MysticCobra
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by MysticCobra
-
-
Thank you for this recommendation, Kevin. Of course, I would prefer to avoid the hassle of reinstalling all of my applications, so I am trying to see if there are any other options.
I have seen suggestions to try using Windows Power Shell to perform various scans and repairs, but so far my attempts to follow those instructions have failed with errors.
I have also attempted to reinstall Windows using the "upgrade" option, which will preserve all installed applications as well as personal data. However, that has also failed with errors.
I may be just about out of ideas, though, so it might not be long before I bite the bullet and resort to your suggestion.
-
(BTW, I will be traveling for the next few days and will only have sporadic access to the internet. I am still very interested in pursuing this, and will be checking in as frequently as I can, so please don't think I've lost interest. Thank you very much for your prompt responses as we have worked through this issue!)
-
I was able to follow your instructions, downloading from majorgeeks, extracting, then rebooting to Safe Mode (choice 4, without networking). However, when I right-clicked on Repair_Windows and chose "Run as Administrator"...
...nothing happened. I tried this repeatedly, and monitored via the Task Manager, and never saw any attempt for the app to launch. I also tried launching just by double-clicking, also with no effect.
I don't think I've ever seen this particular behavior before. I've seen apps launch and immediately halt, but this is like Windows is completely ignoring my launch request. I don't even get a blue spinning circle or any indication that any attempt to launch is occurring.
-
Kevin, I performed the steps as you listed them. The FRST log and Zemana log are attached. Sophos reported no threats found: "Your computer is clean."
Regarding remaining issues/concerns, I do have some Win10 behavior changes after all this that are surprising to me. The behavior of the toolbar has changed: Left-clicking the Windows icon in the lower left has no effect, whereas that used to be how I could get to my installed applications, access the logout / reboot functions, etc. If I right-click that icon, I can get access to a number of systems management functions (Device Manager, Network Connections, Windows PowerShell, etc.), and also the "Shut down or sign out" menu. Do you have any suggestions for how I can restore the "Start menu"-type functionality I used to have via left-click, or shall I go figure that out on my own? Similarly, my quick-launch icons in the toolbar behave differently. Left-clicking still launches these apps, but right-clicking no longer brings up the context menu I'm used to. For instance, I can't right-click the Windows folder icon to bring up a menu from which to open additional Windows Explorer windows--I can only left-click on this icon and open one window, and then subsequent left-clicks will toggle between minimizing it and bringing it to the foreground. Similarly for Chrome, I can left-click the icon to launch the app, but right-clicking will not bring up the context menu that used to allow me to open multiple instances of Chrome, or open an Incognito instance, etc.
Any pointers in how to restore that previous toolbar functionality would be appreciated, but I understand if that's beyond the scope of this forum. Thank you very much for your help with my virus removal!
-
Hmm. I have run two Malwarebytes scans now. The first found the four items mentioned in my last post. The second found 16 PUPs. After each scan completed, I quarantined all threats found, and allowed Malwarebytes to initiate a reboot.
Both times, the computer froze while on the "Restarting" screen. Is this common?
I found your latest post while waiting for the second Malwarebytes scan to complete. After forcing a power cycle to complete the reboot after that scan, I ran FRST as indicated.
The log files from both Malwarebytes scans and the two log files generated by the FRST scan are attached.
-
Thank you again, Kevin. I was able to successfully uninstall and reinstall Malwarebytes, then subsequently perform a scan per your instructions. It identified and quarantined the following threats:
- Rootkit.Fileless.MTGen (Registry Value) (ID 1384)
- Rootkit.Fileless.MTGen (Registry Key) (ID 1384)
- Trojan.Fileless.MTGen (Registry Value) (ID 367)
- Trojan.Kovter (File) (ID 47)
One hiccup: When the scan completed, it prompted me to restart, which I confirmed. During the process, Windows froze on the "Restarting" screen (with the spinny-dot-circle icon frozen). Cursor locked up and everything. Never seen that before. I waited several minutes to see if it would recover, but it didn't, so I eventually held down the power button to get it to shut down, then powered it back on.
I will perform another scan to confirm no additional threats found, but I am cautiously optimistic that this has resolved my infection.
Many thanks for the help!
-
I was able to run FRST with the fixlist file you provided. The resulting log file is attached.
However, I was unable to run Malwarebytes after rebooting. The application did not autostart, and when I tried to launch it manually, I got an error that it was "Unable to connect the Service". I did some Googling and followed the instructions to manually start the service via Services.msc applet. In the Services list, "Malwarebytes Service" is listed with "Startup Type" = Automatic, but the Status field is blank. When I right-click and try to "Start" the service, I get an error that Windows could not start the service on the Local Computer because the service did not respond in a timely fashion (Error 1053).
New fixlog file is attached.
-
Thank you, Kevin. I followed your instructions, and the FRST.txt log file is attached.
-
While browsing BBC.com on my Win10 64-bit laptop and watching some videos in Chrome, I ran across some old ones that required Flash, so I switched to IE to watch them. Along the way, I got a popup telling me I needed a Flash upgrade, and clicked on it (looked just like a normal Adobe window). Then it popped up a weird DOS window with "ping localhost -n" or something like that in the window title, and a text-based installation progress bar. Looking back at the original Adobe window, I noticed a bogus URL--they got me, good. Argh.
So I immediately came here to download MBAM (or now MB3, I guess). I can install it, and I see it in the tray, but when I pick "Open Malwarebytes" from that tray icon, nothing happens.
I tried following the instructions here:
However, when I try to visit the website to download FRST64.exe, my browser immediately closes (happens whether using IE, Chrome, or Edge). I was able to download the tool via another machine and move it over to the infected one, but when I try to run it, the user interface flashes on the screen for a few milliseconds and disappears.
So I can't even seem to get started in removing this malware. It looks pretty nasty.
I have not rebooted the infected machine yet, for whatever that's worth.
What do I do, now?
Can't launch MB or FRST...how to get started?
in Resolved Malware Removal Logs
Posted
After much messing around with other repair options, I returned to the Tweaking.com tool and tried to run it again, and this time it was successful.
I'm not sure which of the 46 things it did that contributed to restoring my toolbar behavior to normal, but it did indeed do that, which is huge! I really did not want to do a Windows Reset and reinstall all my applications. Looks like I have some settings that I'll need to go clean up, but that's a small issue now that the machine appears to be fully restored.
The repair log you requested is attached.
_Windows_Repair_Log.txt