Jump to content

My desktop has been infected heavily with malware, I need emergency help


Recommended Posts

Hello,
I have no professional knowledge in how to touch registry files or anything similar and I think my desktop needs a registry fix and malware removal.

I have removed the Ethernet cable so I can open malwarebytes. I ran a scan just on my C drive all night long and here are the results. I took photos because there is no way to upload the scan log anywhere wo internet and also as soon as I inserted a USB stick to manually move the file, my windows went blue screen (oops something went wrong...)

The issues started when an infected usb stick was inserted by my friend. My browsers (chrome and firefox) slowed down and eventually stopped responding, after closing them, 2 cmd.exe windows ran on their own for 1 second, my wallpaper turned to black and my app shortcuts on desktop started glitching. I quickly removed the stick and it looked like everything visually turned to normal. However nothing would run so I restarted, it worked for half a day and then everything started freezing again. I then restarted again and it got stuck on the restart screen for 10 hours (I restarted and left for work, when I came back it was still restarting). I restarted with the button once again, this time the system booted up, I tried to open task manager and it was again not responding. It did run on the third try, and it shows 50% of my disk is engaged. The list and the activities are not normal. I tried to open malwarebytes but it kept appearing in task manager and then disappearing. As if it was force closing. then everything froze again and the desktop disappeared, only task manager window which was not responding remained. I got stressed because it felt like someone has access to my desktop and is running things remotely. I immediately pulled the ethernet cable out, restarted and then could run malwarebytes and also open task manager again.

The scan found 10 threats but after some googling I didnt quarantine them, since they seem to be registry related and it might mess my windows up. I had kept the scan window open until the blue screen happened. I had to restart as I mentioned above, so the riskware is still there untouched. I will run scans on my other drives after I post this.

Please advise me how to correctly attempt to remove the malware and restore the registry. Thank You!

*I removed my user name in the photos since it contained my real name and I do not wish to share that online.

 

SCAN LOG PHOTO.jpg

SCAN LOG PHOTO 2.jpg

Link to post
Share on other sites

@Asioconite

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

Link to post
Share on other sites

Hello,
Thank you for your response.
I do not feel safe to connect the Ethernet cable again, as it seems like as soon as I give the windows access to internet, the system becomes unusable.
In your reply you have asked me to download Farbar and adwCleaner, that is not possible. How can I approach solving this offline?

Link to post
Share on other sites

Then that is not the problem, because if I recall correctly I had to instal word, excel and powerpoint for my school days years ago. I couldnt afford them so they are not bought. However I have scan logs from after they were installed and malwarebytes didn't flag anything in the registry. What else can it be? Oh and I bought my windows license key legitimately, so it cant be that either.

Link to post
Share on other sites

The only thing I erased was the name of the user which plays no significant role in the analysis but does compromise my personal data.
Ok so I just attached the usb to the desktop again, nothing happened (in terms of windows going blue screen), which is great, but I scanned it mwb and I get the same list.
Also I tried to create a system restore point and got the "not enough storage" error.
Lastly I also scanned all the remaining drives I have and the scan logs for them are almost identical to the c drive and usb. I assume it will always be detected regardless of what I'm running the scan for?
 

error-restore point.JPG

scan logs all other drives 1.JPG

scan logs all other drives 2.JPG

usb scan logs.JPG

usb scan photo.JPG

Link to post
Share on other sites

I only have this usb stick available to use on my laptop and download farbar. I attached it to the desktop twice, once for trying to move the scan logs (which failed bc of blue screen) and once now to run the scanner and see if its infected. I am not sure now, is it safe to eject it and use it on my laptop for downloading farbar?

Link to post
Share on other sites

@Asioconite Ignore Malwarebytes for now...

 

We need unedited logs from Farbar so eject it.

53 minutes ago, Porthos said:

Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Attach the 2 logs it creates

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.