Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My windows 10 has a virus! Help!


  • Please log in to reply
1 reply to this topic

#1 GalaxyHunter199

GalaxyHunter199

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 23 April 2017 - 07:44 AM

so i dont know how this thing even got to my PC! it just appeared one day! it is hard to see if it is gone or not cause it only appears once on few weeks!

 

http://imgur.com/a/MOgxQ

 

so, when this first appeared i was like huh?? then i just closed it cause i panicked 0-0.... but then it appeared after like, 2 weeks and then i was like this again!? so i went to task manager while I had the chance and opened the file location and saw that it was mshta.exe from the sysWOW64 folder which I know of course isn't the virus/malware, so I clicked the arrow beside the process and saw that the one using mshta.exe was called setup.log... now, I don't know how to remove it 0-0 I couldn't open file location but I enabled the category named command line and went to that location but the file named setup.log wasn't there! only the files name SyncTask, TTL.DAT, STTL.DAT, and info.dat which is in lowercase, so I enabled show hidden files and folders but nothing! I checked task scheduler and found the same exact name of the folder but it said it at 1:29 AM

everyday - After Triggered, repeat every 1 hour for a duration of 1 day and I didn't know what that meant! I decided to post it here on bleeping computer to see if anybody can help me before I delete some files cause it may damage my system, I used MBAM to scan and Windows Defender Anti-Virus Center (its the new windows defender on the creator's update) but both didn't find anything! if nobody will help me then I guess ill just ignore it and just close it like its nothing everytime it opens XD, but seriously, I guess my computer wont be infected unless I click next, its just really hard to know if its gone or not cause you know, I already said it 0-0.....



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:28 AM

Posted 23 April 2017 - 06:15 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users