makes an image of all my personal files other then windows or the programs so it makes the process of backing up easier?
Don't confuse System Restore with System Recovery. Are you sure you're trying to find System Restore the correct way? Here (http://home.bt.com/tech-gadgets/computing/windows-10/how-to-fix-windows-10-problems-with-system-restore-11364008291943) the instructions for that.
If you can find a Restore Point prior to this event you may be able to solve the problem. The Recovery should be installed in and separate partition of your hard drive. Unfortunately, there is no easy way to copy your important data to a back-up drive of USB because only you know what you want to save. You can copy multiple files by holding the CTRL key and selecting a whole bunch of files.
-
I tried to use system restore as in the first option of the link you shared. It was a restorepoint at 5-5-2018 so that was after the virus.
Now i dont know which option to use.
When i go to Troubleshoot I see 3 options:
1. Reset this PC. Lets you choose to keep or remove your files, and then reinstalls windows.
2. Dell Backup an Recovery. Restore your computer, including the factory state.
3. Advanced options.
Then when i go to Troubleshoot > Advanced options > I get these options:
1. System Restore. Already treid that one and restorepoint is not OK.
2. System image recovery. Recover Windows using a specific image file.
etc.
So should i use option reset this pc and then remove OR keep files. Should i use option 2 Dell backup? Should I user System image recovery? So there are 4 options. I need the one with the least extreme impact.
-
You should try System Restore as there was no evidence that the problem was caused by a virus. If that doesn't work, try System Image Recovery.
-
What about the old Trojan Defender found. I literally do not download anything from the internet, or use the programs. The only thing that I do is check my outlook account once every month and go to YouTube daily. The only SINGLE day i went to that movie site. Problems started accuring. Errors with almost anything windows related. If go tot the 5-5 restorepoint and problems still remain which option do i then choose?
-
System image Recovery.
-
Decided to start with a clean slate since it took me too much time. Resetted the pc.
In your opinion what should i do so this doesnt happen again.
1. Which security software is essential?
2. How to make sure i dont end up copying the virus from usb files to clean pc again? With what for softwre must i scan?
3. After i install all desired software how can i make an image so i dont have to start from scratch if this happens again?
4. What about my bought software that has like 1 year licention. If i keep recovering the pc to an earlier date wouldnt it be some sort of fraud?
-
Decided to start with a clean slate since it took me too much time. Resetted the pc.
In your opinion what should i do so this doesnt happen again.
1. Which security software is essential?
2. How to make sure i dont end up copying the virus from usb files to clean pc again? With what for softwre must i scan?
3. After i install all desired software how can i make an image so i dont have to start from scratch if this happens again?
4. What about my bought software that has like 1 year licention. If i keep recovering the pc to an earlier date wouldnt it be some sort of fraud?
First of all, Windows 10 comes with its own AV called Windows Defender. If I were you I would stick with that for AV
Scan your USB (s) with WD, AdwCleaner and MBAM before transferring the files to your computer.
I've never heard of software that only has a one-year license. What software are you referring to?
-
SPSS, Office 365 Plus etc.
-
SPSS, Office 365 Plus etc.
Do you have the installation disk (s) for SPSS? Office 365 is $100 per year or $150 for a one time purchase.
-
Well Office 365 costs me around 10 euros for 5 pcs with my college download site. SPSS got the download also via that site.
-
Well, Office 365 was costing you so much every year unless you buy the full program and pay a one-shot. I'm not sure how SPSS works. You should check with them.
-
Well, thanks Dave for your time and effort. I guess i can use this pc now.
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.