Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocked Audio - Security - Network Adapter and exe files to start


  • Please log in to reply
3 replies to this topic

#1 Scambo

Scambo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 January 2017 - 08:20 AM

Help...

 

After a moment of stupidity, when I accidentally double clicked a file which I know I should have simply deleted but curiosity got the better of me, something nasty has gone on to block almost everything on my PC from working.

It disabled Windows defender, adjusted group policy to prevent pretty much all security actions and even prevented running new .exe files (for instance attempting to install new security software via a flash drive).

 

Examples of issues are:

1. I have no network connection. The Network Adapter seems to be completely blocked from working - Airplane mode cannot be turned off. Clicking the switch has no effect as it goes off for a split second then returns to 'Airplane mode' on it's own. There is no network symbol in the system tray - it has disappeared. There is a blank page in the Control Panel Adapter settings page. All hot keys do nothing.

2. Most security settings will not work. Defender was blocked by 'Group policy' but I managed to find the registry key for it and turned it back on after running Rkill. Defender carried out a full scan but not found anything untoward.

3. Audio settings are inhibited. The little speaker icon in the system tray has a red cross next to it. Not able to get it to work despite many different routes and attempts. clicking it starts the troubleshooter which finds nothing and offers no further assistance.

 

Going back through what occurred on the day (last Friday - the 13th..), it appears that Anonymizer Gadget (I can see a folder was created for it)  and ProxyGate version 3.0.0.1176  (seen in Programs and Features list but won't uninstall) both seem dubious and were installed on that day.

 

I managed to get Rkill to run finally (after downloading on another PC)  as all .exe files we also inhibited for a day or so on the problem PC.

 

Malwarebytes wont run. 2 messages pop up.

A= An initial message about it cannot run or something like that.

B= A second message box with the following; 'An error has occurred in the program during initialization. If this problem continues, please contact your system administrator. Error code 0x80070426'

 

Revo uninstaller (free) cant see anything untoward.

Revo uninstaller cant see them.

 

I've searched a number of forums, this one included, listing many different solutions but nothing seems to work.

All assistance greatly appreciated.


Edited by hamluis, 16 January 2017 - 09:53 AM.
Moved from W10 Spt to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:33 AM

Posted 16 January 2017 - 02:12 PM

Try doing a System Restore.  Use a restore point dated prior to this problem.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Scambo

Scambo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 18 January 2017 - 03:20 AM

Sorry for the delay.

They have also disappeared.

 

Rkill txt file below:

 

Program started at: 01/15/2017 10:54:07 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Disabled
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Disabled
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Disabled
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Disabled
 
 * Plug and Play (PlugPlay) is not Running.
   Startup Type set to: Disabled
 
 * Plug and Play (RpcSs) is not Running.
   Startup Type set to: Disabled
 
 * Windows Management Instrumentation (Winmgmt) is not Running.
   Startup Type set to: Disabled
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * agp440 [Missing ImagePath]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/15/2017 10:54:21 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:33 AM

Posted 18 January 2017 - 09:08 AM

Look in the recycle bin to see if your file is there.  If you remember the name of the file do a search for the file by its name. 
 
Please do not run any unrequested scans. 
 
RKill does not remove anything it finds.  It is intended to terminate malware processes so that normal security scan can find and remove the malware.
 
Please run the scans below in the order they are requested and post the logs in your topic in the same order.  Do not post the logs at a host website.  Do not wrap logs in code or quotes.  Do not use spoilers.
 
I know that you have already run Malwarebytes, but I would like for you to run it again.
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.
 
 

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 

Please download and install Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats ([color=redonly available if ESET Online Scanner found something
  • ).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 18 January 2017 - 09:10 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users