Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shortcuts dissapearing and data conhost.exe runs on startup


  • This topic is locked This topic is locked
3 replies to this topic

#1 manolis95

manolis95

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 18 January 2018 - 09:30 PM

Hi i need help i got infected i think cause i wanted to download something from kickass torrents now its too late this site dosent exist 3 years what i did is i searched for something i clicked the magnet or the download about 4 times but only white page pop ups the page didint even load and i closed it 2 clicks on the magnet 2 on the download twice not like crazy then i was wondering what is going on i noticed my utorrent is not loading? and it wasnt i used a program called everything to search it i opened the program 15 seconds after closing the pop ups and omg what i saw was shocking i had normally 360k items on everything and it had only 146k my personal data i think also had gone a little but when i went to see if it really is missing i opened the start button and again all my icons from the start menu games gone start menu blank i went to my documents my personal files everything seemed there only 2-3 thing were gone but on everything when i searched for like my music .mp3 i noticed it only showed me 339 files instead of 971 i had originally then i waited some seconds 5 to be exact to think what happened and i noticed inside of the program everything my mp3 were dissapearing only 52 items visible from 339 then i freaked out i went to try system restore but ofc was disabled i went to my hard drive and the gb were exactly the same like before the infection i had 282gb free and after 282gb free i also checked the windows folder everything there and system32 everything there but cause icons started getting removed from my desktop i just gave up and pressed the power button on the laptop to shut it down fast i did then 3 hours later cause i have dual boot linux and windows with GRUB Loader i went to check my files from windows almost all there maybe 5-6 missing or i dont know also some antiviruses and mac adress change programs were gone from program files everything was nomal on linux but i was scared to acess the internet thinking may infect linux too xD  :P i did hours later and everything was fine i also i wanted to play a game and got tired sitting on linux i went into windows with safe mode and everything was ok but i didint want to connect to the internet there i tried fixing my computer i found stuff i didint download on downloads folder on appdata on registry the file was called MicrosoftRuntimeUpdate.VBS and also on appdata a folder with 76 files called libraries what i  did i disabled wscript from the program itself and from the registry to disable that virus i removed drivers looking doggy startup things but still i cant remove it!  :( some antivuruses i runned found that my legit windows processes are infected! like crss.exe and all these i tried repearing windows with sfc /scannow it found damaged files... removing malware policies reseting proxy internet settings removing temp files etc i also found my startpage changed to aol.com i found 19 with jrt i also used adwcleaner found 6 things but still nothing also tdsskiller found 2-3 uknown things from malwarebytes i runned also a MBR check and i froze my MBR IS changed to an unkown MBR code i didint tried fixing the MBR cause i need my data first i dfont want to lose something fixing this computer and after trying cleaning my computer i tried booting into normal windows i did everything seemed fine tdsskiller runned on startup cause i told it and malwarebytes was also running but wasnt protecting the protection settings were greyed out i waited 1-2 minutes to check for weird behaviour and yeah on task manager a conhost.exe that was 2,148 kb job was running silently i closed it and also a wlanext was on i closed it too i closed also every taskeng and taskhosts in just 1 minute from boot up it did it again it was removing my desktop thing like logs from fixing programs and 5-6 documents so what can i do? i also noticed i have another hard drive i didint put next to mine visible i just hid it cause i thought windows did it accidently?? i did that on safe mode before i login to normal mode but what we can do now to remove it and not lose any more data? its a conhost so this just confused me alot.also  i had a problem finding drivers for my computer 3 days before infection i asked my service for them for windows 7 they had told me on the phone a year ago they are not supported for windows 7 only for 8.1 and what confuses me is that they found them for 7? yeah i installed the wifi driver from my technicians and from those 3-2 days things go weird on the computer maybe its a rootkit+more viruses? what can we do in this situation please its very difficult to fix this i dont know how i also want to fix it without having to go somewhere and put my data then change my mbr remove the infected one keep linux delete windows reinstall windows reinstall the windows mbr i mean this is just too much its so hardd... if anyone can help me please do so cheers guys  :)

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 21 January 2018 - 09:56 AM

Greetings manolis95 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST64 icon, select Rename, and rename it to FRST64english. Run another scan. Be sure to copy and paste both documents in your reply using multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 24 January 2018 - 10:16 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:31 AM

Posted 26 January 2018 - 10:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users