Jump to content

abnormal behavior with infected windows 10 installation


Go to solution Solved by Maurice Naggar,

Recommended Posts

i purchaced a new computer a few months ago and it has become infected with malware. i have used panda security, superantispyware and malwarebytes free version to various degrees of success however my computer has been experiencing graphical errors, slightly slower boot time, and shows some wierd processes in the task manager leading me to believe my system may have been attacked by a hacker or worse. i have also used the sfc /scannow command as well as a program called windows repair from tweaking.com. sfc showed no errors however windows repair found a bunch of problems. im attempting to use farbar to gather information to send to someone who knows how to read its diagnostics and i could really use some expert help with my new gaming desktop pc.

FRST.txt Addition.txt

Link to post
Share on other sites

Hello @poakes4     :welcome:

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

Edited by Maurice Naggar
Link to post
Share on other sites

You describe running a number of different tools.  Please do not run anything else on your own.  I will be guiding you from here forward.

If you have questions as we go forth, please stop and ask me first.  We gotta be sure that we do not over-step each other or, run into a conflict.

At this point, a basic question.   Is Panda a free trial add-on ?  or is it paid for & licensed ?

Also, one of the first things I spot is that there is a mess-up of unknown origin  ( maybe, perhaps from the Tweaking tool  IF you asked it to repair "Windows Defender".)

Link to post
Share on other sites

So, Panda is the free A-V.    We can get you back on Microsoft Defender.   That is built in with Windows 10 and is free.   Let me know if you prefer that.

(  I personally would stay away from Avast.   It is too grabby.   I personaly stick with MS Defender & Malwarebytes for Windows Premium).

I am going to ask you to turn off the SUPERAntiSpyware  so that we get you properly ready  for any tweaks or fixes  that I will have for you.

The concept is to minimize potential security conflicts.   I will get back with you,  after I review your reports.    😃

Link to post
Share on other sites

i have been avoiding microsoft defender because the few reviews ive read online over the years suggest that its a bit weak in detecting malware. also i heard on the youtube channel jays2cents that its good but not to visit some kinds of websites for some reason.

Link to post
Share on other sites

It is your call.  I would just say that those sources are a bit behind the curve.  MS has amped up MS Defender in several ways.

From the choices you listed, then, I would pick BitDefender.

.

Just do not make those changes now.

.

Now to insure the Malwarebytes program is all up to date.

Start Malwarebytes for Windows. Click on the Settings ( gear icon)

Now click on the tab "General". 

Then scroll up a bit. and then click on "Check for Updates " button.

 

Watch & follow all prompts.

 

That ought to do a check with the update server, and hopefully offer the newest component update.

Then click once more the Settings ( gear icon)  so that it goes back to main window.

Click the blue "Scan" button to do a new scan.   Kindly let me know the results.

Link to post
Share on other sites

although nothing new was detected i set mbam to ignore a keygen for a program called poweriso which allows me to play some older retro games on my pc like star trek bridge commander and star trek armada 2 without having a game disc getting scratched. and i may have accidentaly had mbam ignore stuff that i didnt want.

Link to post
Share on other sites

OK.  Thanks.   That report finds zero malware.  I did not spot indications of malware on the FRST reports.

Though, oddly enough, between the first time that FRST was run & when the support tool was last run, the goofed-up "WindowsDefender" is gone.

Anyhow, let go forward with this custom script below.

First, I would like for you to turn OFF  Panda antivirus.

[    2    ]

As a next basic step, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[    3    ]

What follows is a  custom script .  The goal is to do a few things.

  • Get rid / cleanup a small amount of dead context menu handlers
  • To run Windows System File Checker tool
  • To run the Windows Dism tool to check integrity
  • To cleanup & help on Windows Update
  • To rebuild the Winsock

The script Fixlist.txt  needs to be saved to the same folder that contains FRSTENGLISH.exe   /  it is on Downloads

 

Please save the (attached file named) FIXLIST.txt   to the   DOWNLOADS folder

 

Fixlist.txt

 

The custom script on this post is ONLY for this machine and NO other.   

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

 

  • Start the Windows Explorer and then, to the   Downloads folder.
  • RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run the tool. 
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Later on, I will guide you to run some other tools to check for "infections / malware".

 

Link to post
Share on other sites

This is taking quite some time. My computer is equipped with a Ryzen 5 3600 and 16 gigs of ram but with a crummy internet connection. Is farbar supposed to take over an hour or so to complete on a fast computer like mine?

Link to post
Share on other sites

Thanks for the report.  The System File Checker & DISM did not report any integrity issues.   and the first parts of the script finished.

But there was a time-out of the job at the 60 minute mark.   Thus, we need to finish the parts that were left to do.

This ought not to be as long.   However, kindly practice lots of patience.

First, I would like for you to turn OFF  Panda antivirus.

.

Second, delete the priror-saved  Fixlist.txt   on Downloads.

The new  script Fixlist.txt below   needs to be saved to the same folder that contains FRSTENGLISH.exe   /  it is on Downloads

 

Please save the (attached file named) FIXLIST.txt   to the   DOWNLOADS folder

 

Fixlist.txt

The custom script on this post is ONLY for this machine and NO other.   

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

 

  • Start the Windows Explorer and then, to the   Downloads folder.
  • RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run the tool. 
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Later on, I will guide you to run some other tools to check for "infections / malware".

Link to post
Share on other sites

I've started the farbar fixing process. Can you provide some details as to what the software is doing? I'm a computer nerd interested in desktop PC repair and maintenance, and basically making a computer operate as fast as possible and this process is exceptionally interesting. I would like to know more.

Link to post
Share on other sites

I have reviewed this last log.  Quite surprisingly it timed out after 60 minutes elapsed.   ( that is the standard max time for the FRST tool).

Question:  Are super-positive that you had turned OFF  the Panda antivirus before starting the run ?

Link to post
Share on other sites

  • Solution

Yes, uninstall Panda 
1. Press & hold  the Windows key on keyboard & then tap the R key   to open the Run command.
2. Type 

appwiz.cpl 


and tap Enter.
The Programs and Features window will appear.

4. Locate Panda Dome and click once to select it, then click the Uninstall button.

5. Locate Panda Cloud Cleaner and click once to select it, then click the Uninstall button.

6. Locate Panda Devices Agent and click once to select it, then click the Uninstall button.

7.  Also uninstall SUPERAntiSpyware

8. Also uninstall Tweaking.com - Windows Repair


Next, be sure to RESTART Windows.

Lots of antivirus programs will leave leftover traces.   So we need to have you also do what follows.

A.  Get & save the Panda Generic Uninstaller tool.  Save it to DESKTOP.
B.  Start uninstaller.exe
C.  Click Yes when a window showing the following message is displayed:
Do you want to run this uninstaller?

D. It will Restart the system.

Then, do again what is listed on this one post https://forums.malwarebytes.com/topic/275991-abnormal-behavior-with-infected-windows-10-installation/?do=findComment&comment=1466422

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.