Jump to content

raphaelchia

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by raphaelchia

  1. raphaelchia
    Hi kevin thank you very much for all your help, but i decided to reformat my computer. It is too much hassle to try and get everything back to before the virus started. I appreciate all the effort put in to trying to help me solve my issue. You guys are awesome. Sincerely Raphael
  2. raphaelchia
    Hello Kevin, i received error 0x800f0906. I have searched online for solutions only to be stopped by more errors and i found out that my windows update is completely grayed out. I went online to search once more, they gave me the solution to manually change registry key to allow windows update. This is when i found out, my whole windows update registry key is missing. Any idea on that? Best regards Raphael
  3. raphaelchia
    Hey there Kevin, yes, the issue is that now windows constantly prompt me to activate my windows online. This had never happened before the virus attack. As of this reply, Windows is still prompting me to acticate my windows online. It interrupts all my current activity to open up this window asking me to activate it. It says i have to be the administrator to activate, but im signed in using an admin account. But i cannot activate windows. "Windows cannot be activated now please try again later" Best Regards, Raphael
  4. raphaelchia
    Hi Kevin, sure thing, this is the log copy pasted. Best Regards Raphael Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/17/18 Scan Time: 9:16 PM Log File: a91365f6-7230-11e8-a035-025041000001.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5518 License: Free -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: RaphaelHome\Raphael -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 268296 Threats Detected: 45 Threats Quarantined: 45 Time Elapsed: 2 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 Trojan.Dropper.Generic, C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\CONFIGURATION\REGISTRATION\SVHOST.EXE, Quarantined, [9352], [355568],1.0.5518 Module: 1 Trojan.Dropper.Generic, C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\CONFIGURATION\REGISTRATION\SVHOST.EXE, Quarantined, [9352], [355568],1.0.5518 Registry Key: 13 Trojan.BitCoinMiner, HKLM\SOFTWARE\SystemaRev, Quarantined, [524], [527865],1.0.5518 Adware.Tuto4PC, HKU\S-1-5-21-565711948-550684545-2360004682-1001\SOFTWARE\MICROSOFT\EWMON, Quarantined, [2791], [411543],1.0.5518 PUP.Optional.MyBestPrice.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\FJAFBDENABBENBLDJLAJGGPICGONIEKJ, Quarantined, [2123], [523713],1.0.5518 PUP.Optional.MyBestPrice.ChrPRST, HKU\S-1-5-21-565711948-550684545-2360004682-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjafbdenabbenbldjlajggpicgoniekj, Quarantined, [2123], [523713],1.0.5518 PUP.Optional.MSoft.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\HKDMIHDCLHHOGHPOJIIFKLMEGJNJKDLH, Quarantined, [2090], [522789],1.0.5518 PUP.Optional.MSoft.ChrPRST, HKU\S-1-5-21-565711948-550684545-2360004682-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hkdmihdclhhoghpojiifklmegjnjkdlh, Quarantined, [2090], [522789],1.0.5518 PUP.Optional.GadgetDeal.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\MCMGPHDKOINPPODFIPMDJKLLFJAIFKMK, Quarantined, [2152], [524111],1.0.5518 PUP.Optional.GadgetDeal.ChrPRST, HKU\S-1-5-21-565711948-550684545-2360004682-1001\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mcmgphdkoinppodfipmdjkllfjaifkmk, Quarantined, [2152], [524111],1.0.5518 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Quarantined, [500], [518478],1.0.5518 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarantined, [500], [518476],1.0.5518 Trojan.CoreBot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\btlr, Quarantined, [4516], [515824],1.0.5518 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4A0D29CD-7A99-4F5F-B81B-115A5BB25EC4}, Quarantined, [524], [530713],1.0.5518 Trojan.Dropper.