Jump to content

A Virus has taken over my admin permissions and Malwarebytes is not detect


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello, I have been trying to do many things to fix my computer but I seem to make it worse. If you could help me, that would be great. My problem is: Virus has taken over admin perms and my computer is now slow. I saw one of your posts on FarBar removal technique but it did not work for me as the fixlist said I didn't know what I was doing. Please help.

Link to post
Share on other sites

Hi,  
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.
 

Do all the steps listed on the pinned topic

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

and attach the reports into a reply to this Topic.

Why do you mention "virus" ?   what application has identified that  &   what is the detail about the infection ?

also, just what "admin permissions"  do you refer to?

Be very sure that you did not try to do any "fixlist" from any other case.   Do not do any "self medication".

We have to have the FRST reports from your machine as a first step for review.   Also attach a recent scan report  ( current one ) from Malwarebytes for Windows.

locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

If there is indeed a actual infection, I will guide you on its removal.

Link to post
Share on other sites

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 

Thank you for the reports.   Lets begin with the following.

See  https://blog.malwarebytes.com/detections/pup-optional-advancedsystemcare/

Uninstall Advanced SystemCare

1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run command.

2. Type 

appwiz.cpl 

and tap Enter.
The Programs and Features window will appear.

 

3. Locate  Advanced SystemCare  and click once to select it, then click the Uninstall button.

Close Control Panel when done.

.

NEXT
Please only just attach   all report files, etc  that I ask for as we go along.
 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)    {  that is only if you have Premium }

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Link to post
Share on other sites

Thank you.  That is a very good scan result by Malwarebytes for Windows.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Now, click the tab marked GENERAL.   Look for the button marked "Check for Updates" and click it.  Be sure to follow all prompts.  Lets be sure it is up-to-date.
Close Malwarebytes when done.

.

SecurityCheck by glax24    

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.
Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe


and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then
Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
 

[     2      ]

Download   Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/


and Save to your Desktop.
Right-Click on fss.exe and select Run As Admisnitrator.
 
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

 


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Attach the report  file      FSS.txt into your reply. 

Link to post
Share on other sites

Hello.   Thanks for the reports.

The SecurityCheck tool points out a few apps that need your attention & follow-up so that they are updated to the latest release version.

Zoom v.5.0 Warning! Download Update

Listed under unwanted apps:   You should uninstall these 2   and then Restart the system

Avast Cleanup Premium v.20.1.9294.798 Warning! Suspected demo version of anti-spyware, driver updater or optimizer.

Avast Driver Updater v.20.1.720.1622 Warning! Suspected demo version of anti-spyware, driver updater or optimizer

.

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 
 

Link to post
Share on other sites

Good morning.   Thanks for the ESET scan log.   The run is very worthwhile.

I would like this next run with Malwarebytes for Windows.

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color
Now click the small X  to get back to the main menu window.

Click the SCAN button.
Select a Threat Scan ( which should be the default).
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Be sure all items were removed.   Let it remove what it has detected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

  • Like 1
Link to post
Share on other sites

Good morning. I hope you are doing well.

Is this the very last scan by Malwarebytes for Windows ?  or is it the one prior ?

and did you insure to remove HACKERMODE_AMONG US.EXE ?

Let me know all that on the occasion of the next reply.   Plus, an overall summary of the current situation.

+

[     1      ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  C:\Windows\debug\msert.log
Please attach that log with your reply.
+

[    2      ]

Kaspersky antivirus scanner
See about  downloading and running the Kaspersky antivirus scanner to remove any found threats
Kaspersky Virus Removal Tool

 

{  Have patience during the download.  It is around 175 MB }

Save the KVRT.exe file to the Downloads folder.   Once the download completes,   you can then run the file.

  1. Right click on KVRT.exe and select Run as Administrator.
  2. Read the EULA, then select Accept.
  3. Wait for Kaspersky Virus Removal Tool to initialize.
  4. In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  5. Click Start scan.
  6. Wait for Kaspersky Virus Removal Tool to complete scanning.
  7. When the scan is finished, select Neutralize all for all detected objects.
  8. To view the scan details, click details.     Please save the details   and relay those with your next reply.
  9. Close Kaspersky Virus Removal Tool when done.

Let me know what, if anything, is detected.


There is a guide on how to run KVRT Kaspersky tool    https://support.kaspersky.com/8528

+

[    3    ]   Provide a bit more detail as to what exactly you meant when you referred to "admin permissions".

What was it you needed to do ?   where ?   what ?

Link to post
Share on other sites

Hello, thanks for your response. I could not get the logs to any of the virus scanners but for the first one, it removed a virus that was tampering with the windows defender. And the Kaspersky Virus Scanner did not detect anything. What I mean to admin permissions were like: I could not drag or delete a file into desktop, I could not use specific services. This happened when I downloaded a separate file or service which took away my admin perms.

Link to post
Share on other sites

Obviously, drag and drop is a function of Windows operating system.  I've never known of a infection that causes that symptom.

You may do a Windows 10 "repair install" by following a guide article at Tenforums.
The title is "How to Do a Repair Install of Windows 10 with an In-place Upgrade"
https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

 

Study that article first.  Get familiar with it.
Read the top of the article.  & also study all of step 6

You will need a USB-thumb-flash drive.   Where you will use the Microsoft Media Creation tool.
( which will be where the Windows 10 setup media will be saved ).
You will do the download from Microsoft.

You will do  step 6: To do a repair install of Windows 10 with Media Creation Tool.

Essentially this repair is intended to be done in-place over the current Windows install.
You want to select "Upgrade this pc"
You want to "keep personal files and apps"
( all of this is shown and described in the article )

Link to post
Share on other sites

No, I meant that when I try to drag and drop the files into my desktop, it says I don't have admins perms to do so. I had admin perms before until I downloaded a virus that took it away.

Link to post
Share on other sites

Let me know the result of that procedure.   After that,  I will guide you more vis-a-vis  the file on the desktop.

Link to post
Share on other sites

Good morning.   As I noted earlier, keep me advised about the progress of  windows-repair procedure.

 For later on, I will be guiding you about the Desktop permissions.

About the drag and drop  operation you mentioned, I will be needing form you much more specific detail.

Like, what type of file is involved ?    where is the file now ?  what is the name of the file ?

are you needing to drop it onto a application-program ?  if so, why one ?

or, is it just a file move operation ?   if so, from where to where ?

Link to post
Share on other sites

Hello, I recently got an 16gb usb thumb flash drive. I don't know if its a flash drive but hopefully it is. I will now do a repair install on my computer. But first, I need to know how to put files into a usb thumb flash drive.

Link to post
Share on other sites

Be sure you understand that this USB-thumb drive will need to have the creation of the output from the Microsoft Windows "Meida creation tool".

That that essentially over-writes all the content on the USB.

How to get the Media Creation Tool and what to do with it -IS-  listed on the article that I cited  from before.

That is Step # 6   on this article

https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.