j_alta Posted September 14, 2022 ID:1532576 Share Posted September 14, 2022 Hey! Id highly appreciate some help. Yesterday i noticed that something changed my base search tool in firefox, then i noticed that i have a web companion on the computer that i had no idea about, looked suspicious, removed it instantly without any problems. Then went to windows defender to check for threats, and i was notified that the "IT Admin" in the network modified the access to it. - i didnt download anything for months atleast - im not watching *things* on weird, half-legal sites full of ads and popups. - no school or work account/network connected -I tried everything that i found on the internet, nothing helped me so far. - i tried microsoft safety scanner - no virus found - malwarebytes : no virus found - avast: no virus found - edited group policy, regedit, fixed hidden UI stuff, didnt work - tried all the powershell and cmd things with scanning, repairing, healthrestore, everything. Tried to get new files for windows defender and merge them. - tried these in safemode, unlocked the hidden built in admin account, tried all the above mentioned things, nothing worked. At this moment Malwarebytes protects me in theory, but if i turn it off i still have no access to windows defender virus and threat protection. And at many settings in the system it shows me that i dont have the rights to modify them. (In safemode i have access to virus and threat protection, but if i try to start it, it starts, but makes no progress at all.) What should i do? Id prefer not to reinstall the whole computer, since i have a lot of stuff on it and no place to save them to, also, getting all the softwares, drivers, etc back would be a pain. Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532577 Share Posted September 14, 2022 Forgot to mention, i have windows 10 Link to post Share on other sites More sharing options...
1PW Posted September 14, 2022 ID:1532583 Share Posted September 14, 2022 Hello @j_alta and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following: I'm infected - What do I do now? Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532584 Share Posted September 14, 2022 Okay, ill be at home again in a few hours and ill try everything that you guys can tell to me here. Link to post Share on other sites More sharing options...
1PW Posted September 14, 2022 ID:1532593 Share Posted September 14, 2022 Hello @j_alta: Excellent. Take your time to be accurate. Thank you. Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532611 Share Posted September 14, 2022 scan.txt Malwarebytes scan found nothing, it was running for 9 hours Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532613 Share Posted September 14, 2022 FRST.txtand the other scan you asked for Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532614 Share Posted September 14, 2022 Hi @1PW what should i do now? Link to post Share on other sites More sharing options...
j_alta Posted September 14, 2022 Author ID:1532616 Share Posted September 14, 2022 Even though Malwarebytes found nothing, now if i turn it off it looks like i can access the virus and threat protection in windows defender again, but yesterday i spent 7 hours to make it work and it didnt happen. How can i make it sure that i dont have any virus left? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 14, 2022 Root Admin ID:1532657 Share Posted September 14, 2022 Hello and @j_alta My screen name is AdvancedSetup and I will assist you with your system issues. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow all steps in the provided order and post back all requested logs Please attach all log files to your post, unless otherwise requested Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed. Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing. Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed. Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours. If your system is running Discord, please be sure to Exit it while this case is ongoing. Please run the following steps and post back the logs as an attachment when ready. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download. Spoiler Spoiler When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users. Example of Microsoft Edge blocking the download STEP 01 If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Double-click to run the program Accept the End User License Agreement. Wait until the database is updated. Click Scan Now. When finished, if items are found please click Quarantine. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time Please attach the Additions.txt log to your reply as well. On your next reply, you should be attaching frst.txt and additions.txt to your post, every time. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2022 Root Admin ID:1533353 Share Posted September 19, 2022 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts