Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me fix my brother's PC


  • Please log in to reply
8 replies to this topic

#1 darrowboat

darrowboat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 21 December 2016 - 02:11 AM

Hello,

My brother has been having serious issues with his desktop PC. It is about 1 year old with pretty nice hardware. Windows 10. He games a lot and I think he might have tried to pirate a game and gotten a serious infection in the process. Here are the symptoms:

  • Several programs are disabled; cannot open at all or give error messages when trying.
  • Settings does not work - no popups, no error messages, just does not open no matter what I try (and I tried about 7 different ways). It does open in Safe Mode though, but some functions do not work.
  • Can open but cannot use any internet browsers - tried chrome and explorer. After opening they freeze and I must kill with task manager.
  • Alt + Ctrl + Delete makes screen go black. Pressing escape key returns it to desktop.
  • The windows key and button do not work or open anything.
  • I cannot use the mouse to click anything on roughly the bottom 40% of the entire screen. The toolbar does work though. I am usually able to get around this by dragging windows to the top or clicking something high then using arrow keys to move to what I need to click. Very difficult to navigate though.
  • Notification center does not open.
  • Cannot use system restore, system recovery, or anything else that would revert PC. They all start but stop shortly after, saying the PC was not restored/recovered, no changes made, etc.
  • When I try to open something that requires administrator privileges, it changes to a blank, dim screen with the wallpaper in the background, but no window pops up allowing me to accept or decline. There is only 1 user account on this PC.

 

That's all I can think of for now for symptoms. Here is what I have tried to fix it:

 

  • Windows Defender. Updated definitions, then did quick and full scans. On both, the bar stopped moving forward (though # of scanned files kept increasing) about 1cm in. In safe mode, I did a quick scan and it reported no threats. Have not done a full scan in safe mode yet.

  • System Restore. I have tried every restore point. Each starts the process but stops quickly after, saying an error occurred and no changed were made.
  • Windows Recovery. Same thing as system restore.
  • Task Manager. I have gone down the list of all running processes and was not able to identify any that seemed out of place. I am no expert here though. I simply Googled the name of each to see whether it was considered a legitimate program or not.

I would really appreciate any help from anybody! I am willing to try anything at this point. My brother says he is ready to do a full system wipe if it means getting his PC back. Please let me know if more information is needed. Thanks.


Edited by hamluis, 21 December 2016 - 09:41 AM.
Moved from W10 Spt to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 21 December 2016 - 02:39 AM

Id just use a zero bit formater like kill disk and a clean install / full rebuild, problem solved.

Sounds like windows is badly damaged.

 

Make shore as well when you purge the hdd with windows you don't have other drives connected if you have more then one, min your up and running get your hands on a new updated anti virus, at that point plug the other drives in and full scan.

 

http://www.killdisk.com/downloadfree.htm

 

http://www.hirensbootcd.org/download/

 

http://www.ultimatebootcd.com/

 

 

Task Manager. I have gone down the list of all running processes and was not able to identify any that seemed out of place. I am no expert here though. I simply Googled the name of each to see whether it was considered a legitimate program or not.

default windows task manager is useless use this to replace it to hunt for malware.

 

https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx


Edited by shadow_647, 21 December 2016 - 02:40 AM.


#3 miklo1904

miklo1904

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Down South
  • Local time:05:10 AM

Posted 21 December 2016 - 08:54 AM

One thing that might work right off the bat is try Malware Bytes software I have used it many times  and it has fixed a lot of malware, virus, spyware stuff without having to reformat but its just a start.



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:10 AM

Posted 21 December 2016 - 09:23 AM

Please run the following scan in the order they are requested and post the logs in the same order.
 
 
Please download and run RKill
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  We will run the RKill before running the scans listed below.  
 
These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  
 
Please download RKill from the Bleeping Computer option and install it.
                              
Attention:  While running RKill you may see a message stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.  Do not restart the computer until all of the requested scans have been run and the logs posted in your topic.
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.
 
 

Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats ([color=redonly available if ESET Online Scanner found something
  • ).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 21 December 2016 - 09:24 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 21 December 2016 - 10:23 AM

Please lesser punishment, but there is nothing to improve. he only way is to save your files and do a clean installation. If the HDD, I suggest "Wipe Partition" => if ready => Format
If You have SSD, You cannot use old wipe function.
 
Reinstall Windows.
 
NB! It may happen, that You cannot use "Refresh Windows" function.
 


#6 dhjohns

dhjohns

  • Members
  • 159 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 21 December 2016 - 02:57 PM

If you have any files to save, save them.  Then just insert bootable media, and boot to it.  When you get to the screen which shows the two options of install, choose custom.  Delete the partitions on your installation disk, and click next.  In about 10 minutes you will be up and running.  



#7 darrowboat

darrowboat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 21 December 2016 - 11:54 PM

EDIT: Thank you all for the replies and desire to help! I really appreciate it.

 

For those of you suggesting that I run programs to wipe the partition or kill the drive data, how do I circumvent the PC not allowing me to install new software because when it asks for administrator privileges, it opens a blank dim screen with no ability to accept or decline?

 

 

If you have any files to save, save them.  Then just insert bootable media, and boot to it.  When you get to the screen which shows the two options of install, choose custom.  Delete the partitions on your installation disk, and click next.  In about 10 minutes you will be up and running.  

 

I tried this. I downloaded the Windows 10 Media Creation Tool for the appropriate version of my brother's PC to an 8GB flash drive. I also tried burning the ISO version to a DVD. Neither will boot on his PC -> it boots straight to HDD no matter what options I choose in the BIOS boot order OR the quick boot menu. I tried both on my laptop and they worked perfectly. Any ideas?


Edited by darrowboat, 21 December 2016 - 11:55 PM.


#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:10 AM

Posted 22 December 2016 - 09:42 AM

When you change the boot order in the BIOS do you click on F10 to save the changes?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 Bulgaristan

Bulgaristan

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:10 PM

Posted 22 December 2016 - 11:20 AM

With the old model of motherboard, you will need to set the hard drive priority in order to boot from USB .

Nice guide  Arachibutyrophobia


Edited by Bulgaristan, 22 December 2016 - 11:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users