I am usually an extremely cautious guy. However,after many years of peace, I finally got hit by a virus. And it's a doozy.
I got the virus after I did something extremely foolish in haste. I opened a word document from a USB I plugged into my computer (the USB's long-gone now).
The file immediately opened this webpage on chrome: xmrmsft (dot) com/hive. I immediately realize I had just messed up. The browser was already running btw.
Now, I have been using Windows 7 since it came out and have made do with just one kind of security software: SpyBot S&D.
I update SpyBot and run a System scan but it shows no errors. So I proceed to install MalwareBytes Antimalware. It installs fine but refuses to run. Nothing happens when I double click it. I try running it as an administrator and I get the very generic 'Malwarebytes has stopped working' error window. Same story after reinstalling it.
Panicked, I restart my computer. (deadly mistake #2).
Now, I see that all the folders on my external HDD have turned into shortcuts. I immediately disconnect said external HDD. I need to look into how I can clean the external HDD too.
I try running msconfig, but it immediately closes. I try running resmon but it instantly closes too.
I download Hijackthis, but it crashes immediately with an error message. The error message disappears soon after.
I download DDS, but it crashed with a very similar error message as well!
I download Rkill. This thankfully works however, but finds no errors. At all.
So I finally download SUPERAntiSpyware. I have never used it before but it appeared to work fine. I do a complete system scan. All it does it catch a few tracking cookies, but that's it. No infected files, nothing in memory, nada!
Anyways, I soon discover that if I run Hijackthis while the DDS error message is on display, I can find just enough time to run the scan and save the logfile. I try it with DDS and I mange to get an attach.txt as well.
Rkill.txt 3.59KB 49 downloads
Addition.txt 61.6KB 49 downloads
Here's the Hijackthis/DDS error message:
(Note: the id= field changes every time I run them.
Application has generate an exception that could not be handled; Process id=0xef5a8e(15686286), Thread id=0xef84ef (15697135). CLick OK to terminate the application. Click CANCEL to debut the application.
Here's the error message details from the Malwarebytes crash:
Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 220.127.116.113 Application Timestamp: 5b2a6dfb Fault Module Name: Qt5Core.dll Fault Module Version: 18.104.22.168 Fault Module Timestamp: 5a61293e Exception Code: c0000005 Exception Offset: 001aa816 OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033 Additional Information 1: 0a9e Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 Additional Information 3: 0a9e Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
Any help I can get would be appreciated. This is my first time joining a forum btw.
Edited by virushatersal, 05 August 2018 - 08:21 AM.