Jump to content

A trojan immediately close several programs I open


Recommended Posts

Hello, I made an account to resolve this problem I currently have. Currently I can't open several programs due to the trojan I got on my PC. I found this other thread which contains all of its symptoms (including the current inability to open Malwarebytes), though I can open most Windows settings options without issue:

I have installed FRST64 and scanned my PC for issues. Here are the files I got from it, any assistance is appreciated:

Addition.txt FRST.txt

Link to post
Share on other sites

Welcome smile.png
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. smile.png

Let's begin... smile.png

  • Download the enclosed file  Fixlist.txt
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites

As we cannot repair the installation with the Deployment Image Servicing and Management tool, I would suggest an in-place repair of Windows 10.

The instructions are here. The Repair has its benefits as Windows will be completely repaired.

I would suggest, however that you perform a full backup of your personal documents, in case of a hiccup during the process.

Keep me posted.

Link to post
Share on other sites

Darn, that's really unfortunate to hear.

It'll take me some time before I get to do it, as I have university-related duties to work on, but may I ask if there are any other possibilities to fix it that wouldn't require a Repair? Of course, I'll do it if there are none.

Link to post
Share on other sites

Lets try this:

Open File Explorer and create a new folder C:\iso

(you can run the file where it's at in your downloads folder but most users have hundreds of files in the downloads folder and it may be difficult to manage from there)

Using C:\iso will be easier on the command line too.


image.png.77f03a483e4d5f86f9a7bb6c985079e1.png
image.png.28e82e22e24d4f90b0878cb08e77fe84.png
 

Now go find the WINDOWS.ISO image you downloaded and cut and paste or move it to the c:\iso folder
After you move the file to the c:\iso folder then highlight it and right-click and select Mount

This will automatically pick the next available drive letter and open the ISO image.


For most users, this will probably be the E: or F: drive but could be higher drive letters.


image.png.d194e2221da49c3f5b9324a501b10d56.png

Once the file has been mounted then open that drive and browse to the Sources folder and locate the file INSTALL.ESD
Copy the install.esd file to the c:\iso folder as well


image.png.a1a27874474dd455e9f55a5abbdea200.png

 

Once you've copied the install.esd file to the c:\iso folder you can right-click the mounted ISO image and select Eject to unmount it
 
Now, open an elevated admin command prompt again and copy / paste the following entry and then press the Enter key. We need to find the Index number that matches your Windows type
Pay attention to your version of Windows if it's Home, Pro, Education, etc. as you'll need to use the same type.


Dism /Get-WimInfo /WimFile:c:\iso\install.esd
 
image.thumb.png.99ce9f64b2776a0985045abc241869c0.png

You can type in Winver from the command line or from the Start Menu and it will tell you what type of Windows you're running
In my case I'm running Windows 10 Pro, but your type may be something else.


image.png.3745d90128642424ed94469210a97de8.png
 
From the elevated admin command prompt copy / paste the following command which will convert the install.esd file to install.wim


Dism /export-image /SourceImageFile:c:\iso\install.esd /SourceIndex:6 /DestinationImageFile:c:\iso\install.wim /Compress:max /CheckIntegrity

NOTE: Make sure you change the /SourceIndex:6 to match your type of Windows

Once that command completes you should now have the following files in the c:\iso folder

  • install.esd
  • install.wim
  • Windows.iso

image.thumb.png.5592759cff2207c8c414301b2895b297.png
 
Now we need to verify that the install.wim contains the Windows type that matches our Windows. Run the following from the elevated admin command prompt   
 
Dism /Get-WimInfo /WimFile:c:\iso\install.wim


Make sure YOUR version of Windows is shown and not this example
image.png.9de4aeae1268fd7eb78f4b0d9ef7effd.png
 
With the file type now matching, we'll use the following command to run DISM and repair the system


DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:c:\iso\install.wim:1 /LimitAccess

(Take a look at the part Install.wim:1) (The number 1 is the SourceIndex number)


image.png.4d6a24ed3c46f505f6c06d7ef68b0c2f.png
 
Now it's time to run SFC again to have it fix and repair any file corruption it was unable to correct before
Run the following from the elevated admin command prompt
 

SFC /SCANNOW
 
At this point hopefully, both SFC and DISM have now run correctly and were able to repair your system files.
 
It may be a good time to also go ahead and run a disk check on your system drive to verify the integrity of files, folders, etc.
Run the following from the elevated admin command prompt and restart the computer to allow the disk check to run
 

ECHO Y|CHKDSK C: /F

 

Keep me posted.

Link to post
Share on other sites

8 hours ago, JSntgRvr said:

Run these commands in the order given:

DISM /Online /Cleanup-Image /StartComponentCleanup
DISM /Online /Cleanup-Image /AnalyzeComponentStore
DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:c:\iso\install.wim:1 /LimitAccess

First and second commands worked without issue, but the third command stopped again.

8 hours ago, JSntgRvr said:

If it fails again, try in Safe Mode. It could be a part of your RAM memory area that is ill.

I am currently attempting to enter Safe Mode, but I seem unable to, as my PC shuts down with every attempt.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.