Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake? Windows activation


  • Please log in to reply
6 replies to this topic

#1 Aircraftgal012

Aircraftgal012

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 May 2016 - 10:08 AM

I got Windows 8.1 not too long ago (early marchish). I have flight simulators downloaded on the Windows side of my Mac. Everything was doing really good until one day I got a fake BSOD. Well that is finally gone, but now I have a new virus. I was just doing something on the computer and all of the sudden the computer by itself just downloaded something without permission and restarted. After it restarted it asked me to enter my product key. I'm pretty sure it is fake because I do not think Windows would do this. I don't want to enter the product key either because I don't want it to be stolen.


Edited by hamluis, 01 May 2016 - 02:16 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aircraftgal012

Aircraftgal012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 May 2016 - 10:09 AM

Here is what it comes up with. Any help would be appreciated.

Attached Files


Edited by Aircraftgal012, 01 May 2016 - 10:18 AM.


#3 JohnC_21

JohnC_21

  • Members
  • 24,439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 AM

Posted 01 May 2016 - 11:23 AM

That is not a normal Windows dialog. Did you install TeamViewer? This looks like a malware infection. In any case, do not input your key. I would start a new thread in the Am I infected Forum. For a infection like this that will not allow you to login you will need to use a bootable disk to do your virus scan. 

 

Edit. Did Windows 8.1 come preinstalled with the computer or did you purchase the license? If you can recover your data using a live linux disk I would wipe the drive and reinstall Windows but this is just my opinion. Somebody in the Am I infected Forum may have different thoughts on this.


Edited by JohnC_21, 01 May 2016 - 11:26 AM.


#4 Aircraftgal012

Aircraftgal012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 May 2016 - 01:00 PM

How do I move my post? (I'm new here)

Well the computer is a late 2013 iMac 27". So no it didn't come pre installed. We bought the license. I know there are several viruses in the Windows side because my steam game system is infected, ie, and Firefox. I mean I could take Windows all the way off but I have a lot of stuff I would have to reinstall. I had problems when I first tried to install Windows but I got through that ok. The thing is though when I get rid of Windows it leaves a phantom space in my hard drive, meaning the Mac side doesnt get that back. That's what happened when I first installed Windows but then I reinstalled Windows and it filled that space again. I am also pretty sure I know where the virus came from. I install free add ins for my flight sim from some websites and I can almost guarantee that's where it came from. I'm just not skilled enough to remove all the malware.

Edited by Aircraftgal012, 01 May 2016 - 01:00 PM.


#5 JohnC_21

JohnC_21

  • Members
  • 24,439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 AM

Posted 01 May 2016 - 01:14 PM

I am assuming you cannot get past the image you posted, correct? This is a dual boot computer with Mac OS?

 

You can either PM a moderator and ask the thread to be moved or Start a thread in the I am infected forum and post the link to this thread. Then PM a Moderator to close this one.



#6 Aircraftgal012

Aircraftgal012
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 May 2016 - 01:33 PM

I am assuming you cannot get past the image you posted, correct? This is a dual boot computer with Mac OS?

 

You can either PM a moderator and ask the thread to be moved or Start a thread in the I am infected forum and post the link to this thread. Then PM a Moderator to close this one.

 

Yes it is a dual boot. I cannot get past the image, the image also shows up in safe mode with networking.... I have yet to try it without the networking so that I can look for the program that installed.



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:46 AM

Posted 02 May 2016 - 11:03 AM

Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 02 May 2016 - 11:04 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users