Jump to content
Jeanmichou

Problem after malware installation

Recommended Posts

Hello,

Could you help me with my problem ? I installed a program that turned out to be a malware, installed several bad programs on my computer. I could delete them all with Malwarebytes but it changed something in the IT access and now my windows defender "virus & thread protection" and "protection updates" won't be enabled now because : Your IT administrator has limited access to some area of this app, and the item you tried to access is not available. Contact IT helpdesk for more information.

It is my personal computer and it is not normal that there is these restrictions, I'm pretty sure it is because of this bad program. I've tried changing the registry for windows defender but won't work still. Would do have a solution please ??

Thanks a lot

Share this post


Link to post
Share on other sites

Hello @Jeanmichou and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Hello, the computer is infected with a rootkit infection. This will require a special means to remove it.

 

For the next part, you'll need to download the FRST (executable onto a clean computer and move them onto your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shut down or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB and you'll have to restart all over again.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depends on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) onto your USB Flash Drive

Boot into the Recovery Environment

  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press the Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive into the computer

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

 

 

Share this post


Link to post
Share on other sites

Hello,

Thanks for your answer but I am unable to access the advanced startup menu. The other solution you gave me is too complex for me I fear... I was just thinking of resetting the computer, but it seems that the virus blocked this functionality as well... Would you have a solution ?

Thanks,

Share this post


Link to post
Share on other sites

I can give you some ideas, methods to reset the menu but if the posted solution is too complex you may need to either ask a friend for help or take it into the shop for repair.

Please try opening an elevated Admin command prompt in Normal Mode and type in the following. Let me know if it gives you an error or not. You should also be able to copy/paste the command.

 

bcdedit.exe /set {bootmgr} displaybootmenu yes

bcdedit.exe /set {default} recoveryenabled yes

 

If that works then you should be able to start up into the Recovery Mode.

 

If it does not work then please try the following.

 

In Normal Mode do this please:

Right click on the FRST64 icon and select Run as administrator to start the tool;
Highlight and copy the following text and paste it inside the 'Search' box area of FRST;

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

 


Once done, click on the Fix button. A file called Fixlog.txt should appear in the same location as FRST64;
Please attach it in your next reply and wait for further instructions.

 

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.