Jump to content

Malware & Virus

Grenpara

By Grenpara
in Resolved Malware Removal Logs

 Share

Recommended Posts

Grenpara

Grenpara

Posted
Posted (edited)

Hey Guys and Gals,

 

I have a question and hope you can help.

The other day my system seemed to get a virus or malware.
It deleted system restore and locked every account on the system.
Nothing seemed to detect it not Kaspersky, Malwarebytes or even several online virus scans.

I did the only thing I could do which was use a fresh drive and reinstall windows and all my protection which I have done.
 

Now my questions, I only replaced my drive c: and left all my other system drives as is.
I have not connected them back up to the system as I need info on that choice.

Since the other drive were where I installed programs and storage would it be safe to connect them back to the system?
I need to get to all the info stored on the drives and if possible clean them of any virus that maybe on them.

I can't be 100% sure it was malware or a virus but it is likely as I download some program from softpedia and installed it after multiple scan including online scans.

I am running Windows 8.164bit and have multiple drives all for programs and storage.
They are all normally connected to sata connectors using onboard connections.
I was not sure if it would be safe to connect them internally so I am waiting for your help please.
I will add I also can if needed use and external hotswap bay I have if needed.

1)    So is it safe to reconnect the drives to the new os? As siad the os is on brand new drive so I can be sure no viruses on it.

2)    Or is there a safe way to get the data off the drives that are not currently connected?

 

Please Help.
Thanks in advance
Fred
 

 

Edited by Grenpara
spelling mistakes
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @Grenpara 

We'd need to do some checking first to see what's going on with your computer before we could give advice like that.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
6 hours ago, AdvancedSetup said:

Hello @Grenpara 

We'd need to do some checking first to see what's going on with your computer before we could give advice like that.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

Hello Ron,

Thanks for getting back to me I really appreciate it.

Tne C: is totally new as I had no choice but install fresh drive as I could not access anything.
So I disconnected all drives removed the c: drive and installed a new c: drive and reinstalled windows using windows disk. The old c: drive is in a box and at later point I will get tool to factory default the drive.

So the tools you want me to run do I need to do that since the c: drive is totally new never used until I created a new Windows yesterday?

I can run the tools you want on the new drive but it is impossible that a virus is on it as it was and current is the only drive connected when I installed windows on it yesterday?

Please let me know as I will run tools on the fresh drive if you want me to.

 

Thanks in advance

Fred

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well I wouldn't say it's impossible to get infected as many users do get infected by browsing the web or checking emails before getting protection in place.

Up to you - might be a good idea to run it so that I can review and let you know if for nothing else, peace of mind.

Let me know

Thanks again

Ron

 

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
21 hours ago, AdvancedSetup said:

Well I wouldn't say it's impossible to get infected as many users do get infected by browsing the web or checking emails before getting protection in place.

Up to you - might be a good idea to run it so that I can review and let you know if for nothing else, peace of mind.

Let me know

Thanks again

Ron

Hey Ron,

Thanks for the help, I appreciate it.
I put new drive c: and reinstalled windows and left all other drives disconnected.
I then installed MBAM 3 activate and updated it as well as KAspersky Internet security 2018 all from DEv's sites.
I then mad a Kaspersky rescue USB & DVD as well as Windows Recovery USB.

I have reset network routers as well as ip's for them.
I am going to connect all other drives and run full scans on them using both MBAM and Kaspersky.
 

I will hold off on your above suggestions until all scan I am going to do are done.
I will update you on everything and will post again once scans are done.
It will take awhile as other drives are very large 3TB *4 if i recall.

 

Thanks for your help.

Fred

21 hours ago, AdvancedSetup said:

 

 

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
2 hours ago, AdvancedSetup said:

Sounds good. I will be going on vacation soon so I won't be replying for a while. If there is an urgency please open a new topic so that someone will see it new and assist you.

Otherwise I'll check back on you when I get back

Cheers Fred

Ron

 

Hey Ron,

Sorry I have one more problem I could not deactivate my lifetime license.
Can I use it again safely?

I can email you the one I use if you need it if you have an email I can send to you.

Please let me know.
Thanks in advance

Fred

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
On 11/3/2017 at 5:55 PM, AdvancedSetup said:

Please go ahead and activate. If it gives you a problem let me know.

Thanks again

Ron

 

Hey Ron,

 

I got it activated fine thanks.

