Jump to content

ive got malware on computer plz help


Go to solution Solved by Maurice Naggar,

Recommended Posts

hey there I've got some malware causing internet browsing to crash randomly and not load some websites like netflix or speedtest.net.

malware bytes has detected nothing, i also used adwcleaner and spybot search and destroy both found a few problems.

but the actual problem has not gone and the malware has come back on to system after a reboot, when doing a second scan the same issues are detected.

attached is the log files from the scans.

A\is there anything else I can do to get rid of the malware?

 

malwares bytes scan report.txt AdwCleaner[S00].txt Checks.201011-1303.txt

Link to post
Share on other sites

i download microsoft saftey scanner today and ran a system scan. 

came back with a few viruses:

-microsoft safety scanner report-

trojan:pdf/phish                        partially removed
trojan:pdf/phish.bpk!mtb                partially removed
trojan:o97m/phish                       removed
virtool:win32/defendertamperingrestore  removed

how can i get these viruses removed ?

microsoft safety scanner report.txt

Link to post
Share on other sites

Hi,       :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.   

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one.

 

 

I would suggest that you do a scan with a scan tool from ESET  to just only scan the C drive.

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Custom scan    ( the choice on far-right side)

We want just the C drive to be scanned.

In the display "Select custom scan targets"  keep the top 3 lines ticked,  plus the one for the C drive   ( which should be your Windows drive)

UN-tick the other drives   ( D, E, F,   etc...)

Then click on the blue button "Save and continue"


Leave as is   the radio selection "Disable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.


Have patience.  The entire process may take an hour or more. There is an initial update download.
 

There is a progress window display.
 

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.  Look for it on the bottom left, in blue.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

The goal here is to see if there are suspicious or actual threats on the C drive.

Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice thanks for the reply.

I've already downloaded that program and done a scan but I believe the malware is interfering with my computers home wifi connection and it is stoping it from downloading the definition update and the scan eventually gives a message failed to start.

The only way I've been able to get antivirus programs installed and successfully have Windows Update install updates and drivers, (brand new installation of windows 10) is by taking the computer to a different house with access to a LAN connection and boot windows into safe mode with networking and download programs that way. Or the other way is I can use my phone to download the antivirus over home wifi connection then I'll copy and paste the install file to comp via usb. 

Thats what I did in this case with ESET online scanner but it failed on the update on my home wifi before it could complete scan. So I will have to take the computer back into town when I can to get the ESET scan done and I'll report back on the results.

I should note that after I had booted safe mode and removed malware and viruses after scans with

AVG free, Malwarebytes, adwscanner, spybot search and destroy.

Computer worked fine no restrictions on web browser, that is untill I took it back home and it started blocking sites like Netflix again straight away. 

I kind of have a feeling that something in the vicinity of my home is causing the problem, either that or the USB station thing I use to connect my mouse and keyboard too is possibly infected with malware and automatically installs when connected to the computer.

 

Link to post
Share on other sites

Hi.

There are a few questions I need to ask:

Is it at all possible to directly connect this machine with a Ethernet cable directly to the router network connection  ?    ( assuming your home has broadband / hi-speed internet with a router )?    If yes, please do that so that you can bypass the WIFI   ( at least for the time being )

 

You mention 

Quote

it started blocking sites like Netflix again straight away. 

Did you document the exact message ?    Do that   and let me know about the exact message.

 

Netflix connectivity can be quirky sometimes.   It helps to Restart the system sometime to get it all squared away.

And as a general tip, in situations where there are internet connectivity issues, it can help to shutdown & power off the whole computer & then the router / internet connection,  wait about a couple of minutes, and then power up the system  & then observe.

The shutdown starts with the pc itself, powering it off, along with all peripherals.   Then unplug the router.

wait like 2 minutes.   Then power up in reverse order, turning on the router first, wait a minute, then power up pc   & let Windows load normally.

.

