Jump to content
RaphzPH

Pls help with Virus from KMSPico after format

Recommended Posts

Hi there,

I downloaded from the fake website KMSpico and got a virus. Even after formating my PC, I've got those strange processes and my pc is really slow sometimes. I have 3 Hard drives on this PC. Maybe the virus went to one of them? Because C:// was completely formated.

Those strange processes not always show up. Sometimes my PC is just normal and look clean.

I have googled ways to remove it permanently from the computer, but I am not too good with it.

Can you help me remove this?

Attached are the FRST, Additions and some screenshots of the processes.

Thanks =D

49949387_220711098865362_1422701985450164224_n.jpg

50449610_452881445247053_4953356877346897920_n.jpg

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hello @RaphzPH and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Thanks @RaphzPH

The FRST log is missing and the Addition.txt log is truncated and not complete for some reason.

Please restart the computer one more time. Then make sure you use an account with Admin rights when you run FRST and make sure you place a checkmark in the additions.txt checkbox and post back both new logs.

Cheers

Ron

 

Share this post


Link to post
Share on other sites

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Most part of the time, it's running ok. Yesterday when my windows was starting, it gave me a blue screen and a % counter before restarting.

Besides that, everything is much better I think.

Thank you Ron

Share this post


Link to post
Share on other sites

We can run a couple of Windows commands to ensure all the Microsoft files on the system are correct and auto repair a few issues if you'd like.

I can write a script for you, or you can run them from an elevated admin command prompt if you'd like.

Let me know, thanks.

Ron

 

Share this post


Link to post
Share on other sites

No, I don't need the log. I need to know what it said when it was done. If it's no longer on the screen please run it again and tell me or show me what it says.

Thank you

 

Share this post


Link to post
Share on other sites

I'm sorry for the trouble.

Here's the printscreen. It's a little different from last time. Last time it found some errors and did some repairs sucessfully.

Now it says couldn't find anything wrong.

cmd.jpg

Share this post


Link to post
Share on other sites

Great, that's good that no issues were found. Let's have you run the following now. Open a new elevated Admin level command prompt as before. Then copy/paste the following and press the Enter key. It will take about 20 minutes or so to complete.

 

DISM /Online /Cleanup-Image /RestoreHealth

 

Then show or tell me what it says too.

Thanks

 

Share this post


Link to post
Share on other sites

Once those scans are done then let's go ahead and scan for other potential malware threats. 

 

Please perform a Windows Defender Offline scan and post back the results

Windows Defender Offline is a powerful offline scanning tool that runs from a trusted environment, without starting your operating system.
This topic describes using Windows Defender Offline in Windows 10, Windows 8.1, and Windows 7.

Using Windows Defender Offline on Windows 10

  1. Select Start , and then select Settings  > Update & Security  > Windows Security  > Virus & threat protection .
  2. On the Virus & threat protection screen, do one of the following:
    • In the current version of Windows 10: Under Current threats, select Scan options.
    • In previous versions of Windows: Under Threat history, select Run a new advanced scan.
  3. Select Windows Defender Offline scan, and then select Scan now.

Using Windows Defender Offline on Windows 7 and Windows 8.1

If you're using Windows Defender Offline on Windows 7 or Windows 8.1, you need to follow four basic steps:
  1. Download Windows Defender Offline and create a CD, DVD, or USB flash drive.
  2. Restart your PC using the Windows Defender Offline media.
  3. Scan your PC for malicious and other potentially unwanted software.
  4. Remove any malware that's found from your PC.
Windows Defender Offline will walk you through the details of these four steps when you're using the tool. If you've been prompted in Microsoft Security Essentials or Windows Defender Security Center to download and run Windows Defender Offline, it's important to do so, to make sure that your data and your PC isn't compromised.
 
 
To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and
then download and run the tool — the tool will help you create the removable media.

Download x86: http://go.microsoft.com/fwlink/?LinkID=234123
Download x64: http://go.microsoft.com/fwlink/?LinkID=234124

If you're not sure which version to download, see Is my PC running the 32-bit or 64-bit version of Windows?

Where can I find scan results?

To see the Windows Defender Offline scan results:

  1. Select Start , and then select Settings  > Update & Security  > Windows Security  > Virus & threat protection .
  2. On the Virus & threat protection screen, do one of the following:
    • In the current version of Windows 10: Under Current threats, select Scan options, and then select Threat history.
    • In previous versions of Windows: Select Threat history,

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.