Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC won't accept my psw after an adware? attack


  • This topic is locked This topic is locked
149 replies to this topic

#136 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 October 2017 - 08:21 AM

Gary,

 

I assume that with my second computer you mean my compromised PC.   If so no such luck,  the internet connection on my compromised PC is one of the things which is not working.  I have tried to install internet but it is not working.   This could possibly be connected with the fact that I am not able to switch off Flight mode (the button on your mobile phone/Pc that you switch when getting on an airplane).   When I try to switch it off it just goes back to to its original position.   If I could fix that, then maybe I could restore my internet connection.

 

If, however, you mean my "previously" good PC, now hopelessly slow I do have internet connection, but I fear it is so slow that it might not be possible to even make the connection you wish to set up.   But if you are wiling to take on a second problem I am certainly willing to have a go at it.   I fear that it will require someone in place here who can run a strong virus program.  But even if you could just give me some indication of what the problem is, it would go a long way to help me get a technician.

ecar65

 

As for timing, you are probably more busy than me.  I am currently nursing a cold so at home most of the time.   Therefore, suggest a time, I am almost certain it will be OK.



BC AdBot (Login to Remove)

 


#137 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 28 October 2017 - 03:58 PM

Greetings.

If you are willing, let's keep plugging away at your computer with the password issue. Please start with this.

On your other computer, boot into Safe Mode with Networking and see if things are better.

When you tried to run FRST, even though you didn't get any reports did it appear like it was scanning? You would see some scrolling information above where it says Search:.

Please do this.

===================================================

Troubleshooting Internet Connection Issues

-------------------
  • Click Start, type Troubleshoot and press Enter
  • Under Get up and running click on Internet Connections
  • Click Run the troubleshooter
  • Click Troubleshoot my connection to the Internet
  • If required, allow repairs and report those repairs in your reply
  • Check your Internet access[/b]
  • If you don't have Internet access please do this
===================================================

Reinstalling Network Adapter

----------

Note: Have your wireless router password handy before trying this.
  • Press Windows Key + R at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Network Adapter section by clicking + sign
  • Right click on entry saying "Wireless", select Uninstall, then OK
  • Reboot your computer and the Network drivers will automatically be reinstalled
  • Connect to your router and re-enter any required information
  • Check your Internet access
===================================================

Obtaining Restore Point information From a Batch File

--------------------
  • Press the Windows Key + R at the same time
  • Type Notepad and hit Enter
  • Copy and paste the following into the Notepad document

vssadmin list shadows >c:\RestorePoints.txt
Start Notepad c:\RestorePoints.txt

  • Click File, then Save As
  • In the Save as type: line click on Text Documents (*.txt) then in the drop down list select All Files
  • Next to File name: type RestorePoints.bat
  • Save the document on your Desktop
  • Right click on RestorePoints.bat and select Run as administrator
  • Click on Yes if a warning screen appears
  • Once completed copy and paste the contents of the Notepad document that will open on your Desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you have reasonable Internet on your second computer?
  • Was FRST scanning?
  • Troubleshoot identify any issues?
  • Do you have Internet access?
  • Restore Point information

Edited by Oh My!, 28 October 2017 - 07:44 PM.
Changed instructions

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#138 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 30 October 2017 - 01:14 PM

Gary,

 

I appreciate your tenacity.   First your question:   No I did not have the impression that the scan function accomplished anything or was scanning.  The error message came pretty much instantanously after pressing Scan.

 

My questions:  How do I boot into Safe Mode?  one of the f-keys?   with Networking.....how do I do that?

 

ecar65



#139 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 30 October 2017 - 01:45 PM

Gary,

 

On the compromised PC.  Where should I be to type in the cmd command?  I realize that I should find a command prompt but where do I find that in Windows 10?   It is now such a long ago that I used Win10 so if I new anything it is now all gone!

 

An idea just dawned on me.  Should I go back to your instructions on how to add a new log in id?

 

Regards,

ecar65

 

 



#140 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 30 October 2017 - 02:36 PM

Let's go back to running FRST on your compromised computer. I think I might know what is happening.

  • Right click on FRST and select Run as administrator
  • Wait before doing anything until you are able to click OK on the Failed to update error
  • After clicking OK on the Failed to update error message click Scan.
  • If that works copy and paste the contents of FRST.txt and Addition.txt in your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#141 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 31 October 2017 - 02:47 PM

No luck Gary.

 

I ran FRST as administrator, waited until the error message, clicked OK, clicked on Scan - and nothing, the screen (where I clicked on Scan) just disappeared in an instant.  Nothing seems to have been created, and there is no log-file.

 

One thought came to me, doesn´t Windows have a reset facility where one can go back to the original PC configuration as when the PC was delivered?  

 

ecar65



#142 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 31 October 2017 - 02:51 PM

Could you also try to get me started on the instructions you gave me on how to restart the network connection as you described in your message of October 28?   How do I get to the command prompt?

 

ecar65



#143 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 31 October 2017 - 04:27 PM

Greetings,

Yes, there are ways to take your computer back to an earlier state. I intended on going in that direction as a last resort if we couldn't get FRST to do a full scan. There was a possibility something in the report would help us undo all of this. It was worth a shot because our next step will be more work, if it is successful.

