Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with a trojan in my computer please


  • This topic is locked This topic is locked
9 replies to this topic

#1 ellieharris30

ellieharris30

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 22 July 2016 - 09:54 PM

Hi I was wondering if someone could help me I have been trying to get rid of this trojan I have in my computer windows defender can't even get rid of it 

 

it's called 

 

containerfile D:\ preload\install\.win

 

file D:\ preload\install.wm(image25914)\programfiles (x86) Hpgames\crazychickensoccer\moorhuhnsoccer\ wt.exe (exee-7 (exeemmb)

 

I have had this for a while and tried 3 different virus checkers and can't get rid of it

 

I have a HP Laptop with windows 10 and also when I start up I can't get rid of airplane mode

 

hopefully someone might be able to help me



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 23 July 2016 - 09:26 AM

Hello ellieharris30 and welcome to Bleeping Computer.

 

My name is Satchfan and I would be glad to help you with your computer problem.

I have been trying to get rid of this trojan I have in my computer windows defender can't even get rid of it

 

it's called

 

containerfile D:\ preload\install\.win

D:\ preload\install\.win is part of Windows recovery and your HP software and drivers. This is likely to be what is known as a “false-positive" which in a nutshell means that WD has found something it doesn’t understand and so has flagged it. The same applies to Hpgames\crazychickensoccer\moorhuhnsoccer\ wt.exe

 

It's highly unusual for WD to be configured to scan the hidden Recovery partition but you can exclude the D:\ drive from being scanned and it should no longer be a problem. How to Add or Remove Exclusions for Windows Defender in Windows 10

 

can't get rid of airplane mode

Is the wi-fi signal showing as "on"?
 

Satchfan


Edited by satchfan, 23 July 2016 - 09:27 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 ellieharris30

ellieharris30
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 23 July 2016 - 07:36 PM

Thanks for that info

 

I have to turn airplane signal off to turn wifi although in the last couple of days I can't find the airplane mode button so maybe that problem is fixed



#4 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 24 July 2016 - 04:18 AM

Glad to be of help.

 

I'll leave this open for 24 hours in case you need further help after which, if I haven't heard from you, I'll close the topic.

 

Regards

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 ellieharris30

ellieharris30
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 24 July 2016 - 04:24 AM

Hi

 

I ran windows defender without the D: drive and it still saying that there is something in my computer. 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 24 July 2016 - 04:25 AM

it still saying that there is something in my computer

 

You mean WD?

 

What does it say is "still on your computer"


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 ellieharris30

ellieharris30
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 24 July 2016 - 04:28 AM

the trojan virus is still there and it won't get rid of it



#8 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 24 July 2016 - 04:29 AM

OK, let’s run some scans to see what’s what.

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 27 July 2016 - 06:13 AM

Hi ellieharris30

It has been several days since I sent instructions to help with your computer problems.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:41 AM

Posted 28 July 2016 - 07:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users