Now some updates for you:

I had to install windows 4 times (well 3 for me 1 for the repair shop) and it was put on my new drive as i always have spares.
Had problem getting windows to see drives after my attempts. Still have one issue but i gave up as my esata ports multiplier settings are no longer working so u have to use usb 3 for now for them.

I have begun to reinstall fresh downloads of every piece of software I own which should take me a couple months to install not counting games.

Anyways i digress, i now have the old ssd drive c: in my hand and need so info if you know.
How can i attempt to get the info off drive c: in my hand since it is likely infected?
I cant risk what ever it is spreading to my now working system.
 

Or should i simply low level format the drive and not take a risk?

Thanks for the help and hope you had a good vacation.
Fred

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You can connect the drive as a slaved unit and scan it with an antivirus and then just copy data. Not all files and programs. That should be pretty safe.

Make an image backup to an external drive just in case.

Let me know if you need more help on that Fred.

Thanks

Ron

 

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
11 hours ago, AdvancedSetup said:

You can connect the drive as a slaved unit and scan it with an antivirus and then just copy data. Not all files and programs. That should be pretty safe.

Make an image backup to an external drive just in case.

Let me know if you need more help on that Fred.

Thanks

Ron

 

Hey Ron,

Thanks for getting back to me I appreciate it, and hope you had a good vacation.

I have an external docking station where i could put the drive, but I am very unsure about doing that.
I have been reinstalling my software again and should take me 2-4 months more before I have it all reinstalled and working again.
I never thought about backing up system since I have more SSD's and HDD's it would take a long time to backup the whole system.

Thou I will be doing a total Clone of the new OS Drive c: so I will have a non-infected copy if I ever get hit again.


I really don't want to get the virus back but would like to try to recover some info on old c: drive.
I am not sure how bad the drive is or if anything survived.
I guess I could disconnect all drives and boot from linux USB or DVD and try to recover stuff from inside Linux.
 

Anyways
Thanks again for the help.

Fred

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
1 hour ago, AdvancedSetup said:

Yes, vacation was good, thanks.

You can use a Windows 7 or Windows 10 USB boot disk and copy data from the old drive that way if you want.

If you need help on getting that going let me know.

Ron

 

Hey Ron,

Glad to hear your vacation was good.

I do not have Windows 7 or 10 only 8.1.
Also on another note does Malwarebytes set folders to read only?
I went to install today and all Folders and files on c: drive appear as read only for some reason and I cant seem to make them all access.
I have tried for hours today and simply cant get them to unlock./switch to non-read only.

 

Thanks in advance

Fred

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You can download a Windows 10 USB install and use it to boot with for repair work such as copying files to another drive. Don't need to have a license for that.

We lock our own folders but not other folders. If you open our program and go to Settings, Protection and scroll down a little you'll see an option to enable/disable "self-protection". Turn the self-protection off and reboot the computer and try again.

Ron

 

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
17 minutes ago, AdvancedSetup said:

You can download a Windows 10 USB install and use it to boot with for repair work such as copying files to another drive. Don't need to have a license for that.

We lock our own folders but not other folders. If you open our program and go to Settings, Protection and scroll down a little you'll see an option to enable/disable "self-protection". Turn the self-protection off and reboot the computer and try again.

Ron

 

Hey Ron,

It is not just your folders that are read only it seems all of c: drive is set to read only.
The windows events logs are full of errors from files trying to write to folders.
In fact i just checked and every drive seems to be set to read only.

Not sure what the heck is going on but its getting frustrating as I had just had windows installed again as we spoke about.

Any ideas how to unlock all drives and make it so i can use them?

 

Thanks in advance

Fred

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

For the purposes of creating a USB drive to boot from and be able to use that to copy files and stuff please look at the following article.

https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

Once the disk is made you can use it to go into the Recovery / Repair Mode

Link to post
Share on other sites
Grenpara

Grenpara

Posted
  • Author
Posted
On 11/14/2017 at 11:51 PM, AdvancedSetup said:

For the purposes of creating a USB drive to boot from and be able to use that to copy files and stuff please look at the following article.

https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

Once the disk is made you can use it to go into the Recovery / Repair Mode

Hey Ron,

Thanks for the help and info.
I am currently creating a USB repair drive as per the instructions.
 

I will attempt to access bad drive in a week or two as it seems my health is acting up again.
I will post here and let you know if i am successful in attempt.

Thanks again.
Fred

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept