Jump to content

I am infected with something that replicates itself and isnt recogn. by MB


Recommended Posts

This file is C:\Users\samik\AppData\Roaming\Google\Chrome\updater.exe
It is running without me running chrome and when I delete it it comes back and runs again. MalwareBytes doesnt do ***** about it, yet even windows defender was recognizing it and trying to remove it and it was coming back. What do I do?
Virustotal: https://www.virustotal.com/gui/file/da49e4f08991b86db99741942e8b5a252e7757a5080b10e9c82922ab25372cf0

updater.7z

Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:    @bubleman_2

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim.
  • Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections.
  • If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

Is this a Business computer or Home computer?

 

Thank you

 

Link to post
Share on other sites

Hi and thanks for the response.
This is a home computer. It got infected when I ran KMS pico11... I dont have any other pirated programs that I remember. I had uninstalled MalwareBytes, because it wasnt detecting it and now the only AV on this system is Windows Defender. What is the next step in your diagnostics?

Link to post
Share on other sites

  • Root Admin

Windows itself is pirated. This is a business only version of Windows

Platform: Microsoft Windows 10 Enterprise N LTSC Version 21H2 19044.3448 (X64) Language: English (United States)

 

The best thing to do is follow the directions from the links below.

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

 

Link to post
Share on other sites

  • Root Admin

It is illegal to sell that version to a home user. Business signs an agreement with Microsoft to only sell to business customers.

It's fine. If you bought that version from a vendor. You simply now need to go back and ask them to sell you the Sever OS and CAL to setup your KMS licensing service there at home. The current pricing is about $1,000 US Dollars in 2023

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.