Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! It's destroying my computer!


  • Please log in to reply
8 replies to this topic

#1 butterfly7006

butterfly7006

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 26 May 2016 - 03:54 PM

Hello, I recently did a lot of stuff with my computer, and downloaded a lot with my computer. I use Windows 7 (32-bit). Well, I didn't think it would be a problem until this happened. About a month ago, I was trying to turn on my computer, and it won't turn on. I plugged in my adapter charger, and it worked. I've figured out that there was a spyware installed in my computer, so I ran a full windows defender scan. It detected two spywares, and I deleted them. I thought it was all fine now. But now, two days ago, The same thing happened. Except now, it is way worse. Now, it's so weird. The battery LED, which is part of my laptop, keeps switching from fully charged to not charging. Also, the battery display stays at 36%, and it says that the power is plugged in, but not charging. I think that the virus infected or somehow changed my firmware in computer, but I'm no expert. Now, when I try to open Windows defender, it says that a problem has stopped the service of Windows Defender. When I try to turn it back on, it says error code: 

0x800106a, Unable To Turn On Windows Defender

My other antivirus software (Malwarebytes, V3) won't even detect any virus. I've somehow managed to turn windows defender back on, but it won't detect any spywares. It once said that "the windows file was modified: would you like to recover?" I clicked yes. But it didn't do anything. today, about a few hours ago, the Intel ME FW Recovery Agent suddenly popped up in my toolbar, and said that the system's firmware needs recovery. But, when i opened it, it automatically tried to update itself, and it said: Cannot check for updates. Check if the system is connected to internet. But I am connected to internet! Also, my computer is awfully slow.

 

Right now, I am pretty desperate. Does anyone know how to solve this? Am I still infected to spyware & Virus? I would really appreciate your help.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 27 May 2016 - 07:46 AM

Hi butterfly7006 :)

My name is Aura and I'll be assisting you with your issue.

Also, the battery display stays at 36%, and it says that the power is plugged in, but not charging.


This suggests that the battery is failing, so it might need to be replaced. It's not that unusual.

Let's check for malware as well. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 butterfly7006

butterfly7006
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 May 2016 - 07:41 PM

Yes, I did what you did. And it showed a notepad. I'm sorry if it shows some Korean, I did my best to convert it to english, and I converted my language to English :(

 http://pastebin.com/mNWQPp2x


Edited by butterfly7006, 27 May 2016 - 07:49 PM.


#4 butterfly7006

butterfly7006
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 27 May 2016 - 07:57 PM

Oh, also, the "System Error" part that says korean means "cannot find specified file".


Edited by butterfly7006, 27 May 2016 - 07:57 PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 27 May 2016 - 09:25 PM

Looks like you have a lot of Chinese-based programs installed, and I cannot verify their legitimacy (since all the information I can get from them are in Chinese, and don't come from sources I know). In that case, let's do a simple sweep for malware, just to see if there are any on your system. Follow the instructions below please.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 butterfly7006

butterfly7006
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 May 2016 - 08:51 AM

Wow, this website is really cool, people are really nice Thank you!!

Today, something weird happend to me, though. When I turned on the computer, and went to chrome today, It couldn't make connection, and said "Your clock is behind"? I changed the clock and reloaded chrome, and now it said "Your connection is not private"? This happened to me a few times before, I do not get why the clock resets.

 

Anyways, I did the following. Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 7 Ultimate x86 

Ran by ultra (Administrator) on 29/05/2016 at  8:56:58.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 22 

 

Successfully deleted: C:\Users\ultra\AppData\Local\media get llc (Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\mediaget2 (Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\nico mak computing (Folder) 

Successfully deleted: C:\Users\ultra\Documents\add-in express (Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XAJQ8PS (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66A4XWNP (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UKFY6SQ (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ3TUSGC (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKQLGJ2O (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIIT62JX (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ0FMEQ3 (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW05WQZ6 (Temporary Internet Files Folder) 

Successfully deleted: C:\Users\ultra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA6BPHOJ (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XAJQ8PS (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66A4XWNP (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UKFY6SQ (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ3TUSGC (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKQLGJ2O (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIIT62JX (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ0FMEQ3 (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW05WQZ6 (Temporary Internet Files Folder) 

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA6BPHOJ (Temporary Internet Files Folder) 

 

 

 

Registry: 6 

 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_EC3EF107B9A3A0616BD84705608481FA (Registry Value) 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A14EAA16-CA35-4666-845A-DC084DCDF356} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/05/2016 at  9:00:39.08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Now, for Adwcleaner:

# AdwCleaner v5.118 - Logfile created 29/05/2016 at 09:08:27
# Updated 23/05/2016 by Xplode
# Database : 2016-05-26.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X86)
# Username : ultra - ULTRA-PC
# Running from : C:\Users\ultra\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\ultra\AppData\Local\Temp\ASP
[-] Folder Deleted : C:\Users\ultra\AppData\Local\Temp\MPC
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKCU\Software\Media Get LLC
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\ultra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\ultra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\ultra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys deleted
:: Winsock2 - Deleted C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1747 bytes] - [29/05/2016 09:08:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1901 bytes] - [29/05/2016 09:05:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1893 bytes] ##########
 
 
 
For the Malwarebytes: ( I didn't get any threats, probably because I scanned it before, and deleted them. Do you want me to send the previous log file to you?)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 29/05/2016
Scan Time: 9:15 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.28.04
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ultra
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 278890
Time Elapsed: 31 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
Oh, just in case, this is my very first scan :)

Edited by butterfly7006, 28 May 2016 - 08:58 AM.


#7 butterfly7006

butterfly7006
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 May 2016 - 09:11 AM

Also, i did the command prompt  command sfc/scannow, just in case it would help find corrupted files by virus. Something happened. 

http://imageshack.com/a/img924/3410/04L6Ie.png

Is there something wrong with my window system?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 28 May 2016 - 10:45 AM

About your date/time issue, did you check if your timezone was also correctly set? You should also check your date/time in the BIOS to see if they are properly set as well. As for the SFC scan, once we're done checking for malware, I can take a look at the CBS.log.

Now, follow the instructions below please.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 butterfly7006

butterfly7006
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 28 May 2016 - 01:34 PM

yes, my clock was in the right time zone- (UTC -05:00) US & Canada

I did the following

Here's the log:

 

 

but this time, it didnt quarantine anything.
 
so I just went to scan log.
 
 
Emsisoft Emergency Kit - Version 11.0
Last update: 29/05/2016 2:30:13 PM
User account: ultra-PC\ultra
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 29/05/2016 2:31:05 PM
 
Scanned 73161
Found 0
 
Scan end: 29/05/2016 2:34:08 PM
Scan time: 0:03:03
 Did I already delete every malware? Is it only the damage that the virus did that is left in my computer?

Edited by butterfly7006, 28 May 2016 - 01:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users