Jump to content
cornbread342

Virus prevents any installation of virus removal or Windows defender

Recommended Posts

You say you are seeing NativeDesktop media.   See what you can do to locate just where it is on your machine.

 

Let’s  please try to get and run a special  report  tool from Microsoft. 

It does not make changes. It will be just a report.

 

  • Please download Sysinternals Autoruns from here and save it to your desktop.
  • Note: you also need to do the following:
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK


Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

In the Autoruns Filter Options dialogue, verify that the following are unchecked, if they are checked, uncheck them:

  • Include empty locations
  • Hide Microsoft entries
  • Hide Windows entries


Verify that the following is checked, if it is unchecked, check it:

  • Verify code signatures


Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.


Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply

 

Thank you.

 

Share this post


Link to post
Share on other sites

Hi, Max.

Thanks for the report.   There are a handful of auto-started things that we can remove.   This is ore akin to a cleanup of auto-starts.

Delete the previous file I had you save named FIXLIST.txt

I have a new  custom  script for you.

Please Close and Save any open work you may have open.

Please close as many un-needed app-windows that you yourself may have open at this point.   So you can have a clear field of view.

 

This custom script is for  CORNBREAD342   only / for this machine only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  DESKTOP  folder

The tool named FRST64.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Desktop.


RIGHT click on  FRST64    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

AFTER this, and after the system has settled back, Let me know if you need anything else at that point.

Sincerely,

Maurice

Share this post


Link to post
Share on other sites

Allright, Thanks.    As we keep on, always please update me with the current status.

AND note that you need at some opportune time, do a Windows Update check for updates run.  The build of Windows 10 currently on this pc is about 2 years old.

It needs to get the latest release Windows 10 BUILD 1909 or later.

 

The Autoruns report did not show a infection, nor did it show "nativemedia"

This last Fix was a small cleanup of a few leftover junk traces + removal of auto-start of Chrome  with the "last session".

.

Now, it may be a good thing to do one other checkup.

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64

 

Save the file first,
Close any running programs that you started on your own ( if any).

Double-click  RogueKillerx64.exe to run the program.
Follow the prompts. If a browser window opens, close the window.

In the HOME tab, click Start Scan.
Upon completion, a browser window may open. Close this window.
 Important: Please do not have RogueKiller remove any detected items.
Click the HISTORY tab followed by Scan Reports.
Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
Please attach the file in your next reply.
 

P.S.   Note for you and other readers.  This pc does have a working Malwarebytes for Windows & Windows Defender antivirus.

There is currently no obvious / known malware here.

Share this post


Link to post
Share on other sites

Hi.   Thanks for the report.   At this point, do a new run of RoguKiller64

and this time,  have it Remove all tagged items under Tasks, + registry + Files .

After all is done, Let me know, How things are overall, at that point.

Cheers.

Share this post


Link to post
Share on other sites

Maurice, I cannot express how much I am thankful for your help, thank you! 

At the moment, everything seems great, and I cannot see any clear effects of the virus, although the NativeDesktopMediaService is still in my programs list for some reason. I will work towards trying to update Windows, as it still does not work for me.

Share this post


Link to post
Share on other sites

You are very welcome!

(  1  )   Cleanups

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

 

If your security program alerts to Delfix either, accept the alert or turn your security off.

please right-click on Delfix  and choose run as administrator

Make Sure the following items are checked:

  Remove disinfection tools <----- this will remove tools we may have used.



Now click on "Run" and wait patiently until the tool has completed.

Any remaining  files/logs from tools we have used can be deleted.

( 2  )   May give this a try    ( just once )

Download and save on the desktop and (only then) install Revo Uninstaller free

http://www.revouninstaller.com/start_freeware_download.html

 

Double-click Revo Uninstaller to run it.

In the list of programs, double-click on "...the program to be removed..." if it is found (if it is not found, then stop and exit Revo)

 

When prompted to uninstall, click Yes.

Make sure the "Moderate" option is selected, and then click Next.

The program will run, If you are prompted again, click Yes

When the built-in uninstall program is complete, click Next.

 

Once the program has searched for leftovers, click Next.

Check / check only the bolded items in the list, then click Remove

When you are prompted, click Yes, and then click Next.

Put a check on the found records and select delete

When prompted, select yes, and then click Next

When finished, click Finish.

.[   3   ]

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.[   4   ]

For expert help on Microsoft Windows Update,  join for free the Sysnative forum  https://www.sysnative.com/forums/

After joining, do as the top pinned topic advises for help on Windows Update

https://www.sysnative.com/forums/threads/windows-update-forum-posting-instructions.4736/

 

All best to you.

Maurice

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.