Jump to content

My computer is bricked


Recommended Posts

So, I kept getting these miner virusus in my temp folder.. I was trying to get rid of them but every time i restarted they would return

 

So, when I tried to update malwarebytes it would not stop updating so I read online to try and re-install it

 

When I reinstalled it, it will not let me launch it no matter what I do or how I try to launch it....

 

I tried to run the rootkit application on your website but that discovered nothing.. please help

Link to post
Share on other sites

Hi, 

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.


.

Please have patience in all this.

This system has a infection that blocks all sorts of security programs, including Malwarebytes.

We need to run a special tool.

.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here
 
and save it to your desktop.    Click the blue-color download link.   Ignore any lines of notes on that page.

 

After saving the file, use Windows Explorer to go to the folder where you saved the file.

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

We will do more later.   But just to be real clear, this machine is NOT bricked.   After all, Windows is still usable  & you can run programs.

Link to post
Share on other sites

This custom script is for bbqlord  only.

Close and save any open work files before starting this procedure.  I am sending a  custom fix script to do some cleanups.  

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRST64.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRST64

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply.

 

Let me know how this goes.   There will be more to do later.   Please have lots of patience.   It is now past midnight at my location.

One thing I would like to know, is whether now you can start & run Malwarebytes for Windows.

Fixlist.txt

Link to post
Share on other sites

Thanks for the report files.  The pest that was around, preventing security programs from running, is gone.

I would suggest 2 new / different scans like this.

 

 

Run a special  scan with Malwarebytes.
Start Malwarebytes from the Start menu.

Click Settings. Then click the Protection tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, if anything is flagged,   be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed   ( if any items are tagged).    Let it remove what it has detected.


When that is completed, kindly send the report.
In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply   ( later when you have time).    Proceed forward with the 2nd scan  ( below).

 

[   2   ]

Do a thorough scan with the Microsoft Windows Defender antivirus.

Click the Windows Start menu button on the Taskbar, select Settings icon. Then choose Update and Security.
 

In Windows Settings  >>> click on Windows Security from the left side list.

Next, In Windows Security section:  Click on the grey button Open Windows Security

(  IF the Windows Defender has a yellow flag icon, & you see a Turn ON button, click that ).

next click on the blue Scan options

Look down the options list.   I would like for you to select "FULL" scan.

 

Monitor that scan.  Have patience since it may take a long  time.

.

This is the way to look at the Windows Defender scan history.

 

Go to the Windows Start menu.  Click on the Settings icon.

Now click on Update & Security.   Then click on Open Windows Security.

·  Click the Virus & threat protection tile     and then the Protection  history label  ( in blue color)

The Protection history will have a list of recent events.

Link to post
Share on other sites

Thanks for the report and the news on Windows Defender.  Yes, I would posit the pc is in much better state.

Let me make 2 suggestions.  One is to do a special additional scan.   Then later on, to do a special run for Windows Update at Microsoft to get a more current Windows 10 Build.

[   1   ]

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.


[   2   ]

This PC needs  to upgrade to the Windows 10 build 1903, or later.  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

image.png.ce3d4dab159a9d63103527be9609d42d.png

 

Getting that Windows build update will put this pc in a better position for a more secure operating system.

 

This build is metered and controlled by Microsoft.  If you do not get offered 1903, do keep trying.   I'd suggest trying every day or every other day, at the top of the hour.

Link to post
Share on other sites

OK.  Thanks.  The ESET scan found & removed 1 EXE file & 2 DLL files that they classified as riskware / hack tools.

 

I think we can wrap up this case.

Make a backup of this system on offline media.  Backup is your best friend.

Make regular periodic backups of the system.

Be sure to also keep up with Microsoft Windows Update.

 

You can delete the files I had you download & save

delete "esetonlinescanner_enu.exe"

Delete also Fixlist.txt , Fixlog.txt, & MBAR.exe

.

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Let me know if you need anything else.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.