Jump to content

Reg control gone,PSv2,WG used to infect+control/300k+ files infect


Recommended Posts

Hello! So this has been an on going problem for almost 2 years now and after trying every anti virus program and running scans with premium access on all of the virus and malware removal programs, it either comes up undetected or finds a file or two and still doesn't fix anything after i remove them with the help of whatever program im using to do the scans. In the very beginning when it all begun, i had all my accounts hacked, my emails perm deleted and all my devices and phones completely infected and taken over to almost unusable states. Also one of the biggest mistakes i made was contacting a support specialist when dealing with the Norton anti virus app and they had me share my computer screen and also give them full access to my computer for about 45 minutes to an hour and noticed that they were editing the registry and downloading a bunch of files and also completely erasing and resetting the whole anti virus program which i gave no permission to do which by the end of the session, made me regret even thinking about addressing any issues with their tech support. I have also fully erased my systems, clean reinstalled windows and also had professional computer experts work on my computers and clean them out as well but everything ends up coming back the second i turn on my computers and connect it to my home network and sometimes even without connecting it to my home network, it would all return in the time span of an hour or so. But my biggest issue as of right now is that my laptop that i am writing this post from at this moment, is completely useless for anything else other then going on a internet browser and looking up and using websites. Any downloads or applications i try to open, just get an error message saying that the program that is being run is not associated with any working device or may have been moved or removed by the administrator. I have lost all admin privileges and editing my registry is blocked out once again by the admin, which im guessing is the admin of the workgroup that i cant get rid of or delete or remove myself from since it either just blue screens and shuts down the whole computer or after restart just goes back to how it was before even trying to remove myself from workgroups. As of now i am not able to download Malwarebytes applications, as well as any or the programs that are listed as the starting logs that i have to attach with this post. I started experiencing this a few days ago and restoring my computer from a restore point in recovery mode just brings up error message stated above and just makes me restart the device and all over again from there. Actually doing anything from recovery mode just errors and activates restart of the device. Also another thing that might be very important to mention... At the same time that the problems arose a few days ago, my windows got deactivated on my laptop and a permanent message window that is very faded grey on the bottom right hand side of my screen states that "Activate Windows, go to settings to activate windows" but after going to settings and checking the exact settings tab, it says that i have windows 11 home activated and has a product ID key and a windows key that is registered and says that its activated or else how would i of been able to use windows and all their features for years now. Also Powershell V1 and V2 are used constantly to inject codes and set up automatic tasks and commands to block me from erasing or changing/ modifying anything that has to do with fixing or removing any kind of changes or infections that were purposely put in to make it almost impossible if not completely impossible to fully get rid of. This is all very stressful and the past weeks problems have been completely new to me even though i thought i experienced and have seen the worst of the worst of what a malware and a hacker take over can do. All help is highly appreciated and it would be a true blessing if i could get guided through getting my laptop back to normal working condition with possibly fixing my main PC as well afterwards which got infected and went through the same issues that this computer has gone through except this one seems to be having a few more difficulties to work around with like the issues occurring around a week ago which has made my laptop just practically useless and unusable. So what can i do to even begin with downloading these programs/tools mentioned in the directions forum post so i can post the logs that are being asked for and needed? Thank you so much in advance for all and any help given to me and i am looking forward to following any and all advice that is given. I will do literarily anything that could possibly help me towards achieving normal working private home computers as my whole life revolves around working and using my home network and my devices which are currently all blatantly infected by more then one type of malware/ hacker attack.     

Link to post
Share on other sites

Hello @LostCause123 and welcome back:

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Link to post
Share on other sites

hello! thank you for getting back to me so quickly, so this was my initial problem, i get this error message when trying to open any file after it has been downloaded. i have attached a screenshot of the error message and i cant seem to find a work around for this issue. It started occurring about a week ago, same with my windows being deactivated as how it states at the bottom right hand corner of the screen.  

