Jump to content

I got scamed, downloaded it HELP me >(


Recommended Posts

Hello community 

This is my first time here I go a serious problem,
To start I downloaded something from the internet I thought its good but it turned out not
the program downloaded other malware/trojans...... and I have Win 10 but I only had WINDOWS DEFENDER 
on at that point and guess what it did it disabled Windows Defender and took admin right the virus I mean.
After some time I managed to download malwarebytes and clean like 200 malware that was ok but now 
I still dont have admin permission and I want to remove some programs that I cant without admin permission 
they still startup when starting win 10 and they start downloading viruses.

After that I ran a Malwarebytes scan again but nothing showed up
(I knew that some viruses that took admin right were still on the PC),
and no folders or files were quarantined. I'm a novice with computers, so I need some help fixing up my PC.

Please I would be thankful >)

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!


 

Let me see those logs in your reply...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thanks for those logs, I have already made you aware of forum protocol regarding illegal software in my opening reply to you. I see this software KMSpico you will be well aware of its uses, as it does not appear to be active I ask that you uninstall that program before we go any further. Please confirm..

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware again.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Next,

 

Download and Save McAfee Stinger to your Desktop from here:

http://downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32.exe

Read the Terms and Conditions, the download tab is at the bottom of the page.

Close all browsers before starting. Disable your antivirus program and anti-malware, if any.

To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs read here:

http://www.bleepingcomputer.com/forums/topic114351.html


 

On Windows 7, 8, 10 & Vista systems, Right Click on Stinger stinger.jpg and select Run as Administrator.

On XP, double-click to start it.


 

Click on “I Accept” tab at McAfee end user licence agreement.


 

Stinger%20a.png


 

In the new Window select “Advanced” then “Settings”


 

Stinger%20b.png


 

The settings window will open, make sure the settings are exactly as shown in the following image, then select “Save” <<------Very Important


 

Stinger%20c.png


 

In the new window Click the “Customize my Scan” under the “Scan” button.


 

Stinger%20f.png


 

In the new Window select C:\ drive and any other listed Hard Drive, then select “Scan”


 

Stinger%20g.png


 

When the scan completes select the “View log” to do that, select “Notepad” if offered in list of choices.

If the log opens in your browser, copy and save to a file....

I will need a copy of that log.



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you,

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Hello again 
I am very sorry for the KM spico above mentioned and I apologize for not paying attention on the rules 

You sir Kevin really helped me out and I am really thankful to you I couldnt do it without you and I would 
probably need to reinstall windows and leave my important files etc... 
I see you have a donation button sadly I cannot make any donations but I would do it if I was working 
and had a job, well currently still going to late high school and depend on my parent....

Anyway thank you very much for spending time and helping me solve this!!!!!

 

Link to post
Share on other sites

Hello again 
I am very sorry for the KM spico above mentioned and I apologize for not paying attention on the rules 

You sir Kevin really helped me out and I am really thankful to you I couldnt do it without you and I would 
probably need to reinstall windows and leave my important files etc... 
I see you have a donation button sadly I cannot make any donations but I would do it if I was working 
and had a job, well currently still going to late high school and depend on my parent....

Anyway thank you very much for spending time and helping me solve this!!!!!

 

AdwCleanerC1.txt

Malware.txt

McAfee.txt

MSRT.txt

Link to post
Share on other sites

Thank you for the log, what is the current status of your system, do you have any remaining issues or concerns?

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thanks,
 

Kevin...

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.