Jump to content

Please help, Edit to have txt files


Recommended Posts

I am having problems with my brand new computer. I got it for Christmas and haven't had much time to use it. My hours at work stink. On Feb 2nd when I had some time to play, I went to photobucket.com so that I could get links to photos and play in a group that i am in. I Got that pop up saying that it was Microsoft, They put something in my computer. It was a fake Microsoft page that popped up, it wouldn't let me exit kept saying something.  I was tired as I only sleep about 2 hours at a time. I  called the number.  They took over my computer,  popped up a picture saying that my avast was not compatible with windows 10.  And then they were asking weird questions.  I hung up and factory reset the computer thinking that it would just rewrite over and reset back to factory as brand new. 

About a week ago I finally had time to play on my computer again. I tried to use my paint shop pro but it wouldn't open. I  tried uninstalling and reinstalling but it still wouldn't open. That's when i noticed that there was still a problem. 

McAfee came on the computer so when I factory rest again McAfee was on there. I ran it just because.  And it found nothing.  

Malicious software removal tool from Microsoft shows infected files while scanning but when the scan is finished it says nothing malicious found. But when I click show details it has names there, when I click on them it says severe threat can be deleted by windows defender. 

I deleted/Uninstalled the McAfee.  Windows defender popped up as activated,  so I ran it and it has found nothing. 

I had Avast and Malwarebytes when this happened. But when i factory reset it deleted them. I have downloaded avast but it will not install is having errors installing. And Malwarebytes only downloads partially then says errors in downloading. Its like the trojan knows that i am trying to get rid of it and is blocking me. 

It is super frustrating because it is a new computer and the 1st time I really used it more than 5 minutes this happens. I  should have never called the number the first time. But sleep deprivation my brain wasn't clear. When I realized that they were fake it was too late.

I am now on my daughters computer to post on this site and downloading avast, malwarebytes and that FRST64 i see mentioned on this site to a cd to try and see if it will run that way on my computer.

Any help would be greatly appreciated..  Thank you soooo much for your time.

ok so i am making another post so i can add the files, since i don't see a way to edit my first post from 2 hours ago. I seen another post where someone had listed FRST64, JRT, and Adwcleaner. I put all of them onto a cd and then ran from my computer. the first ones i ran offline. the ones with the 2 are ones i ran again after i connected to the internet. Just in case they change. When my internet is on it runs super slow and effects the whole houses internet usage.  I Also ran the Sophos that was posted too.. first time it ran offline and found nothing, 2nd time  i ran it online and it said Error 1606 could not access network location data. 3rd time it is still running right now.. JRT.txt  Addition.txt  AdwCleaner[C0].txt FRST.txt  were all ran first offline.. then these were ran again online to see if there is a difference. JRT 2.txt  Addition 2.txt  AdwCleaner[C2].txt  FRST 2.txt

 

3rd sophos scan complete and says nothing found.

Edited by lemk933
Link to post
Share on other sites

When the computer is turned on it is using massive amounts of internet bandwidth like it is streaming something. As soon as its turned on, thats without even opening anything. like 15 mins ago my husband was watching you tube in the livingroom and it was streaming 3.6 mbps and when you just posted this i turned on the computer in question and it dropped to 0.02 mbps.

It was not letting me install or uninstall anything.

when I tried downloading mbam again it would only download a partial,  and avast downloaded but had errors in opening. SO it would not let me install.

When i put it on a cd it let me run and install it from the cd. 

malicious software removal tool from microsoft finds 36 to 84 infected files while it is running. but once the scan is over it says nothing found. if i click on details tho it gives a list and says that they are all severe yet it has nothing for me to fix it.

Running mbam threat scan right now and the whole time typing this is still checking for updates.. 11:45 mins on time elapsed right now.

Edited by lemk933
Link to post
Share on other sites

  • Root Admin

Okay, please stop the scan and run the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

I ran what you sent me and posted the fixlog 

 

Here is what microsoft windows malicious software removal tool is showing. some pics of the scans and then of the details. it doesn't give a log to show so i took pictures.

