Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desperately seeking help. Tried removing malware, pc now semi crippled.


  • Please log in to reply
16 replies to this topic

#1 Vcxlll

Vcxlll

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 11:29 AM

Hi there.. I am at my wits end, trying to recover my system's functions.

- I deeply apologise for the wall of text, but I wanted to include as much info as I can before I forget anything.

1: Months ago, I downloaded some mods for my games and one download in particular did extra shady things. My chrome, task bar and system got "hijacked" and cyka-blyat-ified. Everything was in russian and there was this mail.ru and.. Komlet(can't remember the exact spelling) thing.

I downloaded malwarebytes and spybot to scan for threats and cleaned it up(or so I thought). Things seemed fine, with one exception. I noticed that when I tried to download normal files off the internet(actual, safe documents), my downloads would sometimes get "redirected" to download a rar within a rar that Windows defender would detect as.. Something software bundler Ogimant.b?

2: Today, when I downloaded the discord app. I noticed the download became one of those rar within a rar. The usual pop up asked if I want to give it permission to run, but I did not click yes. I alt tabbed to look up the developer signature thing, some LLC.. Tol-korg or something like that. Suddenly the whole mail.ru thing happened again and things started going downhill.

I did what I did last time, downloaded malwarebytes and it detected malware and I deleted them, restarted my computer and started removing the rest of the Russian crap settings done to my chrome manually. I noticed that one of my extensions stopped working and I tried redownloading it but none of my downloads would finish. I tried downloading different things like themes and mbar, they would "finish" download(for example 5mb/5mb) but would not actually finish. I could not reset my chrome either and when I tried to uninstall it, things got really nasty.

3: I can't remember the exact order of things I tried next, but I've been at it the whole day. None of my browsers or control panels will start up now, or if they do they will just be non responsive. I've tried a lot of different malware/virus removers, some of them find things to quarantine and I delete the quarantined items. I've previously "resettled" my hosts file. My rkill says there's nothing wrong either. I've tried system restore(through restarting into safe mode, since I can't access the control panel). I tried resetting my windows 10 but I only get some error message like "something is preventing your windows 10 reset". Currently the only browser I can access is steam big picture.

4: I have access to an external thumb drive, an Internet connection and my neighbour's laptop. That's how I've been installing different antiviruses to try to fix the problem today.

Please send help. Let me know if you have further questions or advice. My eternal gratitude.

BC AdBot (Login to Remove)

 


#2 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:17 PM

open system restore.....

 

see if you have a restore point/date that is PREVIOUS to when all this crap started,

 

if you do....restore the computer to that date/restore point



#3 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:23 PM

Thanks for the swift response. I do not have any further restore points. The earliest I had was the 11th of this month,which I tried. It successfully restored to that point, with notification saying my documents weren't affected. I was still unable to open my browsers or use the control panels and rerunning the antiviruses showed all the malware etc again. It's either they've been there but laying dormant the entire time or they went back together with the restore.

#4 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:24 PM

try running ADWCleaner....then Malwarebytes



#5 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:29 PM

Additional info: Just remembered that I've got the notification: "G" is preventing shutdown, and upon rebooting: code execution cannot proceed because rtl150.bpl was not found. Reinstalling this program may fix this problem, a few times today while trying to remove the malware/adware/virus/trojan.

List of antivirus/malware/adware/trojan removers I've tried today:

- Malwarebytes,

- Adwcleaner,

- Mbar(only got it to run twice, most of the time nothing happens but when I try to open again it says something about it already being open and I'm opening a second instance of it)

- eset(found my other antivirus as threat and cannot remove anything without paying)

- hitmanpro

- zemana

- tdsskiller and rkill

How bleeped am I..? Am I utterly screwed?

Edited by Vcxlll, 28 April 2018 - 01:32 PM.


#6 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:31 PM

try running ADWCleaner and Malwarebytes in safe mode....

 

does the computer run okay in safe mode?



#7 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:34 PM

I tried running the computer in safe mode with networking to test if the browsers would work. They did not.

I'm fairly sure I already tried running the antiviruses in safe mode but it's been like a 12 hour ordeal and my brain is mush at this point. I'll try again now and let you know.

How screwed am I? I have less than 10 bucks to my name after leaving the army and I can't afford to send it to a pc clinic..

Edited by Vcxlll, 28 April 2018 - 01:36 PM.


#8 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:36 PM

I tried running the computer in safe mode with networking to test if the browsers would work. They did not.

I'm fairly sure I already tried running the antiviruses in safe mode but it's been like a 12 hour ordeal and my brain is mush at this point. I'll try again now and let you know.

How screwed am I? I have less than 10 bucks to my name after leaving the army and I can't afford to send it to a pc clinic..

 

 

do you have any files or document that you need off it?

 

if not, just reinstall windows



#9 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:42 PM

I just run *adwcleaner and malwarebytes in safe mode again, no threats found but I still can not access my windows button and search on the task bar. My computer just hanged while I was trying to shut it down too.

I tried to "reset" my windows via shift restart, but I was given an error message saying something like "there was an error resetting windows" or "something is preventing you from resetting windows". I am sorry if I am misunderstanding what you mean by reinstall because I only have a layman's knowledge on this.

Edited by Vcxlll, 28 April 2018 - 01:48 PM.


#10 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:50 PM

what version of windows?



#11 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:51 PM

Windows 10. Do you need a list of the specs?

#12 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:53 PM

go to this link......

 

https://support.microsoft.com/en-ca/help/929135/how-to-perform-a-clean-boot-in-windows

 

scroll down under "how to perform a clean boot"

 

click on "windows 10"

 

follow the instructions there



#13 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 01:56 PM

Use the following steps to perform a clean boot:

Hide all
Windows 10


From Start, search for msconfig.

I am not currently able to press the start(windows button) on the task bar. I tried hitting Windows key + r to open run but it does not work either.

#14 mikey11

mikey11

  • Members
  • 1,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:02:32 AM

Posted 28 April 2018 - 01:57 PM

Use the following steps to perform a clean boot:

Hide all
Windows 10


From Start, search for msconfig.

I am not currently able to press the start(windows button) on the task bar. I tried hitting Windows key + r to open run but it does not work either.

 

 

try doing the entire process in safe mode



#15 Vcxlll

Vcxlll
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 02:05 PM

I will try that later in the day. It is currently 3 in the morning where I am and I have to get up extremely early. Will update here once I try. Is this the only option I have left..?

Also thank you very much for responding, its less depressing after trying and failing alone the entire day.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users