Jump to content

Recommended Posts

hello! my name is Anton and i really hope your able to assist me since i have tried everything and i am just giving up on finding a solution and this has really affected my life in a very negative way since it happened and this is truly my last hope. I have read other forum tickets similar to what my problem was and was extremely surprised and impressed at how professionally that problem was dealt with and i am praying that you'll be able to help me out with this as well. So lets get to it! =)

So all of this started happening around last December of 2021, Jan 2nd to be exact is when i completely lost access to all of my devices and later on my phones and both of our house networks which i used to work from before this all occurred. I just got myself a new desktop that i dreamed of having since i was 8 years old and a new phone and apple watch as well. At first since i haven't dealt with viruses before(thank god) I didn't know that i might be getting something other then a minor bug or glitch or maybe a network problem since i live in a very small town on a shore of a privet lake and so the cell service and internet service is not the best here and usually loses connection or has a very slow one quite frequently. Then I started to notice that my video games had their settings changed and different apps would appear or automatically download that I never authorized or even heard of before. My computers fans would also go into over drive sometimes as frequently as every 10 seconds and when checking my task manager, would show that i have 64 GB of VRAM but would only leave about 10gb accessible and the rest would be shared to somewhere that I cant figure out where. I also started to notice extreme lag when I'm running very memory hungry and storage hungry applications and in the beginning when i just got the desktop, it was running flawlessly. I also tried to fully wipe my drives and tried to redownload windows on all 3 of my computers but all that did was make my computers completely uncontrollable because now every time i try to close off a service or program or delete an application that i haven't downloaded or installed onto the computer, it just comes right back a few seconds after i close it off and after i do that a few times it either blocks me off by saying that i don't have access or my permission is denied or just blue screens my whole computer with an error saying "stop code" and then reboots again but extremely fast and not how it should boot normally. I also cant download any anti viruses including Malwarebytes because the second that i click on install, it either freezes my computer and crashes later on or just tells me to reboot my computer the second that the program starts installing and stops the installation at 15-32% and goes into reboot or closes off the whole download the second i click on reboot later or don't reboot. When it restarts it says that windows is updating which counts to either 72% or sometimes to 100% and then restarts again and says that windows failed to update, reversing back to the old update version then restarts again and then finally boots up with a few black screen flashes in between some loading phase that is not the standard way my computer ever started up. I am not able to download Malwarebytes and was only able to make an account on forums through my phone and now accessing this off my desktop but in safe mode or else it would tell me an error or just crash and shut off my computer or send it into a restart. I  shortened this as much as possible since there's quite a lot to write if mentioning all the details that happened throughout the year but if needed later on, i have no problem providing as much details as needed on any question or subject that is needed to be answered by me. I really hope that we can get this resolved, and thank you so much for your time and your effort to help me out with this. I don't know what else to do since i have tried everything even giving my laptop (different computer that's also infected) to a computer guy who charged me 200 bucks for a reboot and said that the computer was completely fine when i know for a fact that its not and works completely differently then how it should of since i used it when it was clean and all of the above signs and many more occur on it just like they occur on my third laptop and my desktop. I would like to focus on my desktop first as I don't need the laptops for anything for now but would like to get those fixed later on as well if a fix could be done for my desktop. I hope to hear from you soon! god bless!

mbar-log-2021-11-17 (03-02-55).txt mbar-log-2021-11-17 (03-08-15).txt system-log.txt

Link to post
Share on other sites

I have just found the needed files, for some reason they were in my downloads folder and not on my hard drive or in my documents/files folders where i usually would of found them especially after i saved them to that location 3 times. I apologize for double posting but I thought this would be important enough and would save time in the long run. 

FRST.txt Addition.txt

Link to post
Share on other sites

Hello LostCause123 and welcome to Malwarebytes,

Continue with the following:

Run an Offline scan for windows 10:

Open the search function, type or copy/paste Windows Defender Security Center then select ok to open that option.

In the new window select Virus and Threat Protection then select Scan Options

The scan options window will open, from there select Windows Defender Offline Scan

You will be given the option to save any opened work etc, then select Scan from there when the scan completes Windows will reboot..

To check for found entries:

Select Start , and then select Settings > Update & Security > Windows Security > Virus & threat protection . On the Virus & threat protection screen select Protection history.

If entries are shown as "Found" the time and date will be same as the offline scan just completed.....

Next,

Zip and attach this folder: C:\Windows\Minidump you may have to copy to your desktop first..

Thank you,

Kevin.

