Malware tools have failed, reboots or log fails on farbar and rkill

Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
I have been battling this for 3 days now on my 3 off days and I've exhausted the tools and tactics to rid my system of the problem. Every once in a while in various folders or settings in Windows 10 I see copied users. Like a duplicate of my windows user but with a red x through it on a certain folder that shows special permissions. Any type of setting in a program or system setting shows its greyed out. The greyed out settings are the ones that let me change things. Luckily UAC is still at the top of the aggressive setting. I have been using Ethernet only but 3-4 days ago I was trying to send a file from my PC to phone. So wifi was turned on. The next day 3 days ago I saw some weird adjustments in that remote desktop was turned on. Something with home group. Can't remember exactly but all of that was turned off immediately. Since than my PC hasn't allowed me to do anything as far as making changes to anything. The PC runs great except that its using 60-70% ram almost all the time no matter what. Even after a reboot. Random things were checked or unchecked. Cortana was off entirely but I can't change the settings but off and on like most other settings now. I was prepared for a full clean install as my files/media are backed up in the cloud. Found out during the process of thinking it was a update issue or hard drive failure that my BIOS is really outdated. It is a 3 year old Laptop and its supposed to be 100% up to date on drivers but BIOS I guess didn't get updated. So that might be part of the problem on slow restart or reboot or even security. I'm terrified to update the BIOS with the issues because of this malware effects the bootup and BIOS doesn't update I end up with a brick. I just downloaded the Kaspersky rescue disk in hopes that finds issues and I can continue with the process of the usual tools. FRST and Addition logs are attached below. Let me know what I need to do now or go ahead and run Kaspersky rescue from usb.
 

Attachments

  • FRST.txt
    108.5 KB · Views: 4
  • Addition.txt
    29.1 KB · Views: 4
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


cmd_icon.png
Check Disk
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • Code: 
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
 
  • Like
Reactions: Intel_iRIS81
Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
Hey thanks for your reply. I in fact already ran the same chkdsk at restart already. I added the f and r. Could I find the log for that somehow or is it only logged if I tell it too. It took about 2 hours to finish.
 
Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
I apologize I saw that. I just woke up. Checking now for that log now. The 2 logs from farbar. Did they show up anything useful or because it was hanging it couldn't gather any info?
 
Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 7/19/2016 10:10:08 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Josh
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x18ea4.
389376 file records processed.

File verification completed.
11342 large file records processed.

0 bad file records processed.


Stage 2: Examining file name linkage ...
459680 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered to lost and found.


Stage 3: Examining security descriptors ...
Cleaning up 4638 unused index entries from index $SII of file 0x9.
Cleaning up 4638 unused index entries from index $SDH of file 0x9.
Cleaning up 4638 unused security descriptors.
Security descriptor verification completed.
35153 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
389360 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...
19902459 free clusters processed.

Free space verification is complete.

Windows has made corrections to the file system.
No further action is required.

298174900 KB total disk space.
217991012 KB in 155287 files.
101592 KB in 35154 indexes.
0 KB in bad sectors.
472456 KB in use by the system.
65536 KB occupied by the log file.
79609840 KB available on disk.

4096 bytes in each allocation unit.
74543725 total allocation units on disk.
19902460 allocation units available on disk.

Internal Info:
00 f1 05 00 a5 e7 02 00 80 a7 04 00 00 00 00 00 ................
e6 1b 00 00 45 00 00 00 00 00 00 00 00 00 00 00 ....E...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-07-19T14:10:08.998631500Z" />
<EventRecordID>13135</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Josh</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x18ea4.
389376 file records processed.

File verification completed.
11342 large file records processed.

0 bad file records processed.


Stage 2: Examining file name linkage ...
459680 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered to lost and found.


Stage 3: Examining security descriptors ...
Cleaning up 4638 unused index entries from index $SII of file 0x9.
Cleaning up 4638 unused index entries from index $SDH of file 0x9.
Cleaning up 4638 unused security descriptors.
Security descriptor verification completed.
35153 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
389360 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...
19902459 free clusters processed.

Free space verification is complete.

Windows has made corrections to the file system.
No further action is required.

298174900 KB total disk space.
217991012 KB in 155287 files.
101592 KB in 35154 indexes.
0 KB in bad sectors.
472456 KB in use by the system.
65536 KB occupied by the log file.
79609840 KB available on disk.

4096 bytes in each allocation unit.
74543725 total allocation units on disk.
19902460 allocation units available on disk.

Internal Info:
00 f1 05 00 a5 e7 02 00 80 a7 04 00 00 00 00 00 ................
e6 1b 00 00 45 00 00 00 00 00 00 00 00 00 00 00 ....E...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
 
Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
I just want to add I have some random files on my desktop with weird created dates. grub.exe, syslinux.exe, and syslinux.cfg forgot to mention that in the OP. I'm in the process of running Comodo (CCE) in advanced ways kill switch, etc per the write up I got from this site "How to clean infected computer" which I know I need to do before I can fix the infected computer. I'm really at the point where I want to clean install Windows 10 which I'm prepared to do. I'm afraid though. I wanted to get the computer ok first. Can a clean install transfer over infected files? Any help is appreciated. rkill again will not work or any of the basic tools.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try to perform one more scan:


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
Intel_iRIS81

Intel_iRIS81

Level 1
Thread author
Verified
Jun 7, 2016
23
Here you go. I'm ready to get this finished forgive me if I seem impatient. I need to order some stuff but can't obviously til I know everything is good to go. Let me know asap what the logs show. I've tried all steps in guides to rid the system. I'm fully backed up ready for a clean install also. Whatever the end result is I'm ready
 

Attachments

  • FRST.txt
    114 KB · Views: 1
  • Addition.txt
    53.1 KB · Views: 1
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    6.9 KB · Views: 2

Similar threads

L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
154
Windows Malware Removal Help & Support
nasdaq
nasdaq
tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
356
Windows Malware Removal Help & Support
icotonev
icotonev
M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
510
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top