I will try to keep this as brief as possible, but I figure if I want to be helped you need to know everything in order so here it is.
- i downloaded a "cracked" torrent off of piratebay. (my first mistake)
- following the hackers instructions, I was prompted to insert some entries into my hosts file. In the READ ME.txt of the crack it stated to input about 5 different addresses into my hosts file "to block Adobe from connecting to internet" im familiar with computers but no expert, and to me it checked out. So thats what I did.
- I then receive notice from windows defender stating a malware/virus system32hostsfilehijack or something along those lines was found and deleted.
I return to hosts file to see only the standard inputs that where there before i inserted the hackers "payload" im going to call it...
- from that point forward, when I would try to connect to internet, it would maybe work for a few minutes then browser would turn grey and state ERR_NETWORK_CHANGE along with others like ip couldn't be resolved, "netflix took to long to respond"
- I then notice the fan to my laptop was running almost nonstop. so I start doing some scans.. nothing conclusive comes up. I then notice a download I did not initiate. In the Microsoft folder, named Microsoft Office 16. In this folder was a huge amount of files. I perfect place for a hacker to hide all of his nefarious ill intended files. In the task manager, clicktorun.exe was taking alot of cpu so I open file location and end it. When I tried to delete the file, or the entire office 16 folder I would get a error message stating I could not delete the file because it was open in another program... I had no other programs open. Along with that, the file explorer thumbnail that is pinned to the Taskbar (usually shows green when loading or searching for a file and moves from left to right) well when trying to delete this file, the file explorer loading bar color was red. And stopped halfway thru the thumbnail.
I had pictures of this but I am now blue screen locked out of my computer so for now I cannot obtain the pictures.
- in another instance of me trying to figure this out, I right clicked the clicktorun.exe file and went to scan with windows defender and it took me to a page in the settings that stated something along the lines of "your IT department has blocked access to this feature please contact your IT department in order to continue" let me be clear thats not what it said exactly. But this is my personal computer and I certainly do not have a IT department.
- so my dumba#! Goes into the registry. And im looking at the permissions of each HKEY_...etc. and see permissions for an unknown user and things, that to me I thought were the hacker. Long story short I changed some of the said permissions and when my computer restarted I was left with blue screen stop code CRITICAL_PROCESS_DIED.
LAPTOP WILL NOT BOOT IN SAFE MODE
AS FAR AS I KNOW I HAVE NO BACKUP OF MY REGISTRY.
I TRIED TO RESTORE AND HAVE NO RESTORE POINTS.
Cannot do a system image recovery
I DO HAVE ACCESS TO CMD
I am here needing help to restore my registry back to default
And needing help to get this hacker off of my computer.
I cannot pull up exact spec of my computer but it is a
DELL inspiron 3593 with Intel core i3 10th gen.
To anyone willing to help my dumb!#% thank you thank u ty.
Cpt.Trap.
- i downloaded a "cracked" torrent off of piratebay. (my first mistake)
- following the hackers instructions, I was prompted to insert some entries into my hosts file. In the READ ME.txt of the crack it stated to input about 5 different addresses into my hosts file "to block Adobe from connecting to internet" im familiar with computers but no expert, and to me it checked out. So thats what I did.
- I then receive notice from windows defender stating a malware/virus system32hostsfilehijack or something along those lines was found and deleted.
I return to hosts file to see only the standard inputs that where there before i inserted the hackers "payload" im going to call it...
- from that point forward, when I would try to connect to internet, it would maybe work for a few minutes then browser would turn grey and state ERR_NETWORK_CHANGE along with others like ip couldn't be resolved, "netflix took to long to respond"
- I then notice the fan to my laptop was running almost nonstop. so I start doing some scans.. nothing conclusive comes up. I then notice a download I did not initiate. In the Microsoft folder, named Microsoft Office 16. In this folder was a huge amount of files. I perfect place for a hacker to hide all of his nefarious ill intended files. In the task manager, clicktorun.exe was taking alot of cpu so I open file location and end it. When I tried to delete the file, or the entire office 16 folder I would get a error message stating I could not delete the file because it was open in another program... I had no other programs open. Along with that, the file explorer thumbnail that is pinned to the Taskbar (usually shows green when loading or searching for a file and moves from left to right) well when trying to delete this file, the file explorer loading bar color was red. And stopped halfway thru the thumbnail.
I had pictures of this but I am now blue screen locked out of my computer so for now I cannot obtain the pictures.
- in another instance of me trying to figure this out, I right clicked the clicktorun.exe file and went to scan with windows defender and it took me to a page in the settings that stated something along the lines of "your IT department has blocked access to this feature please contact your IT department in order to continue" let me be clear thats not what it said exactly. But this is my personal computer and I certainly do not have a IT department.
- so my dumba#! Goes into the registry. And im looking at the permissions of each HKEY_...etc. and see permissions for an unknown user and things, that to me I thought were the hacker. Long story short I changed some of the said permissions and when my computer restarted I was left with blue screen stop code CRITICAL_PROCESS_DIED.
LAPTOP WILL NOT BOOT IN SAFE MODE
AS FAR AS I KNOW I HAVE NO BACKUP OF MY REGISTRY.
I TRIED TO RESTORE AND HAVE NO RESTORE POINTS.
Cannot do a system image recovery
I DO HAVE ACCESS TO CMD
I am here needing help to restore my registry back to default
And needing help to get this hacker off of my computer.
I cannot pull up exact spec of my computer but it is a
DELL inspiron 3593 with Intel core i3 10th gen.
To anyone willing to help my dumb!#% thank you thank u ty.
Cpt.Trap.
