Jump to content

Recommended Posts

Hello,

I scanned my PC with malwarebytes.

It flagged the following files, and I accepted removing them. I cannot restore them because they are marked to be deleted at boot. But, my computer will not boot any more -- it goes to the blue screen saying it ran into a problem. I am running Windows 10.

 

I would greatly appreciate an advice on how to proceed. Thank you very much!

Registry Keys: 12
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AlphaAV, Quarantined, [9f8cdacd1a8e59dd4c71d3d31ae9ba46], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\control, Quarantined, [d7546f38b9ef2a0cb2f707a08e75946c], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe , Quarantined, [9893d9ceabfd1521a9b6981033d0e719], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig, Quarantined, [be6d3176faaecf670e15f0b9cb386f91], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\personalguard, Quarantined, [f536297ecbdd48ee92350f9a41c210f0], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rwg, Quarantined, [60cb00a7891f171f525e3ef8719302fe], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AlphaAV, Quarantined, [f13ae2c5d4d4b18564595a4cb94ab848], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\control, Quarantined, [87a43b6cd3d51422c1e8bdea3bc8857b], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe , Quarantined, [c8631a8da9ff1e18acb35d4b3bc827d9], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msconfig, Quarantined, [48e3a70002a648ee81a22a7f0df6be42], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\personalguard, Quarantined, [e744c7e073356dc9388ffaafb84b04fc], 
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rwg, Quarantined, [6bc05d4aaefa270f763a092dae5621df], 
 

Link to post
Share on other sites

Thanks a lot for advice.

I was able to boot in safe mode. But, when attempting to do normal boot I would get a blue screen every time. (encountered an error. need to reboot)

I decided to try running Windows Defender Offline.WDO

After finishing, WDO attempts to restart, and I get the blue screen again.

Now, I cannot get to the safe mode anymore. When I press shift + power, laptop displays 'entering automatic repairs', but then automatically goes to WDO.

I cannot interrupt this loop.

I would be very appreciative of additional advice.

Thank you very much.

 

 

Link to post
Share on other sites

Disconnect the laptop from external power. Hold the power on key down until the laptop shuts off. Remove the battery. Hold the power key down for 45 seconds. Replace the battery. Restart and hope to reach safe mode.

There are two things to try... (see link: https://www.howtogeek.com/131916/how-to-use-the-advanced-startup-options-to-fix-your-windows-8-computer/).

1. Advanced Options/Automatic Repair, or 

2. During safe mode mode there is an option to bypass early start anti-malware apps. Try that.

Uninstall MBAM from safe mode. There are several "sys" drivers in Windows/System32 folder that you may need to remove manually if the uninstall process doesn't get them.

•C:\Windows\System32\drivers\mbam.sys
•C:\Windows\System32\drivers\mwac.sys
•C:\Windows\System32\drivers\mbamswissarmy.sys
•C:\Windows\System32\drivers\mbamchameleon.sys
•C:\Windows\System32\drivers\farflt.sys
•C:\Windows\System32\drivers\mbae64.sys (64-bit only)
•C:\Windows\System32\drivers\mbae.sys (32-bit only)

Or... you might boot from the disc you have and see if Automatic Repair will solve things for you.

Link to post
Share on other sites

@MariaC, being that your computer was potentially infected, and files were removed with Malwarebytes, it would be better to seek help from one of our experts who are trained in malware removal and will help you get your computer going again.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

It explains the options for free, expert help -->>AND<<-- the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.