Jeanmichou Posted November 8, 2018 ID:1279859 Share Posted November 8, 2018 Hello, Could you help me with my problem ? I installed a program that turned out to be a malware, installed several bad programs on my computer. I could delete them all with Malwarebytes but it changed something in the IT access and now my windows defender "virus & thread protection" and "protection updates" won't be enabled now because : Your IT administrator has limited access to some area of this app, and the item you tried to access is not available. Contact IT helpdesk for more information. It is my personal computer and it is not normal that there is these restrictions, I'm pretty sure it is because of this bad program. I've tried changing the registry for windows defender but won't work still. Would do have a solution please ?? Thanks a lot Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 8, 2018 Root Admin ID:1279925 Share Posted November 8, 2018 Hello @Jeanmichou and Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Jeanmichou Posted November 8, 2018 Author ID:1279975 Share Posted November 8, 2018 Hi, Thanks for your reply. Please find attached the documents requested. Thank you ! Addition.txt AdwCleaner[C00].txt FRST.txt threat scan malware bytes.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 8, 2018 Root Admin ID:1279998 Share Posted November 8, 2018 Hello, the computer is infected with a rootkit infection. This will require a special means to remove it. For the next part, you'll need to download the FRST (executable onto a clean computer and move them onto your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shut down or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB and you'll have to restart all over again. Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply. Item(s) required: USB Flash Drive (size depends on if you have to create a USB Recovery or Installation media) Another computer (clean of infection) CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small) Preparing the USB Flash Drive Download the right version of FRST for your system from a clean computer: FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) onto your USB Flash Drive Boot into the Recovery Environment To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below: Restart the computer Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears Use the arrow keys to select Repair your computer, and press the Enter Select your keyboard layout (US, French, etc.) and click on Next Click on Command Prompt to open the command promptNote: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums. To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForumsNote: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial. To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForumsNote: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Once in the Windows RE, plug the USB Flash Drive into the computer Once in the command prompt In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Scan button and wait for the scan to complete A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply Link to post Share on other sites More sharing options...
Jeanmichou Posted November 13, 2018 Author ID:1280878 Share Posted November 13, 2018 Hello, Thanks for your answer but I am unable to access the advanced startup menu. The other solution you gave me is too complex for me I fear... I was just thinking of resetting the computer, but it seems that the virus blocked this functionality as well... Would you have a solution ? Thanks, Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 13, 2018 Root Admin ID:1280885 Share Posted November 13, 2018 I can give you some ideas, methods to reset the menu but if the posted solution is too complex you may need to either ask a friend for help or take it into the shop for repair. Please try opening an elevated Admin command prompt in Normal Mode and type in the following. Let me know if it gives you an error or not. You should also be able to copy/paste the command. bcdedit.exe /set {bootmgr} displaybootmenu yes bcdedit.exe /set {default} recoveryenabled yes If that works then you should be able to start up into the Recovery Mode. If it does not work then please try the following. In Normal Mode do this please: Right click on the FRST64 icon and select Run as administrator to start the tool; Highlight and copy the following text and paste it inside the 'Search' box area of FRST; Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Once done, click on the Fix button. A file called Fixlog.txt should appear in the same location as FRST64; Please attach it in your next reply and wait for further instructions. Link to post Share on other sites More sharing options...
Jeanmichou Posted November 15, 2018 Author ID:1281165 Share Posted November 15, 2018 Hi, Thanks for your reply. In the command prompt it says access denied so I tried the second method, it seems to have worked ? Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 15, 2018 Root Admin ID:1281171 Share Posted November 15, 2018 Great, now please try to follow the instructions from my post #4 above. Let me know how it goes, please. Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 7, 2018 Root Admin ID:1285496 Share Posted December 7, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 26, 2019 Root Admin ID:1300830 Share Posted February 26, 2019 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
Jeanmichou Posted March 5, 2019 Author ID:1302246 Share Posted March 5, 2019 Hello, Thanks for re-opening my ticket. I'm sorry for the delay, here is the file from FRST scan. Best regards, FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6, 2019 Root Admin ID:1302295 Share Posted March 6, 2019 I'm sorry but this was booted in Safe Mode. It needs to be booted into Recovery Environment. Please read the above again and try again. Let me know if you have questions Boot Mode: Safe Mode (minimal) Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2019 Root Admin ID:1303969 Share Posted March 16, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts