Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake "Windows Defender Prevented Malicious Software" Virus


  • Please log in to reply
4 replies to this topic

#1 Electricwolve

Electricwolve

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 08 June 2017 - 02:04 PM

I've been trying to fix this for hours now. Some assistance would be great.

Attached Files



BC AdBot (Login to Remove)

 


#2 Electricwolve

Electricwolve
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 June 2017 - 07:53 PM

Upon further inspection, it is activated from a process called dataup.exe in a local appdata folder called ntuserlitelist. This is accompanied with a svcmx.exe process, performing other issues.



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:38 PM

Posted 12 June 2017 - 06:29 PM

My name is TsVk!, but you can call me John. I'll be helping you with your issue. :)

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

I've looked at your post and will respond as soon as possible with instructions.

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

John



#4 Electricwolve

Electricwolve
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 June 2017 - 07:11 PM

My name is TsVk!, but you can call me John. I'll be helping you with your issue. :)

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

I've looked at your post and will respond as soon as possible with instructions.

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

 

John

The issue has been resolved. I dismantled the virus, but even more recently, I ended up getting a new computer so I no longer need assistance. Thank you and sorry. >_<



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:09:38 PM

Posted 12 June 2017 - 07:18 PM

Hi,

 

I was analysing the log now and I see the infection was quite severe. There were multiple infections, drivers, applications and settings that were malicious. It is highly unlikely that without trained help it could have been removed.

 

Enjoy your new pc. :)

 

John






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users