Jump to content

My PC is infected with a virus that won't let me reset, isn't seen in scans


Recommended Posts

My pc is infected with a virus that won't let me reset, isn't seen in scans (HitmanPro, Windows Defender). In the beginning, Windows Defender gave me an error message saying "This app is blocked by your IT Administrator. (...)". MalwareBytes did see a malware but even though it is shown as quarantined, the problems still persist. When I did an offline scan in Windows Defender, it didn't show me the scan results. The virus entered my social medias, followed a bunch of people on Instagram and made 2 tweets in Twitter from my accounts. It also probably entered my email adresses, as the email services notified me about some unusual activity. My pc is especially very slow in startup, and the internet connection is slow. When I hover the Wi-Fi logo, it says "unidentified network" under my own network. When I try resetting, it stops at 5-6 percent and tells me "there was a problem with resetting your computer". Also, the other solutions suggested a Windows Defender .exe file, but it is gone. Any help is appreciated.

Malwarebytes Premium Trial  4.5.23 3_1_2023 8_25_17 AM.png

Malwarebytes Premium Trial  4.5.23 3_1_2023 8_25_31 AM.png

Addition.txt FRST.txt

Link to post
Share on other sites

Hello @Gul and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

  • Like 1
Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:     @Gul

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall the following programs

Then right-click and uninstall the following software

 

  • Adobe Flash Player 32 NPAPI
  • Adobe Flash Player 32 PPAPI
  • Adobe Shockwave Player 12.3
  • Bonjour
  • Java 8 Update 261 (64-bit)
  • Java 8 Update 261
     

[ 2 ]

Your current DNS Servers: 192.168.1.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 3 ]

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

CHR Notifications: Default -> hxxps://w2g.tv; hxxps://web.whatsapp.com; hxxps://www.upwork.com; hxxps://www.youtube.com

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

[ 4 ]

Please run the following fix.

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Hp\Downloads\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

No, it's not obligatory. It's simply for your safety so that in case something were to happen you would not come back and try to blame us.

I've down thousands and thousands of fixes and have never lost anyone's personal data, but there is always a risk any time malware cleaning is involved.

Thanks @Gul

 

Link to post
Share on other sites

  • Root Admin

Thank you for the log @Gul that was a good run. It also found and corrected some Windows issues

Windows Resource Protection found corrupt files and successfully repaired them.

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Please uninstall, update, or otherwise address the following as appropriate for your system

  • Adobe Acrobat Reader DC - Turkish v.20.012.20043 Warning! Download Update | ^Please run Acrobat Reader DC and go Help - Check for updates...^
  • Adobe AIR v.32.0.0.125 Warning! This software is no longer supported. Please uninstall it.
  • Discord v.1.0.9004 Warning! Download Update
  • K-Lite Mega Codec Pack 15.7.0 v.15.7.0 Warning! Download Update
  • Microsoft OneDrive v.23.007.0109.0004 Warning! Download Update
  • Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported. Please uninstall it
  • Oracle VM VirtualBox 6.1.36 v.6.1.36 Warning! Download Update
  • VLC media player v.3.0.17.4 Warning! Download Update
  • WinRAR 5.91 (64 bit) v.5.91.0 Warning! Download Update
  • Zoom v.5.9.3 (3169) Warning! Download Update

 

Once those updates have been completed, restart the computer. Then check for Windows Updates and install any found.

Then restart the computer as needed and let me know if you're still having any signs of an infection or other issues. @Gul

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

It depends on what you're trying to accomplish. Since Windows was having so many issues and Reset still not working I would suggest you have an Image backup using something like Macrium Reflect. That way if something were to go wrong you could restore it back to the way it is right now.

You can still get Macrium Reflect Free version 8 from the following link, but Macrium Reflect is ending the Free version

https://www.majorgeeks.com/files/details/macrium_reflect_free_edition.html

AOMEI Backupper is another solution that can do imaging of the entire system.

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

Once you do have your system and data backed up, I would have the HP Recovery do a full factory restore to the way it was when you bought the computer.

Then uninstall the McAfee and use the Windows Defender and Malwarebytes

 

Link to post
Share on other sites

  • Root Admin
1 hour ago, Gul said:

If everything is going to be wiped, and I'm supposed to create a backup image for all affected partitions, where should I have the image located? @AdvancedSetup

You need to have an external USB hard drive that is bigger than your current hard drive.

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.