Jump to content

Seriously need help for removing virus.


Recommended Posts

Hello.

I installed Mechvibes and Avira antivirus flagged it a virus.

I deleted mechvibes  with its uninstall and installation file was deleted.

Avira said it detected more threats on my pc, restart to remove those.

I restarted and nothing happened but groove monitor error appeared.

I used a restore point to back before I installed Mechvibes.

Windows said it failed but worked and my pc got back and Mechvibes installation file was still there and I deleted it immedinaty.

It's about half month ago but I'm so scared and don't know what is going on some of weird things are calculator corrupted and Now both antiviruses are turned off and I tried to turn them On but couldn't do it.

I installed IObit malware fighter and advanced system care and after a time I finally installed Malwarebytes and scanned and qurantined all threats.

Now after a long time I opened Steam to play a game and a notification said Malwarebytes and Windows defender both are turned off and I can't turn them on but it is active by Antivirus itself.

I use Malwarebytes permium trial and I ran a scan using Microsoft safety scanner and it found 1 infected files and deleted them but I don't know where log is but I will upload my Malwarebytes first scan log

I also have seen some new svc host files(i think i didn't seen them before) proccess like Cryptographic Service, Udk user svc, CDP user svc and etc.

Please hurry I need help.

MBSR.txt

Link to post
Share on other sites

2 hours ago, Mr_51217149817 said:

I installed IObit malware fighter and advanced system care

Uninstall those and never use them again.

Update Malwarebytes by installing the following over what you have.https://downloads.malwarebytes.com/file/mb5_offline

 

Then do the following.

 

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

Link to post
Share on other sites

I have deleted them fully but I fear of having a virus there's nothing so weird.
Recently I found Procedure call service in task manager.
I have scanned with Malwarebytes but found nothing after that.
I don't know I'm overscared of having virus or I actully have it.
I can still normally use my machine for gaming and web browsing and nothing destroyed.

For some reason I don't have Windows defender from beginning and my license will expire in 2 days so I need to clean any possible virus before Malwarebytes stop helping me.
I have Malwarebytes 4 not 5.

 

Link to post
Share on other sites

I disabled fast startup.

Show hidden items is checked.
I did a scan with adwcleaner and it detected 22 items like PUP optinal Advanced system care and Malwarebytes detected nothing.
I did a scan with Malwarebytes 4 while downloading farbar and didn't play games just did some search in browser
Now I will upload my adwcleaner lastest log but couldn't find malwarebytes log.
I will perform a restart and if my pc be alive I will be back on and upload Farbar logs(If I can).

AdwCleaner[C00].txt AdwCleaner[S00].txt

Link to post
Share on other sites

  • Root Admin

Did you install this antivirus software on purpose?

Sheed Antivirus

https://sheed-antivirus.updatestar.com/

 

I would highly recommend you uninstall it and allow Microsoft Windows Defender that comes with Windows 10 to be the default antivirus

 

Then do the following AV scans after uninstalling Sheed Antivirus and restarting Windows

 

[ 1 ]

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

[ 2 ]

Lets also try another scanner:

ESET Online Scanner

Please run the following and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started.
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.


 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

Link to post
Share on other sites

Thanks for your respone.

It's weird but I don't have windows defender and my biggest problem is it.

I can just use an 3rd party antivirus as antivirus.
It seems eset online scanner should upload all my files to their database and scan them; We don't have such fast internet. can it work without internet? I can't leave my pc for long times
Dr.Web seems a bit suspicious for it's download policy.

However it is my last way so I will do it a bit later.

"MY VIRUS AND THREAT PROTECTION FIXED AFTER RESTART"

Can you tell me what are these services and are they legitimate?: 1-CDPUserSvc 2-udkUserSvc 3-cryptographic services 4-WpnUserSvc

I don't know I didn't seen them or they're new.

I'll post a screenshot of them in task manager.

 

 

Can you please check Mechvibes code for virus?
Mechvibes is a program that plays mechanical keyboard sound while you press your keyboard keys.

So I think it would be natural that antivirus detected it as virus because it uses your input regardless where you are.

I also did some research and Mechvibes wasn't so bad.

I don't run any program without research.

But only problem was my Avira antivirus said "potential blocked" and then "Avira detected more threats on your PC restart to remove them." something like it then a groove monitor error occured and I didn't remember it but I remember it said reinstall may solve the problem at the end of the error.

I tried a restore point and gone AFK for some time and then back and seen Windows restore couldn't extract something from somewhere(I don't know where.) them it restarted my pc and a windows poped up and said your windows back to date x/x/x(I still don't remember) and I use it for my gaming and theres nothing so weird except I said above.

My windows is normal but I'm very scared and think I have virus but the proccess doesn't take much CPU except some network ones.

 

I think I will not have time to do a scan that takes hours for some reason NOT VIRUS.(Maximum time I could scan was 4 hours.)

 

"My problem will be solved if Mechvibes be a false positive"

 

untitled1.png

Link to post
Share on other sites

I ran eset online scanner it says "System is downloading module update" and goes up and then suddenly goes down 0%-4%

Please answer all my quastions they're very important.

 

Quastions order:

 

1- Is Mechvibes safe? - If it has virus what it does do and we directly remove that.

2- How to fix my eset online scanner?

 

Link to post
Share on other sites

  • Root Admin

I would recommend that you back up your personal data at this point and do a CLEAN install of Windows.

Since you speak English I'd recommend using US English as the install version. It will come with Windows Defender

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

 

Link to post
Share on other sites

If I could reinstall windows 10 I was not here for your help.
I need to keep this windows safe.

I installed microsoft defender once and it was not available in my region.
That what problem I have Microsoft blocked my country.
Reinstalling windows 10 isn't that simple.
I need your help for keeping this windows safe or at least any possible stop viruses so if I can't remove virus, I want to virus stop but it remains.
Like a killer is dead and its corpse will remain but he cannot kill anyone anymore.

But if I can remove virus without reinstalling windows it is good.
I need your help with this windows.

Link to post
Share on other sites

I have a some quastions and please answer them by the order please.

 

1- Is it normal for network service or background intelligent service or other services to sometimes use high network and ruin my gaming? I had bad ping sometimes before installing Mechvibes.

 

2- My PC is normal like other PCs and can be used for what it made for. Sometimes high ram and CPU around 50% using browser. Is it normal and is my PC good?

 

3- One time after Malwarebytes warned me about license ending after a while and opening steam virus and threat protection was managed by my organization and Malwarebytes was turned off but it was still on; after restart it fixed. Now my Malwarebytes trial expired and my virus and threat protection is managed by my organization. I don't have windows defender and haven't it from beginning.

So should it be a bug?

 

4- Todays I'm very scared and I keep task manager open most time. Sometimes I see firefox or adobe acrobat and today I saw locmic utility tool in startup of my pc I don't use Internet explorer and rarely use edge. As you are a specialist, is it normal?

 

5- If it is not illegal to talk about other AVs in Malwarebytes can you suggest me some AVs that give free realtime protection regardless of their country and don't restrict them?

I want a basic protection. If it is not legal to talk about other AVs here, simple ignore quastion 5.

 

6- You are forum admin so can you change this thread name to Am I infected? or I think I'm infected because I don't want to distract other internet users searching for this.

 

I must continue to use my PC until it breaks or I realize that I was Over-Scared of computer viruses and there was nothing. 

Link to post
Share on other sites

I can't edit posts but I will post here.

 

quastion 3: It hasn't fixed after restart I don't know it's a bug, I haven't seen it or not.

 

 

After answering them please answer quastion 7.

7- Can you check mechvibes code for virus? If it hasn't virus tell me and I will thank you very much. If it has virus help me to remove them.

Link to post
Share on other sites

  • Root Admin

Please try the following

How to Do a Repair Install of Windows 10 with an In-place Upgrade
https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

This should keep all your programs and data but reinstall Windows to see if it can clear up your issues

 

Personally I'd stop playing around and do a clean install of Windows. It will be faster, safer, smoother and can be done in less than 30 minutes.

It might take you a couple of days to reinstall other applications and get things setup how you like but it would be Time WELL SPENT as the end result would be a much better system than hobbling this one back together

 

 

 

 

Link to post
Share on other sites

  • Root Admin

I've tried to and so far you're not following my directions. I've asked you to run 2 different AV scans and post back those logs

Please run the scans and post back the logs

Thousands and Thousands of people around the world have run these AV scans. There is no threat to you or your safety by running them. Microsoft has the same EULA and requirements that you allow them to scan and log all kinds of information about your system.

 

Link to post
Share on other sites

I did it.
I have 2 logs and I will tell why

 

First scan : Included RAM, Windows system folder, My documents folder, Temporary files and System restore point maybe.
Result: Nothing detected.

 

Second scan : Boot sectors of all discs, Boot disk root folder but not rootkits.

Result: Nothing detected.

 

If I didn't include my restore point, No threats detected for it.
The reason I didn't select rootkit was it would stuck at atikmpag.sys or atikmdag.sys and wouldn't pass it.

As I said before I couldn't do scan with ESET Online scanner however I did scan with Suspicious Dr.Web Cure It.

 

Is my pc good?

cureit1.txt cureit1.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.