Jump to content

Grandparent's PC infected, hopefully not FUBAR.


Recommended Posts

I've tried automated runs through Malware Bytes and AVG but this computer still seems slogged down and tries to open Powershell when Windows is started up. It will even load if I disable it through the startup tab in Task Manager.

When booting up, Powershell loads, and after what seems like a long time of things failing or struggling to load, it'll quick black screen, and then reload with things slowly starting to seem normal after a bit.

Here is the FRST information. The site won't seem to let me upload the XML from Malware Bytes though so I tried to save it as a txt document, hopefully that works. If anyone could please help me, I would greatly appreciate it!

Addition_15-08-2020 14.09.34.txt FRST_15-08-2020 14.09.34.txt protection-log-2020-08-15.txt

Link to post
Share on other sites

Hi,      :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.
 
Please only just attach   all report files, etc  that I ask for as we go along.

.

I am starting out with the need to ask about a few things.

This is a system running Windows 10, which comes with a very excellent Microsoft Defender Antivirus.

Did you add AVG antivirus yourself by choice recently ?    {  I happen to not be a fan of recent AVG releases.   The built-on Windows Defender is very fine and free.}

Did you add Total AV at some point ?

and I find very much of concern, that this pc is running a super ancient version  2.2.1  of Malwarebytes.

That version is obsolete.   I will be guiding you to a proper new install for Version 4

.

The "powershell" run is due to the fact that Browser Assistant is installed.   This is something from Realistic media;   we will do scans later to remove it.

 

The following custom script is intended to remove the invokation of powershell for Browser assistant & do other cleanups.

The system will be rebooted after the script has run.

.

This custom script is for  umbralfiend  only / for this  machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRST64  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  folder C:\Recovery Tool FRST

The tool named FRST64 .exe   tool    is already on the C:\Recovery Tool FRST
Start the Windows Explorer and then, to C:\Recovery Tool FRST


RIGHT click on  FRST64     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

 

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.     We will do more later, such as a clean new install of Malwarebytes for Windows.

 

Fixlist.txt

Edited by Maurice Naggar
added note about Browser Asistamt
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.