Jump to content

Recommended Posts

So, its been a few days since my PC has not been allowing me to use the Windows search bar and I just realised that isn't the only problem. I can't use the task manager, can't run .exe files, won't let me open regedit and other Windows features but when I run my free Avast antivirus there seems to be no infections.

Since I can't run .exe files, I can't even install MalwareBytes, does anyone know any solution?

Here are some snaps of the error messages I keep getting.

 

image.png.4618e845e8c196af3833cf1996bf2ca7.png

image.png.b6409fa7003525d3b122fcdecae137f8.png

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Please don't run any fixes or "tools" on your own, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to. If you have questions or issues, STOP and ask me first.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

Please download Rkill from this link and save to your Desktop:

http://download.bleepingcomputer.com/grinler/rkill.exe

 

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please post the log   if you can

Just let me know if this did run.

 

This report tool will run in Windows , even if you have to do it through an elevated command prompt.

1: Please download & Save DDS from this link  and save it to your desktop:

Don't click any flashing ads  ( if any show up).   The download will begin on its own thru your browser.

2: RIGHT-click dds.com and select OPEN.  (If prompted,  reply YES and allow the tool to run.)

Next click the Start button.

 

This scan will produce 2 logs, DDS.txt and Attach.txt, and save them to your desktop.

When the report has finished, the 2 report files will show in your default text application.

Just Close those 2 windows. DO attach the 2 reports DDS.txt and Attach.txt  with your next reply.

And with your next reply, Let me know if you possibly have access to another working Windows computer or device.

Let me know for sure the Version of Windows on this machine. It does seem that this is running Windows 10

Edited by Maurice Naggar
Link to post
Share on other sites

P.S. Do NOT even try to use Regedit.  I urge you to not try anything with that on your own. I will guide you as needed. First I want to see that you run the 2 tools I listed above.

If and when you get a quiet moment, I suggest you also run this. 

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

Link to post
Share on other sites

I can't open executables on my PC, an error pops up with the file path and says "System could not find environment option that was entered", so basically I can't use any of the programs you mentioned.

 

Yes I do have an usable laptop with Windows on it. My actual Windows version on this PC is Windows 10 Pro.

Link to post
Share on other sites

I very much want you to attempt the DDS tool download and its run.  This is a dds.com which would be great if you just manage to download and SAVE it.

On your other computer  -- and this will require a clean re-usable or new USB-flash-pen-thumb drive -- make a USB with the Media Creation tool for Windows 10.

Study and do the steps on this special guide at this link
https://forums.malwarebytes.com/topic/272765-run-farbar-recovery-scan-tool-frst-from-recovery-mode-on-windows-10/

We need to get & save the Media Creation tool for Windows 10
Do the run to make it on a USB-flash-thumb drive
Then get FRST64.exe onto that same USB

Follow the directions on article to Boot the " PROBLEM system" off that USB-flash
then run a report run with FRST64
Insure the run completes.
When done, the FRST.txt + Addition.txt  will be on that USB-flash
Then remove the USB from the slot
Then Restart the pc back to normal mode
Then upload ( attach ) the FRST.txt + Addition.txt  into a new reply here on this topic.
This should provide me a fresh complete report that I hope to use to help you along.

KEEP that special USB safe. It is a life-saver.

Link to post
Share on other sites

The Addition report is not created when the FRST64 is run from the Windows Recovery Enviroment. Thanks for the FRST report !

I am working on a custom-fix script. Tell me, is the problem-pc now able to run in normal Windows ? Please be sure to let me know.

Also tell me. It looks as if AVG is the installed-antivirus. Is that right ?

Link to post
Share on other sites

After you completed the special run.....did you then remove and secure the USB in a safe place, and

then powered-off the POWER for the problem computer. Then after say 30 seconds, Powered it up and then wait for Windows to load up.  And then see if it looks and acts more normal ?

Link to post
Share on other sites

Press & hold the Windows-logo key & tap the R key to get the RUN option.