Screenshot (4).png

Link to post
Share on other sites

Hello Trusted Advisor, i have tried what you said and once in safe mode with networking, i did get the chance to install Farbar Recovery Scan Tool and ran the program directed by the instructions which generated the FRST logs and Addition logs which i will attach with this reply below. I was also able to install and run the Malwarebytes Support Tool which has a feature for fixing the main system and windows components, and i was wondering if i should maybe try running that in Safe mode so it can potentially fix the problems im having when not in safe mode?

Another issue occurred when having my computer booted in safe mode with networking, and that was that my wireless connection adapter was completely gone and disabled and only a ethernet connection adapter was present which i don't have access to at this moment (I have attached a screen shot of it below as well as a screenshot of the error when trying to install Malwarebytes application) and that was stopping me from installing the Malwarebytes application since it would download 5% and stop with an error saying that i don't have a internet connection to be able to download the actual program, so i am still not able to provide the Malwarebytes application virus scan logs. Also something else i thought would be worth mentioning.. my windows key ID way not present as well when in safe mode but when in normal boot, its still present and registered but the computer doesn't seem to register that its activated and still says that i need to activate windows. I have tried putting in a key of windows 10 Home but that errored as well and said it was invalid which after double checking 10 times, the key was put in correctly and exactly how its written on the purchased key card that came with the official package of windows 10 that i bought and used successfully before.

Below are all the logs that were generated after running the support tool and clicking the button that said "gather FRST logs and other logs to send to Malwarebytes support". I dont know how helpful the other logs will be since it does not let me open them while not in safe mode but i hope it helps! Thank you once again for the help and your time spent on me, ill be by my computer for the next 6-10 hours so i will check for any responses and further instruction as frequently as possible.  

Screenshot (8).png

Screenshot (7).png

Addition_20-05-2023 19.27.26.txt FRST_20-05-2023 19.27.26.txt mbst-check-results.txt mbsetup.log Service mbsetup.log PFRO.log setupapi.dev.log mbst-stub-results.txt mb-support-log.txt

Link to post
Share on other sites

  • Root Admin

We attempted to assist you last year and you never came back.  I'm sorry but if you're not going to stick with us and work with us then we're not going to take the time to read the logs. @LostCause123

https://forums.malwarebytes.com/topic/286784-malware-overtook-and-edited-my-desktop-computer-registry-group-policy-etc/

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim.
  • Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections.
  • If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

If you're going to actually stay with us and reply when asked then we're more than happy to assist, but let us know

 

Thank you

 

 

 

Link to post
Share on other sites

Hello, I greatly apologize for not sticking through with my previous post but i promise I will do everything exactly as asked and to the very end and i what previously happened before will not happen again. I have read all your instructions and have/will only use this computer to go on my web browser and then to these forums and for nothing else till I get an all clear from you. I will gather the logs as stated by trusted advisor and post them back in my next post exactly as directed. I also don't have discord on this computer and the only programs that I use on this device is my web browser and a few video games but that is all the possible applications and apps that I downloaded. Thank you so much for your time and effort on helping me, I will not waste your time again and once again I apologize. 

Link to post
Share on other sites

  • Root Admin

To begin, please do the following so that we may take a closer look at your installation for troubleshooting: @LostCause123

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

hello! so I did everything exactly as directed and after generating the zip folder with the necessary logs which I can see on my desktop as a zip folder with the exact name that your asking for, but when I try to drag in the folder to where it says "Drag files here to attach, or choose files..." it only adds all the logs as attachments and each one is uploaded separate instead of having it appear as one zipped folder. Same thing happens when I click on "choose files" below except when I click on the zipped folder that is named exactly as what your asking for and contains all the logs inside of it, instead of posting it as a whole folder, it adds it as a bunch of separate .txt files and logs. I don't know what I am doing wrong, could it be because the zipped folder contains more folders inside of it? So it begins to open up the initial folder, so i can choose the files from the folders inside? I am also opening the folder with windows explorer or the other option is to open the folder with Notepad and no other option is given. It says that the zip folder contains 10 files total and 5 folders, is that how it should be? 

Trying it in safe mode with networking does not work either, since i need a internet connection and it doesn't even show that i have a wireless adapter installed or an internet connection present. I provided a screenshot of this exact problem in my post above.  

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.