Jump to content

Can't get to sign in screen


Recommended Posts

Hi, TIA for your help.  

My Dad's Dell Inspiron appears to have gotten infected after a trip to a Hospitals Wifi.  

The computer will boot but I can't get to the sign in box, and it takes forever to do that.  I click enter to bring the box up but the whole screen goes fuzzy.

With some direction I could try booting in safe mode but could use some instruction as well. 

I'm not at the machine now, but will be in about 12 hours.

Thanks

Link to post
Share on other sites

See if you can reach the Recovery Environment:

Option 1:

When the computer is turned off:

  • Press and hold the Windows Key and press the power button.
  • Release both keys.

Option 2:

When the computer is turned off:

  • Press and hold the Shift Key and press the power button.
  • Release both keys.

If you do, in the Advanced Options select Starup Repair.

Let us know the outcome.

Link to post
Share on other sites

Thanks for your help.  I got to the laptop today and it had repaired itself enough to sign in. First thing I did was to try and upgrade from the free version of MB but the options to pay disappear.  I was able to scan using the free version and it located and I quarantined 9 PUP files.  When I went to click the box to buy or upgrade I was redirected to a site to buy movies.  
Shall I proceed with the FRST instructions in the “I’m infected” discussion or do you have another option for me to follow. 
Thanks

Link to post
Share on other sites

Scan with Farbar Recovery Scan Tool

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe
  • After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator"
  • When the tool opens click Yes to the disclaimer if this is the first time using the tool
  • Make sure there is a check mark in the Addition.txt check box
  • Press the Scan button.
  • It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply.
Link to post
Share on other sites

  • Root Admin

Please ATTACH all logs unless requested otherwise

 

Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/


Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/


Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

 

 

 

Link to post
Share on other sites

Open a Command prompt as an Administrator.

Start -> CMD -> Run as Administrator

At the prompt type the following and press Enter:

CHKDSK /R

Schedule a scan at the next startup. Restart the computer.

Upon restart, CHKDSK will run. Let it run unhindered until a restart.

Then run this fix:

FRST64 was saved as C:\Users\Frandick\OneDrive\Desktop\FRSTEnglish.exe.exe

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Also attach the log created on your desktop, DiskCheckLog.txt.

Link to post
Share on other sites

Hi,

I'm confused and don't understand the instructions

Upon restart, CHKDSK will run. Let it run unhindered until a restart.

I performed this and it ran unhindered finishing with a restart

Then run this fix:

FRST64 was saved as C:\Users\Frandick\OneDrive\Desktop\FRSTEnglish.exe.exe

I don't find FRST64 as a file within FRSTEnglish.exe.exe

It's also odd that the FRSTEnglish file only shows in the desktop folder with a single .exe extension, and only when opened does it get the second .exe extension

  • Download the enclosed file  Fixlist.txt
  • I downloaded the text file and saved it to the desktop
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • I tried saving it to the FRSTEnglish.exe file but the Fixlist file won't attach to the exe file
  • Start FRST (FRST64) with Administrator privileges
  • I can't start FRST because it's a text file and not executable
  • This time around Press the Fix button and wait
  • Nothing shows up in the field box and a search for files doesn't reveal anything
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

What am I doing wrong?  I appreciate your help

Link to post
Share on other sites

  • Download the enclosed file  Runme.zip
  • Extract and save its contents to the desktop
  • Right-click on the Runme.ps1 file and select Run with Powershell.
  • When finished, a log file (DiskCheckLog.txt) will be created on the desktop.

Please attach this file in your next reply. 

Edited by JSntgRvr
Link to post
Share on other sites

Your hard drive has bad sectors, and although Windows has made corrections to the file system, files have been written on those sectors. A bad sector is like an infectious disease that continues to advance until the System crashes. You should be thinking about replacing the hard drive.

FRSTEnglish.exe was saved in the C:\Users\Frandick\OneDrive\Desktop folder

  • Download the enclosed file  Fixlist.txt
  • Save it in the C:\Users\Frandick\OneDrive\Desktop folder where FRSTEnglish.exe is saved.
  • right click on FRSTEnglish.exe and select "Run as Administrator"
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the FRSTEnglish.exe was ran from.

Please attach this file in your next reply. Also attach the log created on your desktop, DiskCheckLog.txt.

Please run the following ESET Online Scanner and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started.
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.

Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

Link to post
Share on other sites

I figured out how to ad the Fixlog and added it bellow.  I ran the ESET and it found 17 adware files and a trojan. 

I forgot to create a log and didn't think I should copy the file names from the quarantine list.  Let me know if I should add it.

It appears that the laptop is running fast again.  Now I have to figure out a way to keep my 92 yo Dad from clicking on everything he sees 

Thanks again 

Fixlog.txt

Link to post
Share on other sites

FRSTEnglish.exe was saved in the C:\Users\Frandick\OneDrive\Desktop folder

  • Download the enclosed file  Fixlist.txt
  • Save it in the C:\Users\Frandick\OneDrive\Desktop folder where FRSTEnglish.exe is saved.
  • right click on FRSTEnglish.exe and select "Run as Administrator"
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the FRSTEnglish.exe was ran from.

Please attach this file in your next reply. 

Let run another scan:

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply
Link to post
Share on other sites

FRSTEnglish.exe was saved in the C:\Users\Frandick\OneDrive\Desktop folder

  • Download the enclosed file  Fixlist.txt
  • Save it in the C:\Users\Frandick\OneDrive\Desktop folder where FRSTEnglish.exe is saved.
  • right click on FRSTEnglish.exe and select "Run as Administrator"
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the FRSTEnglish.exe was ran from.

Please attach this file in your next reply. 

Please remove this program:

ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)

Restart the computer.

How is it doing?

Link to post
Share on other sites

It's doing great. Thanks.  I'll remove the Garmin program shortly. 

One thing I noticed yesterday was a redirect when I opened Last Pass.  It opened a shopping or coupon site.  I also removed a couple of recipe extensions my folks used

I installed Privacy Badger as I do I my other machines and it's recently blocked a couple of trackers from dou bleclick.net ,  bat .bing,  go ogle  analytics and analytics go ogle.   Is there something else I can do to block these?  

Link to post
Share on other sites

My suggestion below.

I am glad to know things have improved.

Lets cleanup.

Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10/11 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Delete Restore Points

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

Malwarebytes Browser Guard

uBlock Origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Regards.

Link to post
Share on other sites

 

2 hours ago, JSntgRvr said:

FRSTEnglish.exe was saved in the C:\Users\Frandick\OneDrive\Desktop folder

  • Download the enclosed file  Fixlist.txt
  • Save it in the C:\Users\Frandick\OneDrive\Desktop folder where FRSTEnglish.exe is saved.
  • right click on FRSTEnglish.exe and select "Run as Administrator"
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the FRSTEnglish.exe was ran from.

Please attach this file in your next reply. 

Please remove this program:

ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)

Restart the computer.

How is it doing?

It is hidden. You need to run the Fixlist first, then the entry will show.

Link to post
Share on other sites

I don't know why I can't figure this out.  I ran the fixlist and then searched File explorer for 

ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

and

C:\windows\system32\drivers\swdumon.sys

I then searched FRST.ee for both of them and no results.

I need some simple step by step instructions  

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.