Jump to content

Black screen of death in windows 7; Related to powershell malware / Virus


Recommended Posts

Hi,

I downloaded a torrent file and clicked on it by mistake. It executed a powershell lnk script.

I have Avira antivirus installed and it blocked few threats. Then i installed AdwCleaner, Malwarebytes 3 and i performed some additional scans with HitmanPro, Sophos Antivirus and few other softwares from most downloaded section of Bleeping Computer website.

My laptop froze 24 hours after the initial infection and i see only black screen when i try to login in normal mode. I can access my laptop in safe mode without any issues.

I ran farbar recovery scan tool in safe mode and i am attaching logs here.

Please help me.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

I reinstalled Malwarebytes and am attaching Malwarebytes threat scan text report with this message.

 

When i got black screen, i went into safe mode and uninstalled recently installed applications. I assumed that problem might be caused due to those applications.

 

Some additional information:

I ran many antivirus scans in the first few hours (malwarebytes, adwcleaner, eset, sophos, avira, quickheal,hitmanpro) , all of the programs (except adwcleaner) didn't find any infections. Adwcleaner found some 8 infections (related to some Acestream app which i might have installed few months back) and then asked for system reboot.

Few services like windows defender were switched off and i couldn't switch them back on.

 

 

Malwarebytes threat scan text report.txt

Link to post
Share on other sites

Heloo jeayfeyer and welcome to Malwarebytes,

Run the following FRST fix in safe mode, when complete reboot, see if your system will now boot to Normal mode:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Hello again jayfeyer,

Run the following scans for me please:

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open Malwarebytes once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thank you,

Kevin..

 

Link to post
Share on other sites

Hello again kevin,

Thanks very much for replying promptly. I am attaching all the 4 logs with this message.

 

I got this message when Adwcleaner scan completed : "You may optionally want to run a Basic Repair which will reset Winsock and other settings to their default values" I skipped the Basic rapair. Should i have clicked on "Run Basic Rapair"  instead?

 

 

 

Malwarebytes threat scan report.txt

AdwCleaner[S01].txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Winsock reset to defaults is not required... Run the following fix with FRST, it is just a clean up, there was NO malware or infection in the logs:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

We need to get your security programs sorted out, there are possible conflicts.. Malwarebytes is on trial so will revert to free version with no realtime protection when the trial completes.

Quick heal and Avira will definitely conflict, one of those should be uninstalled asap...

Let me know if your system has any remaining issues or concerns...

 

 

fixlist.txt

 

Edited by kevinf80
Link to post
Share on other sites

Thanks very much for the help :)

I am attaching fixlog with this message.

When FRST fix completed, my laptop again displayed blank screen with cursor. I booted back into safe mode and log file was generated when i was in safe mode. I was able to boot into Normal mode afterwards.

I was checking my laptop for past 2-3 hours and it has been running smoothly. My system has become way too slow with  3 security programs installed. I am going to uninstall Quickeheal. Please do not close the topic yet, i wish to check the performance for next few days.

Also, i can get the lnk malware file. Can somebody analyze and check the powershell script ?

 

Thanks once again for helping me so quickly,

Jay

 

Fixlog.txt

Link to post
Share on other sites

Yes I will leave your thread open, when you`re ready to post back also run FRST and post fresh logs...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

Edited by kevinf80
typing error
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.