Ryno2Rhino

Hey man how are you? So I have some good news. I ran the script you gave me, which seemed to help. I had previously been unable to do anything as far as resets or repairs, but after running the script I was able to do a system reset, and I chose the option to wipe everything. After it finished the install, things seem better. But if you're up for it, I'd like to proceed with some of the diagnostics you spoke about earlier just to double check. So let me know what you want first and I'll have it to you inmediately. Thanks again!

Hey Maurice I apologize for the delay, I've been having network access problems as of late, which needless to say is extremely frustrating. I am currently unable to access the internet on the computer we are working on, and it has removed my privlidges to do basically anything helpful or that it has deemed as a potential threat (I presume). Also I'm seeing a lot of folders being labeled now with an ".exe" And I just noticed it has set a BIOS password, preventing me from accessing the BIOS whatsoever. I took some pics from my phone that shows the alert box when it rejects my attempt to do something, I'll add those to this message. Also when I turned it on most recently, it begun with an unpromted Windows Automatic Repair display, then a Windows is Being Repaired display, and ended with Windows Can Not Be Repaired. I took a pic of the final display with the error code it gave, maybe that can lead us somewhere. I'm open to any suggestions you have because I'm out of ideas. Thanks again. P.S. As I've been going through different features, trying to figure out what works and what doesn't, I've found one particular set of files and folders that it has the strictest parameters in accessing. I took a pic of this display and the files in the folder. Something with "SQL" & "CRSS.exe" among others. Just thought I'd pass that along.

It says "This process creation has been blocked." Now what?

Hey Maurice I hope your day is going well. So in an attempt to elaborate and offer up as much info as possible to aid in finding a solution, I think parts of my reply were unclear and thus confusing. I apologize for that. Q: The USB you say you have " Yes I have a USB thumb drive with W10" ...... what exactly is on it? Was that produced by the Microsoft Windows Media Creation tool ?? A: This recovery USB was created with the MWMCT, and that is the only thing that is on it and ever has been on it. Q: NOTE also, if the keyboard is not usable , that is a show-stopper....II presume it is a solid screen with no characters displayed of any sort. A: The keyboard works normally when in normal mode. It only stops functioning once the of is running in any type of safe mode. It seems as if it does this to prevent the user from attempting to search for AV programs, modify registry, etc. Once the pc restarts into normal mode, the keyboard again works flawlessly. To answer your second question, on the Toshiba Laptop that we are working on, it's screen has no problems. The screen I was referring to was on a Lenovo AIO that I was using a few days ago. That pc is unusable. Once powered on, you can hear everything kicking on and starting up but the screen is just as you described as " solid with no characters of any kind." The mouse and keyboard both appear to have no power to them based on seeing no lights displayed on the keyboard. But all of this is in reference to the Lenovo, which I mentioned in hopes that maybe some detail may help point you in the right direction. I'm sorry if that was confusing and in turn led to wasting your time. Q: I would like to know if the latter is possible. But also keep in mind a working keyboard is a must. A: The laptop has no problems turning on and off, loading safe mode, safe mode with networking, and safe mode with command prompt, and it's keyboard works just fine in normal mode but refuses to work in any safe modes. I've found that I can copy/paste, which so far is the only way I've found to input text to a particular box. I began thinking maybe I could save a file with potential inputs already saved while in normal mode when the keyboard is working and then use that file in safe mode to copy and paste from when the keyboard ceases to work. But I'm open to suggestions. So I'm currently in safe mode and am awaiting further instruction. Thanks again brother.

Hey Maurice! Thank you very much brother for generously spending time helping me out with this headache. Now to answer your questions.. Q: Is this the same Windows 10 machine where it has issues & you posted back in March? A: No it is not the exact same one. Unfortunately that one didn't survive an incident where I accidentally threw it against a brick wall. But a lot of the issues are similar and may prove to be infected with the same thing because I'm pretty sure I was transporting it and loading from infected USB. Q: Do you have a Windows rescue disc or rescue USB-flash-thumb drive? A: Yes I have a USB thumb drive with W10. Q: Do you have a complete recent backup ( on offline media) of this system ? A: No I do not Q: Have you tried to get this Windows into SAFE mode ? Just for research ? A: Yes I have been able to get into Safe mode. Although when I am in safe mode, I am no longer able to type anything. Anywhere. It basically doesn't recognize that I'm typing. I can go around and click stuff, but no keyboard input. Q: Do you have any other ( working) Windows pc at your home ?? That can be a big help resource. A: Yes I do have one more working pc. Note: Safe mode with networking would be ideal. A: I am able to access safe mode with networking. Once in this environment, i can sign in to my wifi but no websites will load. It says can't find site or check spelling etc. Also my keyboard doesn't work, so I can only click home, which doesn't load anything. I'm basically locked out. With that in mind, how should I proceed? Download MWB to USB and run it from there? I'll wait to hear further instruction. Fyi - Up until recently this infection hasn't effected or impeded anything I tried to do. When I decided to go on the offensive a few days ago, I began by using my Lenovo All in one desktop. I began downloading various AV programs & started scanning, deleting, removing, and exterminating. I thought I wiped it from Lenovo AIO. Everything was working great and I went to bed. I turned it on the following morning. It loaded and ran for about a minute. Then my mouse stopped working, I saw a cmd prompt window open and close a few times, and then BLACK. Screen went black and haven't gotten it to display an image since, not even the startup BIOS screen. Anyway long story...umm..less long..it seems to be that it ramps up aggression when I'm trying to remove it. The only thing I've ever found was one scan mentioning Andromeda. Aside from that no program has ever detected anything.

