Jump to content

mitsu virus removal


cxzt

Recommended Posts

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply
Link to post
Share on other sites

At your next chance, do these steps. 

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

(  2  )

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

(  3  )

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Edited by Maurice Naggar
Link to post
Share on other sites


---------------------------------------------------------------------------------------
Microsoft Safety Scanner v1.379, (build 1.379.926.0)
Started On Fri Nov 25 19:13:43 2022

Engine: 1.1.19900.1
Signatures: 1.379.926.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Fri Nov 25 19:16:20 2022


Return code: 0 (0x0)
d 1.379.926.0)
Started On Fri Nov 25 19:16:17 2022

Engine: 1.1.19900.1
Signatures: 1.379.926.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Fri Nov 25 20:24:34 2022


Return code: 0 (0x0)
 

Link to post
Share on other sites

This next custom-fix is mainly intended to run Windows' SFC & DISM to check the system for integrity. To clear temporary cache on Edge & Chrome & Firefox & Brave browsers. To rebuild the Winsock. To attempt to check the system with Microsoft Defender antivirus.

This is not a cure-all. Rather, it is meant as general check & cleanup.

This custom script is for  CXZT machine  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt <<< - - - - -

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRSTENGLISH.exe  on the Downloads folder      to run a custom script .    The system will be rebooted after the script has run. 

Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRSTENGLISH.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.  Please attach the Fixlog.txt with your next reply. 

Link to post
Share on other sites

Update: i am able to restart with update without any problem!, but how do i make sure that the virus is still be in my system 

 

https://www.virustotal.com/gui/file/1c0757e44587291a3152fe7c3ee1d49c64c5ad9bbfd2123a65a772783f0bc096/relations 

here the virus (and yes i was dumb because i checkt he file first and didn't check behaviour)

Link to post
Share on other sites

I do not understand what it could be that you are having any issue as to a dark screen when you startup the machine. You do not need to take any action when the system starts. Windows O S should load normally. As to additional checking of the system, do this 

[  Do a custom scan with Microsoft Defender Antivirus ]

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

On the next display, look at all the options.  Look down the list and see "Check for Updates" .

You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results.

Link to post
Share on other sites

QUESTION & request for clarification:

Is this issue of a blank display ONLY when you requested a Defender OFFLINE run ? ?

OR else

Is this blank display every single time that Windows or the system is Restarted ?

Potential tips:
when you get the blank screen, try tapping the space bar once or twice to see if there is a visual-display response. Maybe also try pressing the ESCape-key on keyboard once or twice.

Also try this. Type in

whoami /all

and tap Enter-key

Link to post
Share on other sites

P.S. Is this machine a notebook / laptop ?  and if so, does it also have linked another external keyboard ???

Further additional tips
Troubleshooting black or blank screens in Windows
https://support.microsoft.com/en-us/windows/troubleshooting-black-or-blank-screens-in-windows-51ef7b96-47cb-b454-fcab-fac643784457

Edited by Maurice Naggar
added more tips
Link to post
Share on other sites

8 hours ago, Maurice Naggar said:

QUESTION & request for clarification:

Is this issue of a blank display ONLY when you requested a Defender OFFLINE run ? ?

OR else

Is this blank display every single time that Windows or the system is Restarted ?

Potential tips:
when you get the blank screen, try tapping the space bar once or twice to see if there is a visual-display response. Maybe also try pressing the ESCape-key on keyboard once or twice.

Also try this. Type in

whoami /all

and tap Enter-key

Its like, only when you wanna restart to bootable stuff, (if i trie it will bootloop 5 time then stop responding and i'm force to take out my charger to force shutdown)

BUT FOR recovery mode, it will just be blank screen, (the screen is not even on at that point), and if i press enter it will restart and send me back to normal boot

GROUP INFORMATION
-----------------

Group Name                                                    Type             SID                                                                                                          Attributes

============================================================= ================ ============================================================================================================ ===============================================================
Mandatory Label\High Mandatory Level                          Label            S-1-16-12288                             

Everyone                                                      Well-known group S-1-1-0                                                                                                      Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114
                                                                    Mandatory group, Enabled by default, Enabled group

BUILTIN\Administrators                                        Alias            S-1-5-32-544
                                                                    Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                                                 Alias            S-1-5-32-545
                                                                    Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\INTERACTIVE                                      Well-known group S-1-5-4
                                                                    Mandatory group, Enabled by default, Enabled group

CONSOLE LOGON                                                 Well-known group S-1-2-1
                                                                    Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\Authenticated Users                              Well-known group S-1-5-11
                                                                    Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\This Organization                                Well-known group S-1-5-15
                                                                    Mandatory group, Enabled by default, Enabled group

MicrosoftAccount\literally my email                       User             S-1-11-96-3623454863-58364-18864-2661722203-1597581903-1706614377-2989728989-3967833891-625754034-2952217630 Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\Local account                                    Well-known group S-1-5-113
                                                                    Mandatory group, Enabled by default, Enabled group

LOCAL                                                         Well-known group S-1-2-0
                                                                    Mandatory group, Enabled by default, Enabled group

NT AUTHORITY\Cloud Account Authentication                     Well-known group S-1-5-64-36
                                                                    Mandatory group, Enabled by default, Enabled group

PRIVILEGES INFORMATION
----------------------

Privilege Name                            Description                                                        State
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege                  Adjust memory quotas for a process                                 Disabled
SeSecurityPrivilege                       Manage auditing and security log                                   Disabled
SeTakeOwnershipPrivilege                  Take ownership of files or other objects                           Disabled
SeLoadDriverPrivilege                     Load and unload device drivers                                     Disabled
SeSystemProfilePrivilege                  Profile system performance                                         Disabled
SeSystemtimePrivilege                     Change the system time                                             Disabled
SeProfileSingleProcessPrivilege           Profile single process                                             Disabled
SeIncreaseBasePriorityPrivilege           Increase scheduling priority                                       Disabled
SeCreatePagefilePrivilege                 Create a pagefile                                                  Disabled
SeBackupPrivilege                         Back up files and directories                                      Disabled
SeRestorePrivilege                        Restore files and directories                                      Disabled
SeShutdownPrivilege                       Shut down the system                                               Disabled
SeDebugPrivilege                          Debug programs                                                     Enabled
SeSystemEnvironmentPrivilege              Modify firmware environment values                                 Disabled
SeChangeNotifyPrivilege                   Bypass traverse checking                                           Enabled
SeRemoteShutdownPrivilege                 Force shutdown from a remote system                                Disabled
SeUndockPrivilege                         Remove computer from docking station                               Disabled
SeManageVolumePrivilege                   Perform volume maintenance tasks                                   Disabled
SeImpersonatePrivilege                    Impersonate a client after authentication                          Enabled
SeCreateGlobalPrivilege                   Create global objects                                              Enabled
SeIncreaseWorkingSetPrivilege             Increase a process working set                                     Disabled
SeTimeZonePrivilege                       Change the time zone                                               Disabled
SeCreateSymbolicLinkPrivilege             Create symbolic links                                              Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled

PS C:\Users\yinqi>

The computer is raven (window 11 laptop) made by illegear.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.