Jump to content

Win 10 will not boot; viruses and malware found


Recommended Posts

This is my bosses daughters laptop. I do not know the full history....I was given it around the 10th of march.

computer would not boot up normally. Came to a black screen saying "could not find boot device" I changed the bios from legacy boot to UEFI boot and it did boot to windows. the only account is named "anonymous"...password locked. I used command prompt to change the password and was able to get into the acct. looks like there are no pictures,videos or documents on it.  I tried to use a win 10 boot usb to repair it when I could not get it to boot. No success. I was able to get to a point to where I could have repaired the installation on the "Anonymous acct, but I decided to wait.

I have ran the following programs in an attempt to restore it before the viruses hit it:

 

Norton rescue 10

Mbam

rouge killer

tdsskiller-either wouldn't run or found nothing.

eset online scan

norton eraser

Windows all in one repair

All programs found items and supposedly deleted or cleaned.(Some found many Trojans and viruses)

I cannot find any pictures or videos the owner of laptop was hoping to recover

Any help would be appreciated!!

 

FRST.txt

addition.txt

Link to post
Share on other sites

  • Root Admin

Please run the following. When done it should restart the computer. On the desktop will be 2 log files. Please upload those log files as attachments as well.

tempfiles.txt

userfiles.txt

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Yes, not much there. But I don't think there is an active infection or issue anymore at this point. I would double-check with your boss and see what kind of data they expect to be there. Meaning were there hundreds, or thousands of images or documents?

These are about the only 2 locations of any potential value for files.

 

This is a 13 MB zip file but based on the path name I would not expect it to be the old user data.
c:\users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Microsoft\Content\en-us\DocumentsLibrary\MyDocuments.zip

There are some documents in this folder

c:\users\Anonymous\Desktop\New folder

 

If they're expecting, wanting to find many image files then the best thing to do is pull the drive. Slave it to another working computer and use data recovery software on it.

 

Link to post
Share on other sites

I will make him aware of your suggestions...

It started out with a brother taking his sisters laptop. Had it for several days. when they found it it wouldn't boot. 

I changed the boot from legacy to UEFI and it booted to the user with name "Anonymous". had lots of virus/malware on it.

I believe the brother may have tried to clean it up based on a couple of things I saw in the files; superspyware remover and some trojan remover...

Could the old acct being gone and being replaced be the work of an infection? 

Link to post
Share on other sites

  • Root Admin

No, I'm not aware of any infection that targets removal of profiles. They target encrypting data, and an older one would move data to the %temp% folder, why I did not have you run a temp cleaner, just in case.

Best thing to do is stop using the computer. The more you use it the less chance of recovering data.

If getting the data back is important I'd probably look at this software. It is not free but I've personally used it many times for Enterprise data recovery and it's done better than most other software I've tried.
https://www.runtime.org/data-recovery-software.htm

Many of the free ones will recover data but typically not as much and not as well as this software does. Though with all the computer has been through chances of data recovery are already not too good.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.