Hello there. So my Toshiba Laptop has been under attack for awhile now. At first it was fairly harmless, although present, but didn't interfere with day to day operation. I read dozens of posts regarding ways to eliminate and tried a few. I went to bed patting myself on the back and reflected on just how smart I was to outwit this malware. I woke up and found my computer essentially unusable. I no longer had admin privileges, I couldn't run any AV scans, can access any programs pertaining to the computer i.e. command prompt, notepad, windows security, regedit, etc. I'm also unable to access the internet, the webpage displays "can't access website right now. Check spelling and try again." I am currently writing all of this from my phone. I would appreciate any help and thank anyone in advance for whatever advice they may give. I look forward to hearing from someone.

This laptop was recently updated to Windows 10 from Windows 7, but Ive had it for a few years now. Something new has begun happening, and that is getting a "You don't have permission" notification if I try to save anything to my C drive. And then getting kicked off my network with a "remote device won't allow accept this connection. Ive attached screenshots of both. TDSSKiller.3.1.0.26_10.03.2019_23.19.37_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.21.52_log.txt TDSSKiller.3.1.0.26_10.03.2019_23.25.53_log.txt

MWB.txt FRST2.txt Addition2.txt And here is the Adwcleaner copied into the reply per your request # ------------------------------- # Malwarebytes AdwCleaner 7.2.7.0 # ------------------------------- # Build: 01-30-2019 # Database: 2019-03-04.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-08-2019 # Duration: 00:00:05 # OS: Windows 10 Home # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1250 octets] - [08/03/2019 00:55:01] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Ok I have done the hard reset. What would you like me to do next?

So just to be clear I should follow the instruction for the "30-30-30 hard reset" right? I picked up a Netgear Nighthawk x6 today but decided to wait until I got all this stuff figured out before making a switch, unless you think it's worth it to switch routers at this point.

I just downloaded and ran the scan. It says no threats found. I'm up and available to continue any suggestions you offer for as long as you're up for it. Let me know what you think. And I just wanted to verify that I was attaching the files correctly in the posts for you to look over. Whatever this is won't allow me to log in to malware bytes so I have to send the files to my phone and then reply from there.

Hey Ron good afternoon and thank you so much for generously taking the time to help me out with this, I really appreciate it. I re ran the scan and here are those files.Addition_06-03-2019 13.14.15.txt FRST_06-03-2019 13.14.15.txt

Addition.txt FRST.txt mwb scan.txt

I believe my laptop is crawling with smart malware and Rootkits, particularly the Smart Screen rootkit along with various other yet to be determined infections. It has relabeled my drives and partitions, making it extremely difficult to run an effective scan. I have noticed the malware and root has the ability to change user names, passwords, logins, credentials, security settings and features amongst countless other. Any help would be greatly appreciated! I have FRST files if you would like me to attach them let me know. My laptop security is being manipulated, outsmarted, and is now this malware and rootkits b*$ch. It changes logins, usernames, credentials, security processes, passwords, etc. I've reinstalled the OS 3 times and it keeps showing up. I haven't been able to find a virus scan that can detect anything, or a person who can figure it out. Any advice would be much appreciated! I've attached the FRST & ADDITION files as requested. I look forward to hearing from anyone on this matter. FRST.txt Addition.txt

Hello I am here due to an ongoing concern I have detected on now 3 of my laptops. I've researched for hours on end going on almost 2 months now until deciding to post here. Whatever this malware is, it's definitely deceptive. It accesses and changes passwords, usernames, logins, access privledges, virus scans, security settings, the list goes on. Through process of elimination I'm leaning towards a root on my PCI but I can be completely wrong on that. Any help would be so greatly appreciated! I look forward to any help in the future and thank you in advance!