Jump to content

Windows Activation Pro virus

Recommended Posts

Somehow I have managed to download some sort of virus. I originally tried to begin deleting the files until my computer prompted that I would be logged out and the computer restarted. I have tried rebooting in safe mode, and the virus is as shown in the photo. I also tried restoring to a previous point, but of course that does not rid of this mess. Please help. 


I am running Windows 8 on HP 


Link to post
Share on other sites

As an update, I have gotten to the control panel to create an empty admin account to run malware bytes. After a full scan it had found 700+ files, seems as mostly PUP files with folders created in the day this problem started. However, when I went to remove these, malware bytes says "0 threats successfully quarantined". Did I miss anything to make it so it does not rid of these files?

Link to post
Share on other sites

Hello and welcome aboard our forum.

On the original issue:   Was that some sort of a popup window inside the frame of one of the web browsers?

If so, which web browser ?

and did you "flush" the browser by deleting cache and temporary browser files ?   Start the browser and press SHIFT + CTRL +Delete keys and follow the prompts.

My first inclination is to see this as a fake tech support scam.

What is the brand-name of the resident antivirus?   Have you yet done a full scan with it ?

Can you kindly provide a copy of the very last SCAN report log from History section of Malwarebytes Anti-Malware.

lastly, I do not think that it was need to create a new user account.

Kindly see about providing feedback about the above.  And be aware we do need diagnostic reports.  Please double check the sticky notes at the very top of this sub-forum.

Link to post
Share on other sites

I have attached my diagnostic reports.

This screen did not take place within a browser. When trying to manually remove the suspected program, there was a dialog that appeared that stated "You will now be logged out, Changes require a restart" (In a dialog similar to a windows update countdown that cannot be closed). After hitting OK, my computer restarted, and upon logging in with my account, this screen appeared with no access to anything except the cmd. I restarted in safe mode, same thing. I ran the control panel to create a shell admin account so I can access malwarebytes as well as run a disk cleanup to delete temporary files and temporary internet files. I have ran two full scans, but both do not show in the history, only the second, I'm not sure why. After the second scan, I am able to log into my regular account, but I am not sure if this virus is gone along with the other suspected viruses, especially since I cannot access the internet through any browsers except Internet Explorer, rather than my usual Chrome.


This is the last scan from malwarebytes:

Malwarebytes Anti-Malware

Scan Date: 5/7/2016
Scan Time: 7:14 AM
Logfile: Scan.txt
Administrator: Yes

Malware Database: v2016.05.07.03
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: testaccount

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 692419
Time Elapsed: 3 hr, 31 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)



It obviously says that there were none detected, but there are still folders and files in my Program Files (x86) that had shown in the Quarantine section.


I guess I need to know now, how do I know everything is gone?



Link to post
Share on other sites

Need much more info on just what you mean by << there are still folders and files in my Program Files (x86) that had shown in the Quarantine section. >>

What all is in quarantine?


  • Download mbam-check.exe from >>> here <<<and save it to your desktop
  • On Vista/Windows 7, 8.1, 10, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.
  • It should then open a log file CheckResults.txt
  • Please attach the entire  the log into your next post.


Edited by Maurice Naggar
Link to post
Share on other sites

These steps are for  member mkoren  only. If you are a casual viewer, do NOT try this on your system!
If you are not  and have a similar problem, do NOT post here;  start your own topic


You allowed FRST64  to be stored in the browser temporary cache   C:\Users\davis_000\AppData\Local\Microsoft\Windows\INetCache\IE\3Q7L13GR

FRST64.exe  ought to be in a real folder.  Like the Donwloads folder or the DESKTOP.    But for sure in a distinct normal folder.

Please also see this Microsoft reference page  on downloading and saving downloads & their location

Please go back and get and Save FRST 64.

I have custom fix script ready for you;   but FRST64.exe   and my FIXLIST.txt  need to be in the same (regular ) folder location.


I am sending a Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.  The name of the script attached is FIXLIST.txt

Please SAVE the FIXLIST and select SAVE AS   and save it directly ( as is) in the same general location as where you have FRST64

*NOTE*: Both FRST64.exe   and the fixlist.txt must be in the same location or the fix will not work.

Double click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.


If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log (*Fixlog.txt*) in the same location from where it was run. Please attach the *Fixlog.txt* in your reply.




Edited by Maurice Naggar
Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.