Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus disabled access to cmd, taskmgr and regedit


  • This topic is locked This topic is locked
7 replies to this topic

#1 amberirene81

amberirene81

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 14 April 2016 - 11:34 PM

I'm a bit of a tech geek but searching manually for a virus I'm clueless at. This is a new level for me because I don't know exactly where to find information on gaining access to cmd, taskmgr and regedit. I can't run Antivirus, Malware and system restore in any way that I'm aware of. I found HiJack This and had issues installing but gained access and since I'm clueless as to what I'm looking for I chose analyze this which gave this
https://sourceforge.net/p/hjt/support-requests/
It took me to HiJack This which have me a message that they are doing something else and suggested this website.

Can anyone help with this? I simply don't know what I'm looking for and exactly where to look.

Thanks for any advice you may have

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 15 April 2016 - 07:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start by running these tools.


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 21 April 2016 - 07:31 AM

Are you still with me?

#4 amberirene81

amberirene81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 21 April 2016 - 07:59 AM

I apologize I did not see that you had responded to my question. I would start working on this but unfortunately I was doing a complete system restore from the advanced settings and right in the middle of it my system shut down. So now im left with "An operating system wasnt found" message.  I have windows 10 unfortunately that I upgraded from windows 7. I do not have the original install disk and I do not have any kind of recovery disk. I was just researching uploading windows 10 iso file thru the Boot from EFI File but for some reason the iso file isnt being detected. I'm at a complete loss now and should probably just buy a new copy of windows :(  I do have a windows 7 product key but... the hd I have in my HP ProBook now is from my old Sony Vaio so I am not sure if the product key would even work if I were to get a windows 7 OS DL... Any suggestions are greatly appreciated



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 22 April 2016 - 07:29 AM

Contact the original manufacturer and find out if they can provide a fresh Installation disk for the operating system that came with this computer.
There could be a minimal charge.

#6 amberirene81

amberirene81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 22 April 2016 - 08:09 AM

Contact the original manufacturer and find out if they can provide a fresh Installation disk for the operating system that came with this computer.
There could be a minimal charge.



I actually found a disk and key worked but... network drivers are missing and that normally wouldn't be an issue but the virus is still in the hard drive and is preventing driver downloads. It's name is TrustedInstaller and has some full access but not nearly as much before I started manually deleting it in the regedit. I can however connect my phone via USB and allow USB tethering for Internet access.

I will go back to your first response and start downloading virus removals

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 22 April 2016 - 08:18 AM

Run the tools I suggested and post the logs.

Will take it from there.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 AM

Posted 28 April 2016 - 08:50 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users