Hostsfilehijack > bluescreen stop code: CRITICAL_PROCESS_DIED

Status
Not open for further replies.

Cpt.trap

New Member
Mar 4, 2021
3
0
I will try to keep this as brief as possible, but I figure if I want to be helped you need to know everything in order so here it is.

- i downloaded a "cracked" torrent off of piratebay. (my first mistake)

- following the hackers instructions, I was prompted to insert some entries into my hosts file. In the READ ME.txt of the crack it stated to input about 5 different addresses into my hosts file "to block Adobe from connecting to internet" im familiar with computers but no expert, and to me it checked out. So thats what I did.

- I then receive notice from windows defender stating a malware/virus system32hostsfilehijack or something along those lines was found and deleted.
I return to hosts file to see only the standard inputs that where there before i inserted the hackers "payload" im going to call it...

- from that point forward, when I would try to connect to internet, it would maybe work for a few minutes then browser would turn grey and state ERR_NETWORK_CHANGE along with others like ip couldn't be resolved, "netflix took to long to respond"

- I then notice the fan to my laptop was running almost nonstop. so I start doing some scans.. nothing conclusive comes up. I then notice a download I did not initiate. In the Microsoft folder, named Microsoft Office 16. In this folder was a huge amount of files. I perfect place for a hacker to hide all of his nefarious ill intended files. In the task manager, clicktorun.exe was taking alot of cpu so I open file location and end it. When I tried to delete the file, or the entire office 16 folder I would get a error message stating I could not delete the file because it was open in another program... I had no other programs open. Along with that, the file explorer thumbnail that is pinned to the Taskbar (usually shows green when loading or searching for a file and moves from left to right) well when trying to delete this file, the file explorer loading bar color was red. And stopped halfway thru the thumbnail.
I had pictures of this but I am now blue screen locked out of my computer so for now I cannot obtain the pictures.

- in another instance of me trying to figure this out, I right clicked the clicktorun.exe file and went to scan with windows defender and it took me to a page in the settings that stated something along the lines of "your IT department has blocked access to this feature please contact your IT department in order to continue" let me be clear thats not what it said exactly. But this is my personal computer and I certainly do not have a IT department.

- so my dumba#! Goes into the registry. And im looking at the permissions of each HKEY_...etc. and see permissions for an unknown user and things, that to me I thought were the hacker. Long story short I changed some of the said permissions and when my computer restarted I was left with blue screen stop code CRITICAL_PROCESS_DIED.

LAPTOP WILL NOT BOOT IN SAFE MODE
AS FAR AS I KNOW I HAVE NO BACKUP OF MY REGISTRY.
I TRIED TO RESTORE AND HAVE NO RESTORE POINTS.
Cannot do a system image recovery
I DO HAVE ACCESS TO CMD
I am here needing help to restore my registry back to default
And needing help to get this hacker off of my computer.
I cannot pull up exact spec of my computer but it is a
DELL inspiron 3593 with Intel core i3 10th gen.

To anyone willing to help my dumb!#% thank you thank u ty.
Cpt.Trap.
 

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
606
505
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using this computer can you Download and run this program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.
The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
====

If the Download is not possible from this computer use an other one or a Phone.
Copy the the Farbar program to the Desktop of the Compromised computer and run the it.
Post the logs for my review.
 

Cpt.trap

New Member
Mar 4, 2021
3
0
Unfortunately, I am not able to access any sort of desktop. I am blue screened. With stop code: CRITICAL_PROCESS_DIED
It loads to 100% then does nothing.

Due to the fact that I tampered with permissions in the registry trying to sabotage the "hacker"
i sadly sabotaged myself...

I believe I need to repair my registry before I can continue. I have looked around on the internet and every option I have came across did not work.

Thank you for the response. I greatly appreciate it.
 

Attachments

  • 20210305_073329.jpg
    20210305_073329.jpg
    2.1 MB · Views: 2
  • 20210305_073454.jpg
    20210305_073454.jpg
    2.2 MB · Views: 2

nasdaq

Moderator
Verified
Staff member
Nov 5, 2019
606
505
Hi,

The simple solution is to reset your PC

Navigate to this page with an other computer or your phone.

The page gives you options to restore your system.

You should try them iin this order if you can.

1 - Perform a System Restore in Windows 10

2 - Refresh your copy of Windows 10 without losing your data Keeping your files.

3 - Restore your Dell computer using Windows Push-Button Reset

there are other options that you may have to use.

If all fails I suggest you start a new topic in the Windows Foru at BleepingComputer.
Here:

If your Operating system is not a Windows 10 then please let me know what Operating system you have.
 

Cpt.trap

New Member
Mar 4, 2021
3
0
It is indeed windows 10. It appears I cannot do a system reset. Nor a system restore.
I guess I will head over to bleeping computer..
 
Status
Not open for further replies.
Top