Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help got infected heavily what to do now please... :(


  • Please log in to reply
4 replies to this topic

#1 manolis95

manolis95

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 18 January 2018 - 07:49 PM

Hi i need help i got infected i think cause i wanted to download something from kickass torrents now its too late this site dosent exist 3 years what i did is i searched for something i clicked the magnet or the download about 4 times but only white page pop ups the page didint even load and i closed it 2 clicks on the magnet 2 on the download twice not like crazy then i was wondering what is going on i noticed my utorrent is not loading? and it wasnt i used a program called everything to search it i opened the program 15 seconds after closing the pop ups and omg what i saw was shocking i had normally 360k items on everything and it had only 146k my personal data i think also had gone a little but when i went to see if it really is missing i opened the start button and again all my icons from the start menu games gone start menu blank i went to my documents my personal files everything seemed there only 2-3 thing were gone but on everything when i searched for like my music .mp3 i noticed it only showed me 339 files instead of 971 i had originally then i waited some seconds 5 to be exact to think what happened and i noticed inside of the program everything my mp3 were dissapearing only 52 items visible from 339 then i freaked out i went to try system restore but ofc was disabled i went to my hard drive and the gb were exactly the same like before the infection i had 282gb free and after 282gb free i also checked the windows folder everything there and system32 everything there but cause icons started getting removed from my desktop i just gave up and pressed the power button on the laptop to shut it down fast i did then 3 hours later cause i have dual boot linux and windows with GRUB Loader i went to check my files from windows almost all there maybe 5-6 missing or i dont know also some antiviruses and mac adress change programs were gone from program files everything was nomal on linux but i was scared to acess the internet thinking may infect linux too xD :P i did hours later and everything was fine i also i wanted to play a game and got tired sitting on linux i went into windows with safe mode and everything was ok but i didint want to connect to the internet there i tried fixing my computer i found stuff i didint download on downloads folder on appdata on registry the file was called MicrosoftRuntimeUpdate.VBS and also on appdata a folder with 76 files called libraries what i  did i disabled wscript from the program itself and from the registry to disable that virus i removed drivers looking doggy startup things but still i cant remove it! :( some antivuruses i runned found that my legit windows processes are infected! like crss.exe and all these i tried repearing windows with sfc /scannow it found damaged files... removing malware policies reseting proxy internet settings removing temp files etc i also found my startpage changed to aol.com i found 19 with jrt i also used adwcleaner found 6 things but still nothing also tdsskiller found 2-3 uknown things from malwarebytes i runned also a MBR check and i froze my MBR IS changed to an unkown MBR code i didint tried fixing the MBR cause i need my data first i dfont want to lose something fixing this computer and after trying cleaning my computer i tried booting into normal windows i did everything seemed fine tdsskiller runned on startup cause i told it and malwarebytes was also running but wasnt protecting the protection settings were greyed out i waited 1-2 minutes to check for weird behaviour and yeah on task manager a conhost.exe that was 2,148 kb job was running silently i closed it and also a wlanext was on i closed it too i closed also every taskeng and taskhosts in just 1 minute from boot up it did it again it was removing my desktop thing like logs from fixing programs and 5-6 documents so what can i do? i also noticed i have another hard drive i didint put next to mine visible i just hid it cause i thought windows did it accidently?? i did that on safe mode before i login to normal mode but what we can do now to remove it and not lose any more data? its a conhost so this just confused me alot.also  i had a problem finding drivers for my computer 3 days before infection i asked my service for them for windows 7 they had told me on the phone a year ago they are not supported for windows 7 only for 8.1 and what confuses me is that they found them for 7? yeah i installed the wifi driver from my technicians and from those 3-2 days things go weird on the computer maybe its a rootkit+more viruses? what can we do in this situation please its very difficult to fix this i dont know how i also want to fix it without having to go somewhere and put my data then change my mbr remove the infected one keep linux delete windows reinstall windows reinstall the windows mbr i mean this is just too much its so hardd... if anyone can help me please do so cheers guys :)



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 AM

Posted 18 January 2018 - 08:15 PM

See if you can follow the instructions below for creating the FRST logs and starting a new topic in the malware removal forum. Sounds like Kickass did just that...:)

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 manolis95

manolis95
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 18 January 2018 - 08:20 PM

Ok i can do that i will do that from safe mode tho should i copy paste what i wrote to here also to there with the logs? thank you :)



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:36 AM

Posted 18 January 2018 - 09:09 PM

Try to use regular mode for creating the FRST logs. Sure, post the content of your opening post here in the new post.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 manolis95

manolis95
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 18 January 2018 - 09:32 PM

Im sorry but i dont wanna go in the regular mode i will lose my data if i go :( i wrote the same things almost changed the titlte attached what they wanted and 2 pictures of my problem also here is the link  

https://www.bleepingcomputer.com/forums/t/668500/shortcuts-dissapearing-and-data-conhostexe-runs-on-startup/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users