Validate Windows Pop Up Virus

Hi,

 

I believe I have this virus. It hides system protection settings.  

 

I ran the FABR fix it tool that was listed by Nasdaq moderator.  Here is the log.  Please advise on how to fix! 

 

Hi Loith

My name is Aura and I'll be assisting you with your issue. For the future, please do not run FRST fix that are posted in other threads for other users. These fixes are system-specific, and running them on your own system could lead to disastrous consequences (maybe even forcing you to clean reinstall Windows).

This being said, I would like you to run FRST and give me the FRST.txt and Addition.txt logs to get started. Follow the instructions below please.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
• Check the Addition.txt option;
• Click on the Scan button;
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
• Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;

Your next reply should include:

• Copy/pasted content of the FRST.txt log;
• Copy/pasted content of the Addition.txt log;

Hi Aura!  Thank you so much for your help!

 

Hi Loith

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
• As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
• Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;

This being said, it's time to clean-up some malware, so let's get started, shall we?

No Antivirus Warning!

I noticed that you don't have any Antivirus installed on your system. Having an Antivirus is one of the most important thing to have on your system in order to stay safe from malware. Therefore, I strongly suggest you to install one (some of them are free if you cannot buy one) as soon as possible otherwise, your system is at risk of being infected. I suggest you to read quietman7's excellent post about choosing a right Antivirus that fits your needs to help you make a decision.

To be honest, I do not see anything in your logs that could cause that "Validate Windows" pop-up. Is it possible for you to take a screenshot of that pop-up, using the Snipping Tool, and upload that screenshot on Imgur.com then post the URL to it here so I can see what it looks like? Also, can you tell me where it shows up? Is it a program, is it when you browse the web using Internet Explorer? The more information you can give me about it, the more chances I have to see what's wrong and find out what's happening. Here are instructions on how to take a screenshot using the Snipping Tool.

How to take a screenshot using the Snipping Tool
Follow the instructions below to take a screenshot using Windows' Snipping Tool:

• Press on the Win Key + R to open the Run box;
• Enter SnippingTool and press on Enter;
• The Snipping Tool will open, asking you to choose the area to take in the screenshot;
• Left click on the area where you want to start the screenshot, keep it, and drag the cursor across the screen;
• Once done, release the left button to take the screenshot;
• In the editing window, click on the File menu then Save As;
• Save the screenshot in a folder that you can access easily;
• Once done, go on Imgur.com and click on the upload images button at the top of the site;
• Select browse your computer, navigate to the screenshot you saved and select it;
• Once done, click on the Start Upload button;
• You'll be redirected to a page where your screenshot will be displayed. You can copy/paste the URL of that page here so I can access it;

I noticed that you downloaded the MGADiag tool from Microsoft. Was it to verify if your Windows copy was indeed legitimate as a way to fight off that pop-up virus?

2016-02-07 06:55 - 2016-02-07 06:55 - 02031992 _____ (Microsoft Corporation) C:\Users\Emma\Downloads\MGADiag.exe

Even though I don't see anything malicious in your logs, I would like you to run the following FRST fix, just to remove unnecessary folders and remnants from programs you used on your system

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Click on the Fix button;
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Copy and paste that log in your next reply;

[attachment=176629:fixlist.txt]

Your next reply should include:

• Link to your "Validate Windows" pop-up screenshot on Imgur.com and answer to my various questions about that pop-up;
• Answer to my question about running the MGADiag.exe tool;
• Copy/pasted content of the fixlog.txt after running the FRST fix;

Hi Loith,

Are you still with me? Can you follow the instructions in my last post please?

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.