 

Link to post
Share on other sites

thank you so much for getting back to me! I have done the offline scan and like the previous times, it got to 10k files and about 63 percent and then rebooted. When i logged back in, the first notification that popped up was that Malwarebytes is unable to download for some unknown reason. This happens every time on boot since i tried to download Malwarebytes to do the initial scans before posting on these forums. Then when checking the "protection history" under "Virus and threat protection" it states that I have "no recent action" and the whole page is pretty much blank with no recollection of any scans that I did in the past or the one I did just now. I have attached the minidump files that you have asked. For some reason i had 5 of them all from different dates and times, is that supposed to be like that? I hope its alright that i attached all 5 of them on here. Thank you once again for your help!

110221-9296-01.dmp 110921-11031-01.dmp 111521-10875-01.dmp 111621-9375-01.dmp 111621-10296-01.dmp

Link to post
Share on other sites

Good afternoon! Sure, I will try to do that now but I'm pretty sure it wont let me since any update for windows or the OS just fails to fully download or doesn't start and just gets stuck on pre loading for install. I also wanted to add that i did a Malwarebytes rootkit scan and from looking at the logs, the rootkit scan was able to scan through all the drives in Windows\system32\drives except for drive 0 which came up to be "MBR on drive 0 is invalid or encrypted". The disk size is 2000398934016 bytes.

Would this be the virus hiding or is it the sensitive windows files that are encrypted that are on there and that's why its not letting it get scanned? I have tried to delete folders and files in the past that came up as either "no permission granted or files are encrypted" even though i just made sure that all admin permissions were accessible to me and i was the only admin/user to even operate and have access to my account and its files and folders. I also haven't encrypted any files what so ever. 

Some files that i couldn't get rid of and would have services running that would be unstoppable, and full access to them would be denied no matter what i did are RundL.exe host, SvcHost.exe, installer2, and hosting scripts with monitoring capabilities linked to azure.com, as well as developer tools and even had a user in task manager that was called dwm.exe and was taking up the most memory out of all the active processes and services. There is also a lot of services that show up about 10 minutes after a full wipe and redownload of fresh windows operating system and I've seen it happen live right after the computer boots up and gets set up through the windows tutorial. Some of these files are from "app execution aliases" that i have never downloaded like winget.exe, GameBarElevatedFT_Alias.exe, Python.exe(app installer), Python3.exe(app installer) and many many more services that just run on my computer and I'm not able to turn them off or end the task without having my whole OS crash or after ending the task 2 or 3 times, it denies me all permissions to delete or modify that file/task/service.  

All of this cant be normal right? I never had to deal with any of that before nor did i see any of this when my desktop just arrived so I'm pretty sure that all of this could be due to the infection and not normal computer behavior? Or am I completely wrong?

I have attached todays rootkit scanner log that i was referencing from up above just in case. It came back clean but i am also not running my computer in safety mode anymore, just on normal boot up so maybe thats why its going undetected? i Still have no luck in downloading malwarebytes to do the initial threat scan. It is stopping me from being able to download it every way it can. Would there be a work around to getting all this off my computer so i never have to see it again?

mbar-log-2021-11-18 (13-26-53).txt

Link to post
Share on other sites

RundL.exe host, SvcHost.exe are legitimate windows files. installer2 is a folder related to nVidia...  As you are in Normal boot mode can you run FRST again and post fresh logs..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done attach the new logs. "FRST.txt" and "Addition.txt"

user posted image
Link to post
Share on other sites

I have attached a list of some of the services that are installed and running on my desktop every single time i start up my computer. These services are also on every one of my other computers and are active and running. I did not install or even know what half of them were or what they did until i read the tooltip descriptions when hovering over the name of the service on the list. I am not able to turn them off or delete them and for the ones that i am able to stop, it comes back in a few seconds once again and then blocks me from being able to do anything to them. If i try to force end those tasks after that, it just crashes my whole computer and all the services come back on after I reboot as if i haven't touched a single thing.  The only thing I wanted to have on my desktop was a fresh install of windows 10 which I thought i had successfully done after i data wiped my drives through bios and did a clean install of windows 10 through a USB flash drive. After seeing all the services come back in minutes after the first initial boot, I inspected the USB flash drive that i was using and the files on it and apart from the windows 32 bit and 64 bit that were located there as supposed to, It also contained all the infected files and many other ones that i stupidly did not save or write down so i unfortunately can not give the names of those files but there was around 70 thousand of them. I removed them from the USB which caused the files to disappear. After a few seconds following the removal of the files from the USB the whole computer once again crashes and goes into diagnostics mode, following by a failed diagnostics check and then another reboot to where it boots up in the same irregular way that I mentioned previously with the pre-boot screen flashing 3 times to a full blank black screen and then switches to the log in window. I hope that the services list i attached will give some additional info on how i should move forward with fixing all this. The services list was saved in normal boot but i am posting this while in safe mode. 

I will do the scans once again right now and will be back to post them shortly. 

Thank you once again.

services extended list.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.