Also yes it was really close to what psyqlist posted when all of this first started 2 months ago..

 

IMG_20170404_215116.jpg

IMG_20170404_215203.jpg

IMG_20170404_215029.jpg

IMG_20170404_213346.jpg

IMG_20170404_212043.jpg

Link to post
Share on other sites

ok  list of what can be detected makes since. But I still don't understand why it says flies infected :37   during the scan but once scan is complete it says nothing found.  

 

Ran  Kaspersky KVRT  and it also didn't find anything running from cd offline.  Trying to run again Online and it is frozen at 30% initialization.. 

Edited by lemk933
added more info
Link to post
Share on other sites

  • Root Admin

I'm thinking maybe something is wrong with the drive. Let's do a full disk check on the drive.

Please click on Start and type in CMD.EXE and when it shows on the menu right click and select "Run as administrator" then type the following and press the Y key to allow it to run after a restart.

CHKDSK   C:  /R

After the restart let's do a clean removal and reinstall of Malwarebytes

 

Please read the following topic and then run the Malwarebytes Clean Removal tool mb-clean

https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/

The download link for the tool is:  https://downloads.malwarebytes.com/file/mb_clean


Restart the computer when done and reinstall Malwarebytes 3 with the latest build again.

Here is the link for the latest installer
https://downloads.malwarebytes.com/file/mb3


Thank you

Ron

 

Link to post
Share on other sites

I hope it finished. It was at 10% for atleast 4 hours before I went to the dentist. black windows screen 10%    I came home and it was on the page to ask for the password. I did the mb-clean and reinstalled mbam 3  ran and it says nothing found.

But watching the screen during install and scan i seen things jumping like something was trying to start or stop, but it was so fast i couldn't see what it was. it was new windows flashing at the top and smaller like icons at the tool bar.. but too fast to see what it was.

I seen others mention avira antivirus so i just downloaded that it also finds nothing.

Avira also has a system speedup  I ran it and it finds Junk files, registry errors, privacy data, fragmented files and total issues to fix.  It started with 301 total issues, ran the defrag thru windows and then ran the optimize on the avira and it says fixed, but ran scan again and it has more.. each time i run and optimize it finds Less but still has 117 issues..

Link to post
Share on other sites

  • Root Admin

Please find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

Then go ahead and download the following antivirus tool from Kaspersky and then temporarily disable your antivirus and run this one and post back the log of what it finds if anything.

Kaspersky Virus Removal Tool

Thanks

Ron

 

Link to post
Share on other sites

I followed the option one. clicked on wininit and chkdsk  only one shows up in the logs and it is a wininit there is not a chkdsk file.  I deleted the last Kaspersky and downloaded a new one. No results found

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          4/6/2017 11:04:01 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-1VJBS37
Description:
 

Checking file system on C:
The type of the file system is NTFS.
Volume label is WINDOWS.
 
A disk check has been scheduled.
Windows will now check the disk.                        
 
Stage 1: Examining basic file system structure ...
  222976 file records processed.                                                       
 
File verification completed.
  3957 large file records processed.                                  
 
  0 bad file records processed.                                    
 

Stage 2: Examining file name linkage ...
  293696 index entries processed.                                                      
 
Index verification completed.
  0 unindexed files scanned.                                       
 
  0 unindexed files recovered to lost and found.                   
 

Stage 3: Examining security descriptors ...
Cleaning up 971 unused index entries from index $SII of file 0x9.
Cleaning up 971 unused index entries from index $SDH of file 0x9.
Cleaning up 971 unused security descriptors.
Security descriptor verification completed.
  35361 data files processed.                                          
 
CHKDSK is verifying Usn Journal...
  36172208 USN bytes processed.                                                          
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  222960 files processed.                                                              
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  225463054 free clusters processed.                                                      
 
Free space verification is complete.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 957878271 KB total disk space.
  55570504 KB in 140009 files.
    100092 KB in 35362 indexes.
         0 KB in bad sectors.
    355455 KB in use by the system.
     65536 KB occupied by the log file.
 901852220 KB available on disk.
 
