Jump to content

Something got me


ram1009

Recommended Posts

Whatever it is got past MWB by asking me to download a newer version.  Now it has control of MWB and has turned off all protections and scans won't complete or won't quarantine   Also, it seems to have filled up my 500GB SSD quickly.   I'm writing this on a clean computer.   What now?

Edited by ram1009
Link to post
Share on other sites

I will try to do as you ask however you need to keep in mind that I believe the malware has control of MWB and is not allowing a scan to complete or to view log files or to quarantine.  It entered my system when I received a request to update MWB.  I also have no access to my mail program and the C drive is completely full disallowing many activities.  I'm writing this from another machine and any correspondence must come from here.  At the moment the infected computer is shut down and disconnected from the internet.

Link to post
Share on other sites

Thanks for those logs, I do not see any obvious Malware or Infection...

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive. It can also be run from a CD, just change to that option in the instructions…
It can be created from the PC with issues, but a different clean PC is preferred!


Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8/10 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

user posted image

In the new window accept the agreement:

user posted image

In the new window select your USB Flash Drive, then select "Next"

user posted image

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

user posted image

In the new window accept the formatting alert by selecting "Next"

user posted image

Files will be Downloaded:

user posted image

Files will be processed and created

user posted image

Flash drive will be formatted and prepared

user posted image

Files will be added to the Flash Drive and the tool will be created.

user posted image

The procedure is finished and the Tool created, click on "Finish" to complete.

user posted image

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F2 or F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Microsoft Antimalware\Support\MPLog - mm/dd/yy - hh/mm/ss.Log"

Open with notepad and copy and paste it into a reply.
Link to post
Share on other sites

2 hours ago, kevinf80 said:

Thanks for those logs, I do not see any obvious Malware or Infection...

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive. It can also be run from a CD, just change to that option in the instructions…
It can be created from the PC with issues, but a different clean PC is preferred!


Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8/10 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

user posted image

In the new window accept the agreement:

user posted image

In the new window select your USB Flash Drive, then select "Next"

user posted image

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

user posted image

In the new window accept the formatting alert by selecting "Next"

user posted image

Files will be Downloaded:

user posted image

Files will be processed and created

user posted image

Flash drive will be formatted and prepared

user posted image

Files will be added to the Flash Drive and the tool will be created.

user posted image

The procedure is finished and the Tool created, click on "Finish" to complete.

user posted image

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F2 or F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Microsoft Antimalware\Support\MPLog - mm/dd/yy - hh/mm/ss.Log"

Open with notepad and copy and paste it into a reply.

I have a different idea I'm going to try first.  The sick drive is a relatively new 500GB SSD that I cloned from a 256GB SSD that was filling up.  I still have the old drive  which I should be able to boot from and then reformat the bigger drive.  What do you think?  BTW, you haven't mentioned Chameleon.  Don't you like it?

Link to post
Share on other sites

35 minutes ago, kevinf80 said:

Any progress..?

I am re-cloning as I type.  It seems to be going OK so far.  I'm afraid I inadvertently got a bunch of other troubleshooters involved in this last night by asking a question completely off topic.  I've been answering questions ever since.  I mentioned to at least one of them that I had talked to you.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.