Long story short: my pc got infected with a nasty bunch of viruses, from a installer I didn't realize was fake and didn't think to scan it first
What I have done:
- ran rkill before each scan
- Scan with Kaspersky Total Security 2017 (my usual anti-virus) *
- Scan with Malwarebytes 3.0 (With rootkit scan enabled) (my usual anti-malware) *
- run adwcleaner *
- run HitmanPro *
- run JRT *
- run tdsskiller
- run zemana anti malware *
- run tweaking.com windows repair (attempt to fix issues in rkill log) *
- performed in-place upgrade of windows 10 (attempt to fix issues in rkill log)
* asterisk = Problems/malware were detected and removed by the program
And yet the problems that still persist:
Main issue that got me doing virus cleanup:
-Chrome wouldn't start anymore Even after reinstalling it. When I tried to open it after restart after each time I ran a new program from the above kaspersky detected a PUP in the temp dir.
-One of the times I ran rkill it suspended a file in temp which it classified as T-HEUR.
-The problems originally started when I logged into my user account and the screen was completely black with a little weird window in the corner. I used ctrl+alt+del to start task manager and launch explorer.exe from there.
Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * agp440 [Missing Service] * gagp30kx [Missing Service] * IEEtwCollectorService [Missing Service] * IoQos [Missing Service] * nv_agp [Missing Service] * TimeBroker [Missing Service] * uagp35 [Missing Service] * uliagpkx [Missing Service] * WcsPlugInService [Missing Service] * wpcfltr [Missing Service] * WSService [Missing Service] * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath] * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath] * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL] * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
I ran sfc /scannow : it said it found problems but was unable to fix them. When I ran it again to copy the message it now said it found no violations.
The only thing that could possibly identify this virus was that the browsers' search engines changed to something along the lines of search.com, also a shortcut was made with that name. This was removed by zemana
EDIT: I have solved the chrome not opening issue by reinstalling kaspersky, it seems to have messed stuff up when disinfecting
Edited by fxzii, 10 December 2016 - 06:06 PM.
Moved from W10 Spt to Am I Infected - Hamluis.