Jump to content

My computer has a virus that can never be removed


Recommended Posts

I can't seem to post the last article, and I didn't see my last article on the forum homepage, maybe it was deleted, and I reposted it from here, and added mbst-grab-results.zip .

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

There is an exception that pops up from time to time, and no matter how many scans, the source of the virus is still not found.

And the ip location shown in the abnormal state keeps changing again.

These warning messages kept popping up after I fell asleep yesterday. At the moment, I didn’t do much operation on the computer, but this warning still kept popping up

I tried to export the txt of one of the abnormal information and convert it into an English file.

Please help me, thank you guys.

mbst-grab-results.zip

report.png

system virus.txt

Link to post
Share on other sites

Hello @ant10202000  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please copy and paste all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

You're system is infected with tricky malware. Please give me some time to review your log files in order to prepare an cleanup procedure.

Edited by MKDB
Link to post
Share on other sites

Let's start with a FRST fix (Step 1) as well as a scan with ESET.

More steps will follow later @ant10202000.

 

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\ant10\Downloads\ in your case.
  • You will find the file FRSTEnglish.exe (FRST) as well in this folder.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files and empty recycle bin.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.
  • FRST will create a .zip file like < Date_Time.zip >, for example 20.02.2023_11.33.52.zip, on your desktop as well. Please attach this file as well with your next answer.

 

 

Step 2

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe".
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes.
  • When prompted for scan type, Click on Full scan
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.  (e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  (in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

 

 

fixlist.txt

Edited by MKDB
Link to post
Share on other sites

I tried to scan according to your steps, and there are indeed many diagnosed hazards.

but it seems that many of them were misjudged. I only restored a small part of the more trusted programs.

In addition, I will make up the two programs mentioned in step 1

But the <Date_Time.zip> you mentioned has 205mb, which is beyond the upload capacity of this website,so I uploaded it to Google Cloud.

If you don’t mind, you can also download it from the Google Cloud link below, or please tell I provide it to you in other ways.

Google Cloud

Fixlog.txt

  • Like 1
Link to post
Share on other sites

2 hours ago, MKDB said:

Thank you very much @ant10202000, you did a very good job!

 

Can you run ESET Online Scanner like requested in Step 2 and attach the logfile as well when you have time for it, please?

Then we can go on.

Oh yes, I'm sorry I forgot to mention this, I have started a scan with ESET Online Scanner 13 or 14 hours ago, and this program scanned many of the hazards mentioned in the previous article.

only restored a part of the misjudgment file that I think.

I think the computer is in good condition now, and there are no more warning messages. Of course, I am not very sure. Sometimes the warning messages are separated by as long as three days, and sometimes immediately.

I will keep the files in the cloud for a while, thank you.

Link to post
Share on other sites

2 hours ago, MKDB said:

and attach the logfile as well when you have time for it, please?

Then we can go on.

Oh sorry, I missed this paragraph, but I don't know how to export the log files of ESET Online Scanner directly?

Is the log you are referring to exactly the same as the fixlog.txt you mentioned?

Because I completed step 1 first and uploaded immediately, maybe this upload record did not record my scan information, I will fill in the txt again at the bottom, I don’t know if it will be exactly the same as the previous one.

Fixlog.txt

Link to post
Share on other sites

Thanks for your feedback @ant10202000. 🙂

First, let me say, that you a doing a really good job here.

 

 

After the ESET scan is finished, you can save the logfile on your own:

Quote
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.

You would do me a great favor if you can attach this logfile for me. ❤️

If it does not work for you, please run KVRT (Step 1) instead.

 

Anyway, I do need a fresh FRST scan for further analysis. 👍

 

 

Step 1

Download Kaspersky Virus Removal Tool (KVRT) and save it to your Desktop.

  • Select the Windows Key and R Key together, the Run box should open.
  • Copy and paste the following string into the line:

C:\Users\ant10\Desktop\KVRT.exe -dontencrypt

  • Select „Ok“ in the Run box.
  • If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
  • An EULA window from KVRT will open, tick all confirmation boxes then select "Accept".
  • A window from KVRT will open, select "Change Parameters".
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.
  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report_<data>_<time>.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply.

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.
Link to post
Share on other sites

1 hour ago, MKDB said:

Thanks for your feedback @ant10202000. 🙂

First, let me say, that you a doing a really good job here.

 

 

After the ESET scan is finished, you can save the logfile on your own:

You would do me a great favor if you can attach this logfile for me. ❤️

If it does not work for you, please run KVRT (Step 1) instead.

 

Anyway, I do need a fresh FRST scan for further analysis. 👍

 

 

Step 1

Download Kaspersky Virus Removal Tool (KVRT) and save it to your Desktop.