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mchlidn, Quarantined, [9352], [355568],1.0.5518 Registry Value: 8 Adware.Tuto4PC, HKU\S-1-5-21-565711948-550684545-2360004682-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarantined, [2791], [411543],1.0.5518 Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4A0D29CD-7A99-4F5F-B81B-115A5BB25EC4}|INSTALLLOCATION, Quarantined, [524], [530713],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{23D7D98B-3566-4D7B-A7DB-EDE598CFD8E2}, Quarantined, [524], [446017],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{0B5B162E-2A9C-428C-AC36-BA6D8F5AE880}, Quarantined, [524], [446017],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E4FC8AF6-01DC-43F8-B890-2F71B194A200}, Quarantined, [524], [528292],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8315F82C-169C-48A4-8AAE-E6F4E99AD232}, Quarantined, [524], [446017],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{D529FCDE-E0C9-4A45-B504-C70445E328B9}, Quarantined, [524], [446017],1.0.5518 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{E5E85DFC-3E43-4410-997D-9033A737D908}, Quarantined, [524], [446017],1.0.5518 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\USERS\RAPHAEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE, Quarantined, [4637], [509531],1.0.5518 File: 18 Adware.Wajam, C:\WINDOWS\System32\drivers\MWM5YT.sys, Quarantined, [444], [531752],0.0.0 Adware.Wait3Sec, C:\USERS\RAPHAEL\DOWNLOADS\PLAY WARFRAME.ICO, Quarantined, [4500], [526086],1.0.5518 Adware.Wait3Sec, C:\USERS\RAPHAEL\DOWNLOADS\WIN IPHONE X.ICO, Quarantined, [4500], [526084],1.0.5518 Adware.Wait3Sec, C:\USERS\RAPHAEL\DOWNLOADS\ADULT DATING.ICO, Quarantined, [4500], [526087],1.0.5518 PUP.Optional.SystemTable.Generic, C:\USERS\RAPHAEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE\1.2_0\manifest.json, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon128.png, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon16.png, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon24.png, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon32.png, Quarantined, [4637], [509531],1.0.5518 PUP.Optional.SystemTable.Generic, C:\Users\Raphael\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\background.js, Quarantined, [4637], [509531],1.0.5518 Adware.Wait3Sec, C:\USERS\RAPHAEL\DOWNLOADS\PLAY CROSSOUT.ICO, Quarantined, [4500], [526085],1.0.5518 PUP.Optional.MyBestPrice.ChrPRST, C:\USERS\RAPHAEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2123], [523713],1.0.5518 PUP.Optional.MyBestPrice.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [2123], [-1],0.0.0 PUP.Optional.MyBestPrice.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [2123], [-1],0.0.0 PUP.Optional.MyBestPrice.ChrPRST, C:\USERS\RAPHAEL\NTUSER.POL, Quarantined, [2123], [-1],0.0.0 PUP.Optional.MyBestPrice.ChrPRST, C:\USERS\RAPHAEL(ADMIN)\NTUSER.POL, Quarantined, [2123], [-1],0.0.0 PUP.Optional.MSoft.ChrPRST, C:\USERS\RAPHAEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2090], [522789],1.0.5518 Trojan.Dropper.Generic, C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\CONFIGURATION\REGISTRATION\SVHOST.EXE, Quarantined, [9352], [355568],1.0.5518 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  5. raphaelchia
    Hello Kevin, Thank you so much for taking your time to reply. I did everything you said, except for the malwarebytes anti-malware part because i have no idea where can i download it. I downloaded "malwarebytes" from this website, but it wouldn't open after installing on my PC. Here are the .txt file from FRST, MSRT and AdwCleaner. Another issue i just realized, is that, now windows will constantly(once every few hours) prompt me to activate my windows online. But when i click activate online, it says can't be activated. Best Regards Raphael mrt.log Fixlog.txt AdwCleaner[C08].txt
  6. raphaelchia
    Hello Malwarebytes. I recently got attacked by a virus, installing over 10 applications on my computer at one go. Part of the virus messes with my windows defender settings and ever since, my windows defender is unable to turn on. I check my running processes and always find a g***.tmp.exe process, and it runs everytime i start the windows up. I did not see this file prior to this virus attack. I have removed and cleaned the registry of what i already know, but my windows defender, still isn't able to be turned on. The error is "Windows defender is turned off by group policy". My workaround is i go to regedit and edit the value of "disableantispyware" and windows defender will be able to run normally. BUT this is only a temporary fix and everytime i restart my computer, it goes back to "Windows defender is turned off by group policy". I also noticed in my permissions of my files, there are "All Application Packages" and "Trusted Installer". Are these supposed to be there? Here are my .txt files from FRST. Best Regards, Raphael Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.