Running Malwarebytes on computer with no internet

[davidb6107]

Yes,

I have a computer with 9 monitors and while I was sitting at my computer this morning they all clicked off.

At first I though it was because after a certain amount of time my screensavers come on and so I moved my mouse and got nothing.

My computer seemed to be working and I can move my mouse but I can' see anything (all black screens).

I noticed if I do control alt delete for task manager, even though I can't see it, I move my mouse around and it changes to a hand, so it's like its there but I can't see it because of the black screen.

I then hit the windows key and p and hit the arrow key and I could see my mouse arrow on every monitor moving around.  So it's like I just can't see on my monitors while the computer is running.

I rebooted the computer and it loads up and I can see the windows logo and it boots to a black screen.

If I boot twice in a row I can get to the windows help screen (I can also get to BIOS but there doesn't seem to be anything there to help me) and then I can get the different boot options.  I try 5 booting into safe mode with networking.  I get to safe mode but I have no internet.

I can't get my McAfee software to scan it says try again later.  I think I may have some kind of virus, my computer literally went black while I wasn't even using it, but it was on and running.

I paid for the full license of Malwarebytes on my laptop (it has internet).  I saved the file and moved it to my desktop (running in safe mode with no internet) with a usb stick.  I ran it and it installed but it won't run, when I try to run it I get the error "Unable to start, x Unable to connect the Service" and I click OK.

So any help would be greatly appreciated,

Thank you,

David

[TwinHeadedEagle]

Hello,

Can you get FRST reports by following this topic?

You can transfer them by USB.

[davidb6107]

Sorry I forgot to mention I am on windows 10

Yes here are the logs, frst.txt and addition.txt

Thank you,

David

FRST.txt

Addition.txt

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

fixlist.txt

[davidb6107]

Here it is,

Thanks

Fixlog.txt

[TwinHeadedEagle]

Can you try to boot your computer normally now?

[davidb6107]

Same issue as before, black screen with mouse arrow and swirling white dots like it is going to actually do something.  But it just seems to do this continuously until I finally reboot again.

[TwinHeadedEagle]

Can you try to open Task Manager by pressing Ctrl + Shift + Esc?

[davidb6107]

When I boot into safe mode I can see my screen and icons, but I have no internet and yes I can get to Task Manager by pressing Ctrl+Shift+Esc.  I still can't run Malwarebytes, I get that same error unable to start.

[davidb6107]

Okay so at the windows menu prompt to boot into safe mode, there is an option to do a system restore point.

I tried that once using the windows 10 media creation tool and it said there was no restore point available.

Well, I decided to try at the windows menu prompt as a last ditch effort.  Well lo and behold it said there was an option before the windows critical update at 6:30 am this morning.  That was the exact time I was sitting at my desk when my computer just went completely dark.

I didn't know what was going on so I restarted my computer in the middle of the update.  So it was the critical windows update that messed up my computer when I rebooted and interrupted it.  I really dislike the lack of control in Windows 10.

So the windows restore point before this morning worked.

So computer is fixed and it wasn't a virus.

Thanks for your help TwinHeadedEagle, I appreciate you taking the time to help me!  Still donating, not a good feeling, to be helpless like that and I appreciate you being willing to assist.

David

[TwinHeadedEagle]

Yes, it sounds like some corruption happened in order for something like that to happen. And you were infected by a Kovter trojan and after restoring your computer it returned. We will remove it now. And thank you for your donation, much appreciated

 

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked. option is checked.

  

• Press Scan button and wait.

• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Edited February 9, 2017 by TwinHeadedEagle

[davidb6107]

Thanks TwinHeadedEagle,

Here are the files,

David

FRST.txt

Addition.txt

[TwinHeadedEagle]

This should clean your PC from malware.

 

 

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

fixlist.txt

[davidb6107]

Here it is

Fixlog.txt

[davidb6107]

I ran Malwarebytes premium and it isn't showing up in the scan so I think it removed it, thanks a bunch!

Do you know why MB wasn't able to remove it? 

David

[TwinHeadedEagle]

12 minutes ago, davidb6107 said:

I ran Malwarebytes premium and it isn't showing up in the scan so I think it removed it, thanks a bunch!

Do you know why MB wasn't able to remove it? 

David

Have you had this option enabled before the scan?

[davidb6107]

Yes sir, I sure did.

[TwinHeadedEagle]

Then I have no precise idea, I can think of some possible scenarios, but that's not important now.

I can only tell you that this is a very sophisticated and persistent piece of malware and it is using some unconventional methods to stay on your PC.

You can read all about it here:

https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/

http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update

 

Anything else I can help with?

[davidb6107]

No thanks so much THE I really appreciate your help!

David

[shadowwar]

I would need to see the mbam log from the detection of kovterl to see why we werent able to remove it.