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is onto the RUN line

C:\Users\Alex\Downloads\dds.com

and press ENTER-key

Hopefully it will start a run of the DDS report tool.  Let it run.

When the report has finished, the 2 report files will show in your default text application.

Just Close those 2 windows. DO attach the 2 reports DDS.txt and Attach.txt  with your next reply.


 

Link to post
Share on other sites

See if you can do this. Download and save a file named Iexplore.exe from here https://www.bleepingcomputer.com/download/rkill/dl/11/

and once the browser has finished the download, can you RUN that from there.

That Iexplore is another name for the tool known as RKILL by Bleepingcomputer.

If you still are not able to make a headway, see if you can Restart the machine into SAFE mode of Windows.

There is an article at Bleepingcomputer named How to Start Windows 10 in Safe Mode with Networking https://www.bleepingcomputer.com/tutorials/how-to-start-windows-10-in-safe-mode-with-networking/

That describes the steps to get Windows 10 into "Safe Mode with Networking".
Please study that. The goal is to get to that screen "Startup Settings" and
press the number 5 key on your keyboard to enter Safe Mode with Networking.
 

IF you do have good success, then do the Iexplore.exe run.

Then also run the DDS.com tool that you saved before.    { C:\Users\Alex\Downloads\dds.com  }

See if you can get me all those reports.

Link to post
Share on other sites

Hello. If you managed to do the procedures listed before, that would be great. What follows is an additional procedure to be run the next chance you have. 

This custom script is for  Alxglzgmz  machine  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt   <<< - - - - -

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

Restart the machine into SAFE mode of Windows.

There is an article at Bleepingcomputer named How to Start Windows 10 in Safe Mode with Networking https://www.bleepingcomputer.com/tutorials/how-to-start-windows-10-in-safe-mode-with-networking/

We will use FRST64.exe  on the Downloads folder  {C:\Users\Alex\Downloads\FRST64.exe }    to run a custom script while in SAFE mode.    The system will be rebooted after the script has run. 

Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.  Please attach the Fixlog.txt with your next reply. 

Edited by Maurice Naggar
Link to post
Share on other sites

Recently, I have seen other users' computers having issues due to Genshin Impact. Can you see about attempting to uninstall Genshin Impact.

Also UNINSTALL KMSpico.  That is a well-known hack & infector.

Have you tried to Restart this machine back to Normal mode ?  If not, can you do so now ?

 

Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now.

Edited by Maurice Naggar
Link to post
Share on other sites

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Just simply try to download and SAVE the MSERT.exe

Then, Can you just go back into SAFE mode

and then Uninstall the 2 programs I listed --- KMSpico  +  Genshin Impact   if possible

and

while in Safe mode, then Start  ( launch) MSERT.exe

Look on Scan Options & select  FULL scan  

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. 

 
Link to post
Share on other sites

Ok, I think I will be leaving it scanning overnight since it will take long and I gotta use my pc right now. Also, I uninstalled Genshin Impact and everything is still the same. I tried to uninstall kmspico but it won't let me, says can't find path or something similar, I can still open the app, but not uninstall it.

Link to post
Share on other sites

If you can hold off on that run ( for later)  and then see if you can do this here, which should only take a few minutes.
You "should be able" to bring up Powershell window by using the double-key keyboard shortcut listed on OPTION FIVE
of this article  https://www.tenforums.com/tutorials/25581-open-windows-powershell-windows-10-a.html#option5

You want to select "Windows Powershell ( Admin)"
and then click that.

Hopefully then the Powershell window shows.
If yes, then carefully & slowly Copy > paste this entire whole line onto that box-window

Remove-Item -Path "HKEY_CURRENT_USER:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Force -Verbose

and tap Enter-key to proceed.


Jot down any results.  And be sure to let me know.
If this works, it 'should' do away with the restrictions that have kept you from doing some selected things on the Windows O.S.

Anyhow, give it a good try.
In any event, after this, proceed with the special scan I listed before.
and by the way, if you have to, you can still use the system while it is running the MS Safety Scanner run.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.