Jump to content

WIFI doesn't work, malware disabled many settings


Recommended Posts

As the title says, I have done everything possible to download Malwarebytes and scan my laptop. I even connected to the Bluetooth to transfer the setup file, but with no success. It lists itself evrytime on the allow list in Defender. I have even tried starting in Safe mode, doesn't work. The reset button is disabled and I feel like I can't do anything to solve it. 

Screenshot_2021-11-23-11-33-30-78_572064f74bd5f9fa804b05334aa4f912.thumb.jpg.8fd3878f42953eda87d3ac010c8faa73.jpg

Link to post
Share on other sites

Hello @Couldwi9 and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

Step 1

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Link to post
Share on other sites

Hello, well that is the problem. I can't download FRST. When I connect it shows connecting for 10 minutes or so and never connects, there it also says "Connected, Secured". I accessed the website and all it shows is that it refuses to connect. Troubleshooting shows this and also Recovery Mode is a Blank blue screen:

20211123_123116.thumb.jpg.6d2822fa1d1e3cb8b8e13f1327c4d2ab.jpg

20211123_124453.thumb.jpg.a3df0e1b2836dd0c8ffcafb927c1c224.jpg

 

Link to post
Share on other sites

Go to a clean computer, download FRST to an USB-Stick.

Run the infected system, copy FRST from USB-Stick to the desktop of the infected system.

Try to run FRST on the infected system.

Edited by MKDB
Link to post
Share on other sites

Hello, yes, I do still need help and I'm really sorry. I don't have a clean computer or an USB device nor there's someone that has one. I can't buy one unfortunately. I have tried the ipconfig commands, resetting the network settings, flush DNS, and this still appears. I really don't understand why this is happening. It appears Command Prompt is even absent. There is absolutely nothing there. It's just a blank photo of it and right clicking on the Windows icon, only PowerShell is there. 

I could try to remove them from the Allow list and do quickly a Microsoft Defender offline scan? Perhaps it will find something, because the physical scan doesn't really find anything. My friend sold me this laptop full of malware. At first it was better, but it got worse with time. 

I downloaded some files from this website, and after that, it caused those problems, specifically "Venix". I tought it would be helpful:

https://tweakcentral.net/downloads

Virustotal came back with these results for one of them:

https://www.virustotal.com/gui/file/f39ce3daa27d9e4d498faac6d2fd33457b82e520bd1d8455231632c91e81f18d

Link to post
Share on other sites

13 hours ago, Couldwi9 said:

My friend sold me this laptop full of malware. At first it was better, but it got worse with time.

To be honest... If you get a second hand laptop, there is only one good decision: you need to do a clean installation of Windows (no matter if the system is clean or infected with malware) before you use it, because you don't know what the previous owner has done with the laptop.

According to your descriptions, your system is highly damaged, a complete repair is unlikely in my eyes.

 

Do you still prefer a repair of your system @Couldwi9? If so, please let me know and I'll ask another helper to support you. @AdvancedSetup

That's a size too big for me.

Edited by MKDB
Link to post
Share on other sites

I would really do a clean install but it's impossible. Only if the reset button was active (it's not clickable), I could've done it. I can't use the Offline scan for Defender, the "scan now" button is grayed out too. I tried to connect an Ethernet cable and there are some good news:

I can search up things on the internet, but when I try to access websites, they refuse to connect. And yes, I would prefer a repair. We could try to repair it, but if it's not possible, then I will find a way in the future. It's such a shame seeing this laptop looking like this, and I do know what the previous owner was doing with it. Only bad stuff. Downloading bad files every day until it became unusable, and then when it was sold to me, I didn't think the possibility where it could be infected. When opening it up for the first time, I got a Trojan notification from Defender. It added itself to the Allow list. 

Link to post
Share on other sites

  • Root Admin

Hello @Couldwi9

Please click on Start / Search and type in CMD.EXE it should show on the menu. Right click and select "Run as administrator"

If that works then type in the following and press the Enter key

SFC /SCANNOW

Let me know what it says please.

Thanks

 

Link to post
Share on other sites

Hello, sorry for the late reply. I will try to purchase a USB in the future to transfer the required programs to run some scans. Until then, it seems I can't do anything. PowerShell does open and run correctly, but the command itself isn't working. It justs stops after running it (nothing happens sometimes). I have to shut it down every time after using it, I feel like it's getting slower after doing a step, or even more infected. If there are other commands that would be helpful, I will try them out, but I have already wasted many hours on resetting things and they still don't work. If it's necessary, the topic can be closed until I get a USB.

Link to post
Share on other sites

  • 4 weeks later...

Hello, just updating the post. I got an USB with the Malwarebytes setup but when I tried to plug it in and then I clicked on it but something popped up: "Limited to restrictions contact the administrator"

I can't get it to a repair shop unfortunately. I have looked for some tutorials on how to fix this issue but I can't seem to find a solution.

Link to post
Share on other sites

  • Root Admin

Hello @Couldwi9

Please copy this attached file to your USB thumb drive. Then run Farbar and click on the FIX button.

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Thanks @Couldwi9

Please run the following for me and let me know how the computer is running now and what issues you're still seeing.

 

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

Link to post
Share on other sites

  • Root Admin

Please download the following file and save it to an easy location to get to.

https://download.bleepingcomputer.com/win-services/win-10/wuauserv.reg

Then restart the computer into Safe Mode and login and find that file and double-click to run it and merge it into the Registry

Then restart the computer into Normal Mode and run the FSS program again and post back the new log.

 

https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.