I am going to re-review your earlier reports  & then get back to you soon.    Meantime do not install any additional scanners or tools.

If you just recently installed AVG  then I would urge you to Uninstall it   and restart the system.  I do not recommend AVG since it will add features & add-ons that make for pesky complications.  Windows 10 comes with a very good & capable Microsoft Defender antivirus.   Your machine does not need AVG.   Once after AVG is uninstalled, we can run a cleanup utility and then insure that Microsoft Defender is re-enabled.

However, I also note that this pc does have a antivirus included with  Spybot - Search and Destroy

So for sure this machine has one too many AV  applications.    You need to make a choice   as to which one antivirus that you want to stick with.

 

Let me know what you decide & have done about all this.  I will await your next reply to all this before I make other suggestions.  Getting pared down to only one installed antivirus is the next main goal at hand.

Link to post
Share on other sites

Good morning Maurice

Too answer your question about the home ethernet connection the answer would be no as the only way I can connect to the internet at home is by using my mobile phone as a Wi-Fi hotspot.

I'll have to take the computer back into town again to get access to a modem with a LAN connection.

AVG was the first program that I installed after a fresh install of windows 10 (I done a complete reformat of c drive and reinstalled windows 10 from USB image).

I want to make it clear that after I FORMATED C-drive and REINSTALLED a fresh copy of windows 10.

The malware was still on my system after fresh install of windows 10 and it was interfering with windows updates and stoping it from downloading any data. updates would just sit on 0%. 

I then took computer into town, connected it to a LAN connection.

I booted into safe mode with networking and installed a few antivirus programs. 

AVG found 4 malware entrys and quarantined them as did spybot search and destroy and adwcleaner.

Updates installed all good after that, Netflix's was streaming fine. Everything was working properly, and I want to make it very clear! that everything was working fine on my mobile phones wifi hotspot IN TOWN!

As soon as I took the computer home the problems have come straight back.

Now I know it seems to just be a network issuse, that's what I thought at first. But it can't be as my android tablet streams Netflix on the same home wifi connection (phone hotspot)and my computer loads some sites like YouTube and streams video no problems on the same wifi connection also I can play online games over steam no problems.

The sole issue that I am having is that the computer does not load certain websites like Netflix or speed test.net when it is at my home.

Just to make sure I'm clear on the problem, because it actually makes no sence and it's very frustrating!! 

The computer ONLY has the issuse at home it is connected to my phone's wifi hotspot.

When my computer is connected to my phone's wifi hotspot in a different location everything works fine!

When at home it has this connection problem.

It never had this problem before and would stream netlfix fine at my home, it just started happening randomly.

I will uninstall avg when I get home.

What do you want me to try after that?

 

 

 

 

 

 

 

Link to post
Share on other sites

Oh the exact message it leaves on my web browser when it doesn't load is website timed out check your internet connection.

But if I try load YouTube it works straight away, just not Netflix.

Link to post
Share on other sites

Not for the purpose of argumentation, but just to hope to get things simplified.
You did a new fresh setup of Windows 10.   There was no need to be installing AVG.   Windows 10 includes its own very capable & strong antivirus,  Microsoft Defender Antivirus.

Then, how does one 'assert' there is some sort of 'malware'  if one does not go by running security tools?
You report that AVG  found and removed "malware entrys".    It may be helpful to know what those were.

The issue of the internet connection not working needs to be considered as a separate item.  There is a way to rebuild the basiscs of the Windows-based internet connection settings.  By that I mean rebuilding the Winsock and flushing the DNS cache.
That should be done while not connected ( if possible)  to the smartphone hookup.   Or at least, disconnect the phone when the procedure is completed.
Start NOTEPAD { you can press Windows-key+R keys to get the RUN option 
and then type in 

NOTEPAD.exe 


 
and press Enter key to start NOTEPAD. 
 
Check and make sure "word wrap" is off.  
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked. 
IF it -is- checkmarked, click that one time so that it is un-checked. 
 
Please copy/paste the lines below to Notepad: 
 
 
@Echo on 
pushd\windows\system32\drivers\etc 
attrib -h -s -r hosts 
echo 127.0.0.1 localhost>HOSTS 
attrib +r +h +s hosts 
popd 
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns 
WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "automatic"
WMIC SERVICE WHERE Name="windefend" CALL startservice
shutdown -r -t 1 
del %0 
 
 
 
now Save as flush.bat to your desktop. 
Double-click flush.bat file to run it. Your computer will reboot. 
.
NOTE:   The program CCleaner is no longer recommended by Experts. It's your choice but Windows 10 can already do the majority of maintenance on its own. 
I would suggest that you uninstall CCleaner.

Link to post
Share on other sites

okay i have uninstalled the agv anti virus.

 

the files that avg found and quarantined : 4 x Other:malware-gen [trj]

 

i followed steps to reset the winsock and flush dns, but it did not resolve the issuse, still not loading netflix.

 

but it did something different, when i clicked the short cut to Netflix on my home page.

it said in bottom left corner of crome waiting for play.google.com not sure why its trying to load from play google?

after about 2 mins its come up with the usual 

This site can’t be reached

www.netflix.com took too long to respond.

 

I have gone on to Microsoft store and installed the netflix app on computer.

it installed all good.

but when opening netflix app it dosnt load and just gives error  

Sorry, there was a problem communicating with Netflix. Please try again.
(T1)
Link to post
Share on other sites

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.7.0.827.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.

.

I need to make clear a few points.  I will certainly help you to insure that there is no malware on this Windows system.

Beyond that, if it is just the Netflix app I will need to refer you to other help resources.

Here on this sub-forum our main focus is on finding, removing malware and help on security issues.

Link to post
Share on other sites

hi there, thank you for the next step of instructions maurice

i tried but was unable to download Malwarebytes support tool (screenshot attached) using the link provided. like i said before its as not just netflix that is being blocked there is a lot of other random things that will not download also.

youtube still works normaly streams video fine, netflix not loading still, online multiplayer games over steam work fine still also.

I could possibly download Malwarebytes support tool on my mobile phone and then transfer the file to my computer,

not sure if it will need to download something as part of the set up though. if so it would most likely not download it.

ill give that a try anyway

or my other option would be

To get the computer to different location to download the support tool. as it only seems to not work when I am at home.

oh and i have attached a screenshot of the avg quarantine so you can view the viruses it found on initial scan. (was not able to find a log file)

you can see that the malware original file location was in appdata/mircosoft.windowscomunicationapps

 

 

 

 

malwarebytes screenshot.png

avg quarantine.png

Link to post
Share on other sites

On the snapshot image of the tagged-items by AVG, at least two of them were PDF files.   It is very very uncommon for PDF files to reside at the users....\appdata\local  area.   I am guessing they perhaps had been downloaded while a browser was in use, or else possibly were related to some emails.   One would ask you if you recall some of those PDF names  ( files )  ?

.

In any event, lets put that away.  I believe you said that AVG had put those into its Quarantine.

Lets also for the time being, put aside the idea of running the Malwarebytes Support tool.

.

I need for you to do what follows with due care.  You will need to save a special file safely ( and as-is) and get it to the Downloads folder of this Windows machine.

The following is a  custom script.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

The system will be rebooted after the script has run.

.

This custom script is for  Locko90  only / for this machine only.

 
Close and save any open work files before starting this procedure.    If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

I am sending a    custom Fix script which is going to be used by the FRST64  tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder

The tool named FRST64 .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Sincerely.

Fixlist.txt

Link to post
Share on other sites

Windows File Explorer needs to be  set to show ALL folders, all system files, etc including hidden files / folders

Open Windows File Explorer.

Select View from its top menu bar > click Options on the icon at the far right-side > Change folder and search options ( from the drop down ).

  • on the next multi-tab mini-window
  • Select the View tab and, in Advanced settings,
  • select Show hidden files, folders, and drives
  • and OK.

.

[     2     ]

Thank you for the Fixlog report.   That run is a good step forward.   There are still drivers leftover from AVG.   They need to be cleaned up / deleted.

please  download & Save and  then run the following removal tool  AVG Clear.

https://www.avg.com/en-us/avg-remover

Restart Windows when that is done.

.

[     3      ]

I would suggest that you do a scan with a scan tool from ESET  to just only scan the C drive.
Go to https://www.eset.com/us/home/online-scanner/

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Custom scan    ( the choice on far-right side)

We want just the C drive to be scanned.

In the display "Select custom scan targets"  keep the top 3 lines ticked,  plus the one for the C drive   ( which should be your Windows drive)

UN-tick the other drives   ( D, E, F,   etc...)

Then click on the blue button "Save and continue"


Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.  Look for it on the bottom left, in blue.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

The goal here is to see if there are suspicious or actual threats on the C drive.    Please attach the scan-log with your next reply

and

tell me, How are things at that point ?

Edited by AdvancedSetup
corrected font issue
  • Thanks 1
Link to post
Share on other sites

good morning Maurice.

i followed your steps, and changed all files and folders to visible and successfully removed avg with the avg remover, (downloaded from avg website no problems)

step 3 is where i run into problems.

once again eset scanner does not download initial scan update and fails to scan

ive attached screen shot of the error message in eset scanner once it times out.

one thing id like to ask is why is there a (40) next to the youtube tab?

also windows has done some updates since running the fix it scan. ive attached a screen shot of the recent updates that have been installed via windows update.

one last thing that might be worth mentioning, i received a suspicious email this morning when i turned on the computer.

it was an email to do with amazon billing issues, its very strange to be getting an email from amazon, as i have never used amazon before.

attached is a screenshot of the email.

sus email.png

win updates.png

eset failed scanner.png

Link to post
Share on other sites

Good morning.  First, about the email "Amazon billing" ....you know it is a spam email.  Just simply go ahead and Delete it.   period.  end of that issue.

As far as any scan result, It is much better to have the actual log-file  instead of any screen shot image.

We do not needf any more runs of Microsoft Safety Scanner.   But kindly locate its log file and attach it in a new reply.

the log will be at  C:\Windows\debug\msert.log
Please attach that log with your reply.

.

Remind me just exactly which web browser is the one you use most /  which one is the default browser.   I need to have us keep that in mind.

The FRST report showed that EDGE is the default browser.   Is Edge working ok ?

Does Chrome browser have issues?

In cases where you have issues with web browsers, and if you are in a pinch, since this system is Windows 10 you can use the Microsoft Internet Explorer 11.   It is a legacy browser that is still present in Windows 10.

Just start the Windows RUN ( Windows-key + R )  and put this in the text of the run box

"C:\Program Files\Internet Explorer\iexplore.exe"

See if that helps out.   Just keep in mind that it is a legacy app  and not wanted to be used on a regular basis.

.

One other point  ( forgive my asking )  is this machine directly connected with a Ethernet cable to the internet ?

Link to post
Share on other sites

took the comp into town yesterday, first thing i did was connect to my phone wifi hotspot.

tested netflix, it worked fine... 

downloaded eset scan, it worked fine... log attached

came back home today.

connected computer to same phone wifi hotspot.

test netflix, not working.

im about to give up honestly. makes no sense 

its like something in this location is physically blocking this computer from normal web browsing..

like why does youtube work fine but not netflix?

why can i post this on this website but cant load another?

10-18-20 ESET SCAN.txt msert.log

Link to post
Share on other sites

Hi Maurice, I've found something that's very unusual!

i opened command prompt and pinged www.google.com it worked all good.

then i tried to ping www.netflix.com

straight away it redirected me too (dualstack.wwwservice2--frontend-san-vpc0-571120560.us-west-2.elb.amazonaws.com) 

how would i go about stopping it from redirecting me?

attached is screen shot of me pinging www.netflix.com in command prompt  

sc1.png

Link to post
Share on other sites

Comment on one your mentions 

Quote

connected computer to same phone wifi hotspot.

Obviously, we cant be relying on that as a permanent solution.

I asked before   is this machine directly connected with a Ethernet cable to the internet ?

This pc needs to have a direct Ethernet cable connection to your internet-service-router.    Can you please do that ?

.

and also   Go about resetting the Hosts file to normal default  , using this Microsoft guide

https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default

click on the Windows 10 under the Resolution section

Edited by Maurice Naggar
Link to post
Share on other sites

The folder c:\Users\locky\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe   is in the temporary storage area for the EDGE browser

That is where 6 PDF files where found & flagged by the Microsoft Safety scanner. It appears to me that they were flagged due to having bad links.

And the ESET scanner did flag them and delete them.   Eset deleted 9 files.    They are classified as PDF/Phishing.A.Gen trojan

 

My best judgment is that these files had been likely included with Emails that you had opened.

This procedure will reset the Hosts file to normal default.  At least, try to.

I am attaching a new Fixlist.txt here.   I need for you to find and delete the prior file off the Downloads folder.   Delete the old Fixlist.txt

.

The system will be rebooted after the script has run.

.

This custom script is for  Locko90  only / for this machine only.

 
Close and save any open work files before starting this procedure.    If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

I am sending a    custom Fix script which is going to be used by the FRST64  tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder

The tool named FRST64 .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRST64   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Sincerely.

Fixlist.txt

Link to post
Share on other sites

Hi Maurice, thanks for further instructions.

First thing first. I don't have access to ethernet connection for internet access *AT HOME*.

The only option I have WHEN AT HOME is my mobile phone hotspot wifi, (which I have been using for years with no problem).

if I take computer into town I can get access to a Ethernet connection to the internet (at gf house).

I said this before in a older post. But I don't even need access to a Ethernet port I just need to leave my house. 

I Simply connect to my phone wifi hot spot *IN A DIFFERENT LOCATION* (not at home) and everything works fine.

As soon as I come home it will not work properly.

This is why I have asked if there could possibly be someone in my neabourhood that has hacked my wifi. 

Okay second thing I've just tried turning on computer this morning and it's just got a black screen.

So I can't do anything now.

Was working fine last night when I turned off.

This morning won't boot.

 

 

Link to post
Share on other sites

Update on situation.

I have tried to boot safe mode

(Pressing f8 on start up and selecting safe mode with networking)

Computer just shows black screen.

Rebooted computer 

Selected start up repair

Asked to enter password, entered password.

Got message (start-up repair couldn't repair your PC)

Clicked advanced options.

Clicked system restore.

Selected 10/18/20 restore point.

System restore completed successfully.

Restarted comp.

All booted back to normal.

Logged in all good.

Phew! Crisis averted haha.

Now computer is working again I'll try and get the new fix it log done and report back on progress.

 

Link to post
Share on other sites

okay, 

1. i have reset the hosts file to normal default as instructed in guide (https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default)

2. searched for infected pdf files in c:\Users\locky\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe

found 20 files.

tryed to delete all 20 pdf files.

could not delete, got an error ( this is no longer located in c:\Users\locky\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe

verify the items location and try again)

3. deleted old fixlist.txt from download folder. 

downloaded new fixlist file to downloads.

run frst64 as admin

found new update, download and installed update sucessfully 

selected fix

fix completed

restarted computer.

computer rebooted fine
 

attached is screenshot of folder %WinDir%\System32\Drivers\Etc

is there supposed to be that many host files in there?

 

host files.png

tryed to delete.png

Fixlog.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.