Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installed many viruses unknowingly ,now cannot even start wscvc from services


  • Please log in to reply
22 replies to this topic

#1 seed12121212

seed12121212

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 02:30 AM

Please Help i am unable to install malware bytes due to virus ,it does not allow registry entry for malware bytes , unable to access internet through uplay because of it. It is not allowing any anti virus to install. Also i am unable to remove previous malware it says i donot have sufficient privileges . Unable to install chrome, unable to change default browser it always remains the same ie browser name uc and along with chinese text. Please help!!!!

 

 

Moved from Windows 10 support

NickAu


Edited by NickAu, 07 June 2017 - 03:13 AM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 02:31 AM

Please Help i am unable to install malware bytes due to virus ,it does not allow registry entry for malware bytes , unable to access internet through uplay because of it. It is not allowing any anti virus to install. Also i am unable to remove previous malware it says i donot have sufficient privileges . Unable to install chrome, unable to change default browser it always remains the same ie browser name uc and along with chinese text. Please help!!!!

Also i do not want to reinstall windows as i have some crucial settings and programs installed 



#3 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 02:33 AM

 

Please Help i am unable to install malware bytes due to virus ,it does not allow registry entry for malware bytes , unable to access internet through uplay because of it. It is not allowing any anti virus to install. Also i am unable to remove previous malware it says i donot have sufficient privileges . Unable to install chrome, unable to change default browser it always remains the same ie browser name uc and along with chinese text. Please help!!!!

Also i do not want to reinstall windows as i have some crucial settings and programs installed 

 

Steam cannot install as registry write is unavailable



#4 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 07 June 2017 - 03:29 AM

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.


White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#5 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 08:52 AM

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU



#6 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 09:05 AM

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!



#7 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 07 June 2017 - 09:07 AM

 

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!

 

It's quite common that it won't work at the first time. Try running one of the other options.


White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#8 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 09:09 AM

Wh

 

 

 

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!

 

It's quite common that it won't work at the first time. Try running one of the other options.

 

Which other option do you mean other exe in the folder for chamelon?


Edited by seed12121212, 07 June 2017 - 09:10 AM.


#9 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 09:23 AM

 

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!

 

i cannot install it the dos box command says unable to download mbam driver sign state =1 !



#10 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 07 June 2017 - 09:26 AM

 

 

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!

 

i cannot install it the dos box command says unable to download mbam driver sign state =1 !

 

You have to open the .chm file and trry every option until it works.


White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#11 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 07 June 2017 - 10:07 AM

 

 

 

 

Please try to use Malwarebytes Chameleon. It will close (nearly) all background processes and disguise itself as something else.

I WILL TRY THAT AND UPDATE YOU

 

I cant install i am getting this error "C:\WINDOWS\system32\drivers\mbamchamelon.sys

RestartReplace Failed;code 5

Access is denied"

Please help!

 

i cannot install it the dos box command says unable to download mbam driver sign state =1 !

 

You have to open the .chm file and trry every option until it works.

 

Sir i tried every link the link just becomes visited nothings happening



#12 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:11:32 PM

Posted 07 June 2017 - 04:48 PM

Hi seed 12121212,please read "Am i infected"link below...at this point you need to wait for a malware specialist to get to you.

 

Dont do ANYTHING! to your computer untill they do (im assuming that this post has been moved to that forum by the mod above,...if you dont hear from a malware specialist after a while please repost in that forum,please be patient,they are busy and will get to you as soon as they can.

.i stress at this point,your issue needs to be looked at by a malware specialist and you shoulnt do anything further to your system at this point untill they get to you...good luck

 

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/



#13 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 08 June 2017 - 11:23 AM

Hi seed 12121212,please read "Am i infected"link below...at this point you need to wait for a malware specialist to get to you.

 

Dont do ANYTHING! to your computer untill they do (im assuming that this post has been moved to that forum by the mod above,...if you dont hear from a malware specialist after a while please repost in that forum,please be patient,they are busy and will get to you as soon as they can.

.i stress at this point,your issue needs to be looked at by a malware specialist and you shoulnt do anything further to your system at this point untill they get to you...good luck

 

https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

okay will do



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:32 PM

Posted 08 June 2017 - 11:59 AM

I suspect that Wolverine 7 was referring to a member of the Malware Removal Team who operate out of the Malware Removal Logs forum.  The Am I Infected forum can be addressed by any member who demonstrates a working knowledge or malware removal tools and their applications.
 
Please do the following.
 
Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove malware, the scans you run after setting up RKill will find and remove those infections.

These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill from the Bleeping Computer option and install it.
                              
Attention:  While running RKill you may see a message stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

When RKill is run it will display a console screen similar to the one below:

RKill_zps2e34d4b8.png

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  Do not restart the computer until all of the requested scans have been run and the logs posted in your topic.

After the security scan have been run successfully you should reboot the computer to restore the processes and Windows Registry entries.


Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 08 June 2017 - 11:59 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 seed12121212

seed12121212
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 08 June 2017 - 01:22 PM

I suspect that Wolverine 7 was referring to a member of the Malware Removal Team who operate out of the Malware Removal Logs forum.  The Am I Infected forum can be addressed by any member who demonstrates a working knowledge or malware removal tools and their applications.
 
Please do the following.
 
Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove malware, the scans you run after setting up RKill will find and remove those infections.

These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill from the Bleeping Computer option and install it.
                              
Attention:  While running RKill you may see a message stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

When RKill is run it will display a console screen similar to the one below:

RKill_zps2e34d4b8.png

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  Do not restart the computer until all of the requested scans have been run and the logs posted in your topic.

After the security scan have been run successfully you should reboot the computer to restore the processes and Windows Registry entries.


Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

I ran the runkill . here is the log Rkill 2.8.4 by Lawrence Abrams (Grinler)

Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/08/2017 11:46:55 PM in x64 mode.
Windows Version: Windows 10 Home Single Language 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Siddharth\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe (PID: 4136) [UP-HEUR]
 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 4260) [AU-HEUR]
 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 8120) [AU-HEUR]
 * C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe (PID: 9448) [AU-HEUR]
 
4 proccesses terminated!
 
Active Proxy Server Detected
 
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Siddharth\Desktop\rkill\rkill-06-08-2017-11-47-10.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1                   thislineskipsanyemptylines
  127.0.0.1                   thislineskipsanyemptylines
  127.0.0.1                   thislineskipsanyemptylines
 
Program finished at: 06/08/2017 11:48:00 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)
 
 
 
 
Sir i ran the r kill but i couldnt run malwarebytes setup it gave me the following error
Internal error:Expression error 
MoveFileEx Failed;Code 5
Access is denied

Also sir i am not able to turn on wscvc service

Edited by seed12121212, 08 June 2017 - 02:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users