What we are going to do is reload the operating system in a way that should not affect your files. However, make sure you have backed up all the data files you want like documents, photos, music, etc. before continuing with the below instructions.

===================================================

Refreshing Windows 10 From the Recovery Partition

--------------------
  • Click Start, type Settings, then select Settings above
  • Click Update and Security
  • Click Recovery
  • Click Keep my files
  • On the next screen copy down or take a picture of all the program information provided even though it says a list will be saved to the Desktop
  • Click Next
  • If you receive a warning your PC was upgraded to Windows 10 and you won't be able to revert back to a previous version of Windows, consider this and if you agree click Next
  • Follow the instructions on the screen
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#144 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 02 November 2017 - 11:48 AM

Gary,

 

A couple of questions.   I can do a simple copy of C: and D: drive  etc. to a separate hard drive However, that will also mean that I will copy any "infected/corrupted" file?   Perhaps this is not a problem if I just choose which files (documents, photos, music etc.) I want to copy back later to a refreshed hard drive, but a lot of manual work maybe.  Obviously what I don´t want to do is to first copy the corrupted hard disk to an external hard drive and then if it becomes necessary to copy back any infected/corrupted file.

 

Therefore, do you have any advice on how I should go about copying my hard drive to an external hard drive?  I have about 1 GB external drive.

 

Is there some "smart" way to back up personal files without backing up system files?  Is there a procedure in Windows for backing up files while leaving system files out?  Where can I find the back up procedure in Windows?

 

Then, assuming that I have backed up my files, I should refresh Windows from the Recovery Partition, and here I am already lost!

 

How do I get to the Recovery Partition????

 

When I am at the Recovery Partition, how do I find Start?

 

Just to be very clear,  I hope that Recovery does not need an internet connection, since as I have said previously, at present I don´t have a functioning internet connection.

 

If you would be so kind and explain the above questions I will then attempt to do the back up and then the recovery, but be aware that could take some time, mostly depending on how I should make the back up.

 

ecar65



#145 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 02 November 2017 - 01:51 PM

Greetings,

Let's pause for a moment to review our situation.

At this point I don't know whether this is a malware or system corruption issue. It is possible we are dealing with both.

If this is a malware issue then we need to somehow get a tool to run to get a snapshot of your computer. FRST should be able to run and that would be my first preference. There are a couple of other things we can try to either get FRST to run or use a different, but older, program. This is the least intrusive step to take and the simple running of these types of tools will not modify anything unless we follow up with additional steps. This means there is no need to rush to back up your data files, although that is never a bad idea.

If this is a system corruption issue the way we should deal with it is either by Refreshing your system (the steps I posted) or completely starting all over from scratch wiping your hard drive, installing the operating system, etc. Either way, these steps are quite intrusive and will require far more work.

Though I would prefer we make an attempt to overcome our time zone difference and make so more daily progress than we have been able to thus far, I am willing to spend the time and effort to continue to try to do it the way that is easier for you. I know this is frustrating and we have been at this a long time. If you have grown weary of doing battle I certainly understand. It is completely up to you what you would like to do.

Here are our options, as I see them.
  • Take the computer to a local shop and have them evaluate and repair it. Of course this will come at a financial cost to you.
  • Try to reestablish your Internet connectivity which may open up other options to us.
  • Continue to try to get a tool to run to get a snapshot of your system then re-evaluate our options.
  • Do a system Refresh which in theory should not touch your data files but I don't like to risk that. A backup of files is highly recommended but theoretically not necessary. This may require reinstalling 3rd party programs (think Micrsoft Word, etc.)
  • Do a full reinstall of your operating system which would require backing up files and reinstalling 3rd party programs.
I know this is a lot to consider but I think it will help us to figure out where to go from here. Let me know what you think.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#146 ecar65

ecar65
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 06 November 2017 - 06:59 AM

Gary,

 

I am extremely grateful for your taking an (continued) interest in my problem.   I have evaluated your suggestions and I believe that your proposal to take my old (and until recently OK) PC to a shop to see what they can do is necessary.   I believe this is the fastest way to get things going (although this could also take some time depending on workload and capability).   I am not concerned with the cost rather with their capability to fix the problem, but we shall see.

 

Then, assuming that they can fix the problem, I will at least have one working PC with an internet connection.   If at that point you want to continue with the other more intricate PC we can take it from there and test some of your ideas.

 

If this meets with your approval, let me know and I will get back to you when I have a working PC with an internet connection.

 

Signing off for now,

 

ecar65 



#147 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 06 November 2017 - 08:10 AM

Greetings,

 

That sounds good. It is far easier to work on a computer that is right in front of you.

 

Start a new topic for your second computer and post the link to that new topic here. I will pick it up right away and we can get started on that computer.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#148 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 08 November 2017 - 07:03 PM

Greetings,

Are we ready to close this one? Let me know if you want to start a new topic for your second computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#149 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 09 November 2017 - 08:11 PM

I am going to close this topic. Send me a Personal Message if you post a second topic for your other computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#150 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:21 AM

Posted 09 November 2017 - 08:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users