Jump to content

Recommended Posts

Hello,

I hope someone can help me crack this horrendous malware that has been wreaking havoc for most of my career, causing multiple prolonged cases of major depression & reconsideration of even continuing the life path I've been working on for the last decade+...

I believe I've unmasked the external drive responsible for this, & will never be using it again..I thought Norton would save me this time around to recover some old files, but it's caused the same chain of events on my new CPU(New system admin controls, BIOS settings changed/infected, multiples of .exe that shouldn't exist & have numerous unsigned, oddly named threads, can't update antivirus or windows defender... the whole nine yards)

I'll attach my Farbar scan .txt results20240203_135258.thumb.jpg.c27bb209c0024fc966aa6ec35e257842.jpg20240204_135423.thumb.jpg.5bbf281bbeaacbb2bf3c03c1b5359aba.jpg20240204_135437.thumb.jpg.6693eaa1cc766e0ef729e8c8b17c0828.jpg20240204_021248.thumb.jpg.c546442d6752b5df2dd9cbc879bf7b4c.jpg20240203_142748.thumb.jpg.74228c385bfab6eb00592f5b192f4887.jpgI got from the laptop that this malware attached itself to 7 years ago that I allowed to run its course to see if anyone can help me pinpoint the actual malware name & a solution to this nightmare.

(The pictures are from my current PC that has also been infected with the same malware)

FRST.txt Addition.txt

Thanks in advance.

Addition.txt

Link to post
Share on other sites

Welcome smile.png
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. smile.png

Let's begin... smile.png

  • Download the enclosed file  Fixlist.txt
  • Start FRST (FRST64) with Administrator privileges (FRSTEnglish.exe) (C:\Users\User\Downloads\FRSTEnglish.exe)
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

Lets give a try to Malwarebytes Antimalware and Adwcleaner to scan your computer

https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/\

https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/

Attach their reports.

  • Like 1
Link to post
Share on other sites

Thank you for responding so quickly. A few issues popped up since I posted this & want to make sure this isn't compromised. I noticed that indexing was turned off & briefly saw that windows & app data were on the "excluded" list before it quickly closed, & reopened the same window without any folders showing. Checked the file location of Microsoft Edge on desktop before opening, & it's within

Program Files (x86) - Microsoft- Edge - Application. Checked security of the file & there are multiple AccountUnlnown & Restricted users with read & execute allowed.

My desktop Microsoft Edge icon location is within

Program Data - Microsoft - Windows - Start Menu - Programs 

& a user(Account Unknown) found in security tab had Special Permissions

 

My question is, will it be safe to even open the internet & download the fix file without having anything compromised? 

Thanks again for taking the time to help...I really hope we can figure this out together & prevent others from going through this mayhem. 17075231256632344589633894558218.thumb.jpg.7349a6502efb0772ebb79062facd3674.jpg17075231494566462055167091183528.thumb.jpg.c3e942eb173501a3db0144e20a808403.jpg

Link to post
Share on other sites

I also did a full reset of my PC & formatted my C drive before seeing your reply, so I'll attach another farbar scan result of my PC. 

Also attached a picture of my advanced security settings for my C drive.

(posting all these pictures in case they may help other users discover answers from similar malware/problems) 

17075243234521943773341524879544.thumb.jpg.935b8431ec16b7959912ea5844f11c0c.jpg

Link to post
Share on other sites

  • Download the enclosed file  Fixlist.txt
  • Start FRST (FRST64) with Administrator privileges (FRSTEnglish.exe) (C:\Users\User\Downloads\FRSTEnglish.exe)
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please attach the log to your reply.
Link to post
Share on other sites

Thank you for being so helpful & I'm seeing progress! Successfully uninstalled McAfee..however, the tool closed itself multiple times when trying to reinstall after cleaning excess files. I was able to reinstall from website & use the tool to scan for fixes with firewall etc.. but when my laptop restarted, the blue screen popped up with stop code : CRITICAL_PROCESS_DIED & has been stuck at 100% complete. 

Link to post
Share on other sites

Now I cannot boot in safe mode, & keep getting the blue screen when trying to log in... which is the same result my latest PC tower ran into with the same malware & I believe I'm only able to boot Windows through a USB or CD now. Please correct me if I'm wrong or if there are other options. 

Link to post
Share on other sites

If for any chance Startup Repair, boot to a command prompt in the Recovery Environment. At the prompt type the following and press Enter.


BCDEDIT | Find "osdevice"
 
Take note of the drive letter shown as the "osdevice", then type the following and press Enter:
 
CHKDSK X:\ /R
 
Replace the X with the osdevice letter and press Enter. Once completed take a photograph of that window and upload it for us to see. See if you can take a photograph of the screen, and upload it for us to see.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.