malware

[banana4523]

Hello everyone. before we start i want to say i'm new here. i checked topics i see people post their windows logs i don't know how to do that so please tell me i'm gonna reply with the logs.

malwawrebytes dectected GSystem32 and GServices32 and Ground.exe is hiding in system32 file. i removed them but i want to make sure there's no malware left cause my pc randomly freezes and makes color lines and restarts. i don't know thats the malware doing that

 

i ran memtest86 the results are fine

i changed video adapters still doing the same thing

updated gpu driver

so i think its from hard drive. so i want to make sure there's no malware left or trojan thanks

[banana4523]

the problems appears when i watch a youtube video

or when i run malwarebytes after 5 mintues passed the computer freezes and makes color lines moving and sometimes beep sound and restarts

[Porthos]

@banana4523

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please do all of the requested scans in order and attach all of the results in your next reply.<<<<< Important.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup   Windows 8 and newer only <<<<< Important.
• Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes
      RESTART the computer <<<<< Important.
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

[banana4523]

i cannot send malwawrebytes scan log cause everytime i run the scan after 5 mintues my pc freeezes and makes color lines moving and restarts itself 

screenshot  of color lines https://filestore.community.support.microsoft.com/api/images/b7a926b2-e04d-40cf-88f1-810975ae7225?upload=true&fud_access=hC1SxZhn7m%2FZQJkOIiOVstu10yTQgXS4A%2FDBzZTg8nbaCgIogkrcDydMeI5Y4za2dOqDdWtsG2JNS3E35V60i9TiGHR7STMpJHheeXuDvO8nwjUlqCBHhJ0NDvuYN7OS%2FMCeFG1AgY3qTp9gsksbHOAyLR5GCd3wH4%2B1%2BmPPMrGcx3RigTBb1SxvuWioVQ5ccwOOdzcaEETsITuTg3NmPZx0NiS6Pua9Tg6hd94oG4HQlex86Fr%2Fxje9F41JH0vNzBsNAgIGB5AQABhNZRmxWIGW6k2nUFOWdGAbDVWjIfNDiLPXwjafocNLSwY%2F6BlieTjcIAZWcEejGIr8IrFUNnbelcasz6JZib1Q4B%2FBuKQXzWwubxnj1mhb%2BQoNG2VuZe1Q2xo6%2BwDMThYc%2BXWHVTx1KoavgPLlzCqZK82PZ38%3D

i have bsods if you want to view  it

 

 

there's t he other logs

 

FRST.txt Addition.txt AdwCleaner[S04].txt

[banana4523]

Dear Porthos. i have been waiting for two days no one has helped me right now.

i checked people new topics they  get respond from expert helping them.

like every  expert ignores me i wawnt  to get this problem fixed i didnt make new topic c ause you told me to be patient 

can y ou please do something

 

[Porthos]

You posted your logs 24h ago. It is the weekend and it can take some time to get to you. There are only 3 people authorized to assist.

[AdvancedSetup]

Sorry for the delay. I spent time with the family this weekend

I'll assist you in the morning

I notice the computer is very old. That lone could be your issues, but we'll see what we can do to help.

 

BIOS: Dell Inc. A10 04/30/2008
Motherboard: Dell Inc. 0PU052

 

 

[AdvancedSetup]

Good day @banana4523

First and foremost, your hard drive shows signs of a failing hard drive. I would highly recommend that you back up any important data to an external drive.

Then look at either replacing the hard drive or possibly replacing the computer due to it's extreme age of circa 2008

 

2024-09-22 05:34 - 2024-09-22 05:34 - 000000000 __SHD C:\found.029
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.028
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.027
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.026
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.025
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.024
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.023
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.022
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.021
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.020
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.019
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.018
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.017
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.016
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.015
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.014
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.013
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.012
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.011
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.010
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.009
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.008
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.007
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.006
2024-09-17 17:58 - 2024-09-17 17:58 - 000000000 __SHD C:\found.005

 

That alone could be the reason you have issues with the system.

Not recommended as it would be best to replace the hard drive or the computer, but if you do decide not to do that then you can try the following.

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

Bonjour (this program is rarely needed on Windows, but often causes networking issues)     
IObit Driver Booster (your system does not need software like this, waste of time and resources) 

 

 

[ 2 ]

Your DNS Servers: 192.168.1.1   

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

• Quad 9 Public DNS  IPv4  9.9.9.9 and 149.112.112.112  IPv6  2620:fe::fe  and  2620:fe::9  (one of the best for most users)
• Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
• Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
• OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
• DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 3 ]

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

• NOTICE: This script was written specifically for this user, for use on this particular machine.
• Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\as\Desktop\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
               Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[banana4523]

still does the same thing

Fixlog.txt

[AdvancedSetup]

Do you have unstable power in the area?

I can promise you that those entries are a sign of data that was not saved correctly. Then a few days later it happened again.

Please follow the directions below

[ 1 ]

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

• The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
• Close all open applications and locate the downloaded file and double-click to run it
• The program will take a moment to launch and bring up the License and Update screen
• Place a check mark to agree to the terms and then click on the Continue button
• Click the underlined link Select objects for scanning
• On the top left click the Scanning objects that should automatically check all objects
• Click the small wrench and make sure there is a check on Automatically apply actions to threats
• Then click the large button on bottom right Start scanning
• Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
• The log is saved in the folder named Doctor Web in the top of your user profile folders
• Please attach that log on your next reply

 

 

[ 2 ]

Please read the entire post below before starting so that you're more familiar with the process

[ 1 ]

Please make the following system changes.

• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

[ 2 ]

Microsoft Safety Scanner

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours to complete.

• Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run and saved in the log.
• The scan may take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware. )

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found and did.

 

Thank you

 

[banana4523]

sorry for taking so long everytime i oepn the program microsoft safety scanner my pc does the same thing

i tried today and it didnt crash or freeze finally.

see if msert.log did it do full scan if not tell im gonna rescan

msert.log cureit.log