  • Select the Windows Key and R Key together, the Run box should open.
  • Copy and paste the following string into the line:

C:\Users\ant10\Desktop\KVRT.exe -dontencrypt

  • Select „Ok“ in the Run box.
  • If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
  • An EULA window from KVRT will open, tick all confirmation boxes then select "Accept".
  • A window from KVRT will open, select "Change Parameters".
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.
  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

C:\KVRT2020_Data\Reports\report_<data>_<time>.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply.

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

I tried to follow your steps and yes KVRT has completed the scan but it did not show much and did not diagnose the problem.

I don't know if I made a mistake, and there is no button to export, but I have found the klr file you mentioned, and I will provide it below.

However, the current forum does not support uploading files with the extension klr, so I also store it in the Google Cloud and keep it for a while.

Later, I followed step 2, and used FRST to scan in the same way. After the completion, a window popped up.

Then restarted the computer and returned to the original download folder (my FRST is stored in the download folder and has not been moved), but There are no FRST.txt + Addition.txt files, only Fixlog.

Still Fixlog, probably nothing has changed, but I'm still providing it to you below.

Fixlog.txtand KVRT log

Link to post
Share on other sites

Thanks for the KVRT log @ant10202000.

Please run FRST from your download folder again and press the scan button like described in my last post. FRST.txt and Addition.txt will open automatically at the end of the scan. Moreover, they can be found in the download folder as well after the scan.

Please attach those files for me. Thanks!

Edited by MKDB
Link to post
Share on other sites

I tried to follow the steps again

First click to open FRST, but because I need the fixlist.txt in your second article, otherwise I will not be able to open FRST, so I went back and downloaded the fixlist.txt of your second article to use.

FRST will delete this fixlist.txt every time I start the scan.

After each scan, there will only be a prompt that the scan is complete, and there is only one confirmation button, and the computer will be restarted directly after clicking.

And after rebooting back to the download folder, of all the generated logs there is only Fixlog.txt.

I'm thinking I might be misunderstanding something or doing something wrong...

Link to post
Share on other sites

@ant10202000 Please note:

The file "fixlist.txt" is ONLY needed for running a fix.

For a scan, you do NOT need this fixlist.txt. You just have to run the tool FRST, that is in your download folder, and press the scan button.

You are probably mixing those two things... I'm really sorry, but I don't know what's the problem here.

Maybe @AdvancedSetup does and can help us.

 

 

 

 

 

 

 

 

Edited by MKDB
Link to post
Share on other sites

  • Root Admin

Good day @ant10202000

The original log you posted show INBOUND IP blocking. That is from a remote site that probes computers looking for exploits. Normally those type of blocks go away on their own after a week or so.

Please get me a new set of logs from the Malwarebytes MBST tool and we'll check some things.

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

  • Like 1
Link to post
Share on other sites

10 hours ago, MKDB said:

@ant10202000 Please note:

The file "fixlist.txt" is ONLY needed for running a fix.

For a scan, you do NOT need this fixlist.txt. You just have to run the tool FRST, that is in your download folder, and press the scan button.

Yes I did, I don't know why, but I didn't find FRST.txt + Addition.txt in the same folder.

Sorry, I can't provide these two files to you 😢

Link to post
Share on other sites

  • Root Admin

@ant10202000

Here are the download instructions using images to help show how to download

 

 

Please do the following so that we can get started and assist you in detection and removal of malware.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Do not click on any Ads. You may want to consider adding our Malwarebytes Browser Guard
    https://www.malwarebytes.com/browserguard  to help prevent Ads in the first place.


    01_farbar_download.jpg.262919d47a7f1c06a
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    12_saved_frst_file.jpg.9ba07f3f31ba3d4f0
     
  4. Windows protected your PC notification may appear and block the download. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

    Examples of Smart Screen preventing the download

    02_win7_smart_screen_block_01.jpg.eb05b2   


    Click the three... dots and select Keep

    03_win7_smart_screen_block_02.jpg.6f4f22


    04_win7_smart_screen_block_03.jpg.c483c1

    05_win7_smart_screen_block_04.jpg.3f1d4a

     
  5. When the User Account Control window appears, click Yes.

    06_uac_block.jpg.1a36bb28a620520d806aa98
     
  6. To accept the Disclaimer of warranty, click Yes.

    07_eula_farbar.jpg.c1966a4842ef445bf5cff
     
  7. Ensure only the boxes listed below are checked
     

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt


    08_farbar_main_window.jpg.a96d34d91c44d4
     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    09_frst_scan_done.jpg.c818983496ed624987

  • Addition.txt is saved in the same directory FRST is located.

    10_addition_scan_done.jpg.eb6a3f6141a1bf

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy and paste the contents of the logs directly

11_attach_files_dialog_box.thumb.jpg.036

 

Thank you

 

 

 

 

 

 

 

 

 

 

  • Like 1
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.