Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 won't reboot after seriously infected, trogan,malware removal


  • This topic is locked This topic is locked
4 replies to this topic

#1 Daniel100

Daniel100

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 13 March 2017 - 02:47 PM

Hi

I come to you as my last resort, please help. After restoring a system image from a recent a back up. I still have viruses.  I updated Windows 7 to 10 from a free notification almost a year ago. No issues until my son a while back downloaded malicious software by clicking on the wrong download key. Since then the PC's performance has been getting continually worse.

The first thing I noticed while browsing was been redirected to websites like porn sites, Microsoft Tech support pop ups locking the browser with a tel number to call for assistance. Also far too many ads, especially flashing ads purporting to clean your PC. I have Windows Defender as an AV and it always worked fine until this happened.  I continued to run scans and it initially regularly found and removed malware and as long as I now used Edge as my browser using the first page only it seemed to be OK.

My default browser had been Chrome which I now realized was fake after uninstalling the real version of Chrome. Surprise, Surprise, the Chrome shortcut still remained and I could still browse by clicking the icon. So I stopped using it.  Also a Mozilla Firefox icon and browser appeared which I also felt was fake and gave me no option to uninstall either. They were probably working in the back round without me realizing it.

The final straw was when Windows defender had to be restarted manually every time. Kept stopping and always showed old definitions after reboot even after updating definitions regularly. Scanning now rarely found anything and always had errors when finished e.g.  0x800500 I think?

So, I googled for a solution for the Defender problem and the Microsoft Community recommended I use Emsisoft Emergency Kit among others to run a scan. On the first scan it found over 1000 hits, pups, but many high risk trogans etc and recommended quarantine and restart.  Now it only restarts in safe mode and restoring all the quarantined items doesn't work either as some were deleted on restart and some could't be restored to there original place. I am booting from a Recovery Flash drive, so I require assistance regarding your recommended preparation guide and running FRST scan?

Any suggestions is much appreciated as otherwise I will have to reset to default Windows 7 and restore the back up which was made in Windows 10.  More headaches. 

Many thanks. 

 

 

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:02 AM

Posted 13 March 2017 - 06:26 PM

If you are booting to safe mode, just run FRST as you may have done it in Normal Mode.

 

Welcome :)

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Insert the flash drive on the sick computer
  • Boot in Safe Mode and browse to the flash drive
  • Double-click on FRST to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a check-mark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same location the tool is ran. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Daniel100

Daniel100
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 14 March 2017 - 06:23 AM

MSG

Many thanks for your quick response.

Since my post, and I am desperate to try anything, I booted again with the Recovery flash drive and selected

'Return to a previous build' . It then asked me to select OS. The only option was Windows 10. I selected Windows 10 thinking that it would give me more options or to cancel but it started immediately to prepare and 'restoring to your previous version of Windows'

appeared on a black screen with spinning dots. I googled it and all indications were that it was returning the OS to a point before the last big build update, so I left it continue to see what would happen. 

2 hours later it finished and restarted and now I have a PC which seems to work, with all my files. although all the apps installed since then including shortcuts no longer work, including the fake Chrome etc. When I search for Chrome it is installed and offline I open the browser which has a dodgy search engine  www.amisite.com . The chrome version also seems to check out, it appears in add & remove programs but unavailable, so I think I will try to uninstall it anyway and start again.

I am now running a full scan offline with Windows Defender which also seems to be working OK at the moment. 

I will monitor the behavior closely and let you know the result. 

Many thanks again for your time & advice. Hopefully, I won't need to use it this time.

But time will tell.

Daniel



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:02 AM

Posted 14 March 2017 - 12:37 PM

Thanks for the feedback. Will leave the topic opened for 2 days.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:02 AM

Posted 21 March 2017 - 04:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users