Jump to content

Virus in my Pc


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi. I need help to delete a virus.

I have made all type of scans with some antivirus and they dont find nothing.

But in windows defender find this 3 virus. I do the actions and then appear again.

The details on the detection are those:

amsi: \Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

 

Please i realy need help.

Thank You

 

Link to post
Share on other sites

Hello @MiguelSilva and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following:

I'm infected - What do I do now?

Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply
Link to post
Share on other sites

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide

  • next, The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites

When you are done with that scan above & ready & Caught up & have lots of quiet time. Do this.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRSTENGLISH.exe  on the Downloads folder to run a custom fix script.    The system will be rebooted after the script has run.  This is intended to do some system checks using System File Checker ( SFC ) & the Windows' DISM check tool and a quick scan with MS Defender. It will also rebuild the Winsock. It will clear the cache temporary files of the web browsers.

This custom script is for  MiguelSilva  machine  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt  <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience.  Please attach the Fixlog.txt with your next reply. There is more to do after this.

Link to post
Share on other sites

The custom-fix-run is good. Windows Resource Protection found corrupt files and successfully repaired them.
The MS Safety Scanner run is helpful. And it did not find any actual malware.
How is the system now, today ?

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

Link to post
Share on other sites

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide

We need to do some other scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

  • Solution

Thank you. That was a good cleanup by Eset. It removed several threats. Including 

C:\Users\Public\Crack\LG\Malawer\MA\PowerRun.exe    Win32/HackTool.PowerRun.A Aplicação potencialmente insegura    limpo por exclusão

C:\Users\Public\Crack\LG\manage.ps1    PowerShell/Kryptik.EX trojan    limpo por exclusão

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add -dontcrypt 
Note the space between KVRT.exe and -dontencrypt

C:\Users\Miguel\DESKTOP\KVRT.exe -dontcrypt should now show in the Run box.

user posted image

That addendum to the run command is very important.


To start the scan select OK in the "Run" box.

user posted image

The Windows Protected your PC window will open, select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image
 
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20221030_103821.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply.
Link to post
Share on other sites

The Kaspersky KVRT tool reports no malware or any virus detected. YAY 👍

I would recommend getting a readout report as to update status of some key apps.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

                                    If Windows's  SmartScreen block that with a message-window, then
                                           Click on the MORE INFO spot and over-ride that and allow it to proceed.

                                    This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

These apps / programs or settings need your follow-up for action, per the SecurityCheck report.
The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^

Notepad++ (64-bit x64) v.7.9.5 Warning! Download Update

Microsoft Silverlight v.5.1.50918.0  Warning! This software is no longer supported. Uninstall it.

WinRAR 5.80 (64-bit) v.5.80.0  Warning! Download Update

Discord v.1.0.9002  Warning! Download Update

VLC media player v.3.0.16  Warning! Download Update

IObit Driver Booster 9.1.0.156 v.9.1.0.156  Warning! Suspected demo version of anti-spyware, driver updater
You do not need it. Uninstall IObit Driver Booster.

Wondershare Helper Compact 2.6.0 v.2.6.0  Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended.

Torrenting & file-sharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.
https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/

I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever.
Hidden risks in pirated software
https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/

 

AS to the cleanup of the tools we used:

This here is for tools cleanup.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Delete mb-support-1.8.7.918.exe
Delete mbst-grab-results.zip on the Desktop

I believe your system is good-to-go. I wish you well. 😎

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.