Jump to content

Please assist with removing a virus


Recommended Posts

@Havok2024

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please do all of the requested scans in order and attach all of the results in your next reply.<<<<< Important.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

Edited by Porthos
Link to post
Share on other sites

Seems your drive has bad sectors. Let see how bad it is.
 
Open an Administrator Command Prompt. At the prompt type the following and press Enter:
 
CHKDSK /R
 
Schedule CHKDSK to run at the next Startup. Restart the computer.
 
Upon restart, CHKDSK will run. Allow it to do so unhindered.
 
After the next restart run this fix:
 
FRST64 was saved as  C:\Users\tnl04\Downloads\FRSTEnglish.exe
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Another file will be created on your desktop, DiskCheckLog.txt. Please also attach this file to your next reply.

Edited by JSntgRvr
Typo
  • Like 1
Link to post
Share on other sites

11 hours ago, JSntgRvr said:
Seems your drive has bad sectors. Let see how bad it is.
 
Open an Administrator Command Prompt. At the prompt type the following and press Enter:
 
CHKDSK /R
 
Schedule CHKDSK to run at the next Startup. Restart the computer.
 
Upon restart, CHKDSK will run. Allow it to do so unhindered.
 
After the next restart run this fix:
 
FRST64 was saved as  C:\Users\tnl04\Downloads\FRSTEnglish.exe
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Another file will be created on your desktop, DiskCheckLog.txt. Please also attach this file to your next reply.

logs attached.

DiskCheckLog.txt Fixlog10.02.txt

Link to post
Share on other sites

Seems it did not include a report in the Event Viewer. Did you cancel its execution?

Bad sectors are like a progressive disease. Once they started to appear, they won't stop until your drive fails and crash.

I would suggest you backup all your personal data and replace the disk.

FRST64 was saved as  C:\Users\tnl04\Downloads\FRSTEnglish.exe
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Another file will be created on your desktop, DiskCheckLog.txt. Please also attach this file to your next reply.

Lets perform an online scanner:

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

Fixlist.txt

Link to post
Share on other sites

1 hour ago, JSntgRvr said:

Seems it did not include a report in the Event Viewer. Did you cancel its execution?

Bad sectors are like a progressive disease. Once they started to appear, they won't stop until your drive fails and crash.

I would suggest you backup all your personal data and replace the disk.

FRST64 was saved as  C:\Users\tnl04\Downloads\FRSTEnglish.exe
  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64 is saved. (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. Another file will be created on your desktop, DiskCheckLog.txt. Please also attach this file to your next reply.

Lets perform an online scanner:

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

Fixlist.txt 24.52 kB · 0 downloads

no, i didn't cancel the execution.  I'll replace the disk but does the log say if any of my files is infected?

Link to post
Share on other sites

There is an entry, that although could be legit, is running from the temp folder in Windows.

HKU\S-1-5-18\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.exe [18464 2024-05-05] (Microsoft Corporation -> ) <==== ATTENTION 
C:\Windows\Temp\MUBSTemp

If the drive is to be replaced, get the product key from your computer. Upon installation, nothing will survive as the new drive will be formatted. Only personal data should be backed-up.
 

Run this command to get the Product Key:

wmic path softwarelicensingservice get OA3xOriginalProductKey

Good luck.

 

Edited by JSntgRvr
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.