Massive Virus.

[Nyve]

mbar-log-2020-09-27 (20-40-30).txtsystem-log.txt

Those are the most recent ones. 4th Scan was 17. I'll leave it at that and shut it down for tonight. I'll see you tomorrow hopefully. Bye Kevin thanks for the help today.

[kevinf80]

Hiya Nyve,

I`m in the UK so we are probably on different timelines... Your system is definitely well and truly infected, as malicious entries are removed the infection does seem to be returning on reboot.

I`d like to run FRST via the recovery environment, see if we can find the root cause and kill it off... It would be beneficial if you have access to another PC for moving logs about thus keeping the infected one in the recovery environment. You will also need a USB flashdrive (memory stick) approx 4GB.

Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 or 10 consult How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select Your Country as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you may get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt   Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Thank you, Kevin

 

[Nyve]

Hiya Kevin. Do you know where I could get a flash drive? Does any computer work? I just need to install Farbar to the Flashdrive I plug into the other computer? I'll make sure to get one as soon as possible.

[kevinf80]

Type "where to buy flash drives into Google", there are plenty options...

[Nyve]

Sorry for the late response.. I'll be working towards getting a flashdrive. I'll reply to you when I do get it. No clue when that'll be. 

Thanks Kevin.

[kevinf80]

Ok, thanks for the update. Flashdrives are not expensive:

https://www.mymemory.co.uk/memory/data-storage/usb-flash-drives.html

[AdvancedSetup]

Hello @Nyve since you appear to be in the USA these might be better for vendor choice

NOTE: An 8GB USB 2.0 or larger stick is recommended (you need at least 4GB but the 4GB and 8GB are often more expensive than the 16GB. In some cases a USB 3.0 disk can be used but some computers have issues booting from USB 3.0 disks.

Example drive (no endorsement implied, example only) - This drive example has not been tested by me.

Price: $4.99
SanDisk 16GB Cruzer Glide CZ60 USB 2.0 Flash Drive - SDCZ60-016G-B35
https://www.amazon.com/SanDisk-Flash-Cruzer-Glide-SDCZ60-016G-B35/dp/B007YX9O9O

 

Price: $6.25 (same drive as from Amazon above. This is from NewEgg)
SanDisk 16GB Cruzer Glide CZ60 USB 2.0 Flash Drive (SDCZ60-016G-B35)
https://www.newegg.com/sandisk-model-sdcz60-016g-b35-16gb/p/N82E16820171652

 

You're more than welcome though to choose something else

Thank  you

 

[Nyve]

Hey, I've got a 16GB flashdrive since it was app i could find. So again, what do I need to install on it? 

[AdvancedSetup]

Hello @Nyve I believe @kevinf80 is from Europe and he should be online later tonight to follow up with you.

Thanks

 

[kevinf80]

Hiya Nyve,

You can use the 16gb flashdrive, just follow the instructions given previously. The important part is to transfer logs via a spare PC, keep the infected one loaded to the recovery environment if possible...

I`m based in the United Kingdom, local time for me now is 19:00hrs, i`ll be online at least another 5 hours

Thank you,

Kevin...

[Nyve]

One more question/concern. Striking F8 repeatedly doesn't seem to do anything, and launching the PC into safe mode using the command window doesn't really feel like it actually did what I prompted it to.

[kevinf80]

We are not trying to get into safe mode, we need to be booted to System Recovery Options, commonly called recovery environment..

[Nyve]

Is this where I'm suppose to be?

[kevinf80]

That is the window that is normally seen when accessing "Advanced Boot Options" the problem with the screen image you post is the option we want "Repair your Computer" is missing. That option is normally first in list above safe mode.

It is unusual for that to be missing, but when it is the prime reason is usually down to a bad infection. In that case the only way to use RE is via an installation CD or a system repair CD..

 

[Nyve]

what's that?

[kevinf80]

What do you mean..

[Nyve]

installation CD and system repair CD?

did the virus remove the "Repair your computer"?

[kevinf80]

Installation CD is what you install Windows operating system with. Repair CD is what you make yourself via your operating system. You will not be able to make a repair CD on your sick PC, you could make it on another PC if the installed version of windows is the same as your..

https://support.microsoft.com/en-gb/help/17423/windows-7-create-system-repair-disc

[Nyve]

and put it on the flashdrive?

[kevinf80]

Yes can be loaded to flashdrive or CD. FRST will only run from flashdrive..

[Nyve]

I wish this was easier..

[Nyve]

Again, the cd can be created from another pc?

[kevinf80]

Yes if the other PC is same version of windows..

[Nyve]

Sure is. I'll make sure to do this.

[kevinf80]

Hiya Nyve,

Thanks for the update, let me know how things progress.

Regards,

Kevin..