      4096 bytes in each allocation unit.
 239469567 total allocation units on disk.
 225463055 allocation units available on disk.
 
Internal Info:
00 67 03 00 ca ac 02 00 6e 46 05 00 00 00 00 00  .g......nF......
c4 00 00 00 91 11 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-04-06T18:04:01.068500400Z" />
    <EventRecordID>3687</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-1VJBS37</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is WINDOWS.
 
A disk check has been scheduled.
Windows will now check the disk.                        
 
Stage 1: Examining basic file system structure ...
  222976 file records processed.                                                       
 
File verification completed.
  3957 large file records processed.                                  
 
  0 bad file records processed.                                    
 

Stage 2: Examining file name linkage ...
  293696 index entries processed.                                                      
 
Index verification completed.
  0 unindexed files scanned.                                       
 
  0 unindexed files recovered to lost and found.                   
 

Stage 3: Examining security descriptors ...
Cleaning up 971 unused index entries from index $SII of file 0x9.
Cleaning up 971 unused index entries from index $SDH of file 0x9.
Cleaning up 971 unused security descriptors.
Security descriptor verification completed.
  35361 data files processed.                                          
 
CHKDSK is verifying Usn Journal...
  36172208 USN bytes processed.                                                          
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  222960 files processed.                                                              
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  225463054 free clusters processed.                                                      
 
Free space verification is complete.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 957878271 KB total disk space.
  55570504 KB in 140009 files.
    100092 KB in 35362 indexes.
         0 KB in bad sectors.
    355455 KB in use by the system.
     65536 KB occupied by the log file.
 901852220 KB available on disk.
 
      4096 bytes in each allocation unit.
 239469567 total allocation units on disk.
 225463055 allocation units available on disk.
 
Internal Info:
00 67 03 00 ca ac 02 00 6e 46 05 00 00 00 00 00  .g......nF......
c4 00 00 00 91 11 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
Link to post
Share on other sites

I have downloaded from the link and following the steps, However after 8 to 10 Seconds the update stops and says failed canceled update.. I Did Not touch or cancel anything...I have tried to update 3 times... Just Running it now anyways with what it has. and will then try to update and run again.

Edited by lemk933
Link to post
Share on other sites

4 hours ago, lemk933 said:

I have downloaded from the link and following the steps, However after 8 to 10 Seconds the update stops and says failed canceled update.. I Did Not touch or cancel anything...I have tried to update 3 times... Just Running it now anyways with what it has. and will then try to update and run again.

it says updated and finds nothing

Link to post
Share on other sites

i also ran the windows disk clean up and the defrag... defrag was at 12%  and afterwards it went to 5%  it will not optimize any more than that..  You would think a New computer, Fresh reset to factory it wouldn't have this many problems...  :'(

 

Also all of my icons to the shortcuts are gone, like instead of having the blue M for malwarebytes it is just a white square that looks like a page.. ALL icons have turned to that.

Edited by lemk933
Link to post
Share on other sites

  • 2 weeks later...

after i restarted my computer the icons came back... then disappeared again..  My husband done another install of windows on the computer trying to just wipe it all and start over. but it seems like it doesn't actually delete everything. like there is showing a folder that says old.windows    also after his windows install i see desktop.ini  icons everywhere. and it reminded me that I had seen some of those in my documents folder shortly after everything started. 

 

Could it be the desktop.ini virus/trojan?   Is there anything that would find it in a scan if it was?

Link to post
Share on other sites

  • Root Admin

There is no "desktop.ini" virus. That is just a setting on Windows to show or not show initialization file.  ie.  .ini files.

This link, as shared before shows how to enable, disable showing of the SYSTEM files which .ini files are.

https://www.tenforums.com/tutorials/6994-hide-show-desktop-icons-windows-10-a.html

Yes, if one is not familiar with reinstalling Windows it will see the original folder named Windows and rename it to .old  The best method is to remove the partitions (which removes all data too, so make sure all data is backed up first) and then format the drive and reinstall Windows for the cleanest installation.

At this time, just not seeing any infection. Not sure where/how you got that one screen shot - maybe false positive from Microsoft.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.