Assigned Malware/Virus constantly slows down and disconnects my internet

This thread is being handled by a member of the staff.
Status
Not open for further replies.

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's check it out.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer


Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

p.s.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.
<<<>>>
 

blacky

New Member
Thread author
Apr 15, 2022
13
Here are the results
 

Attachments

  • Addition.txt
    53.8 KB · Views: 30
  • AdwCleaner[S00].txt
    1.4 KB · Views: 27
  • FRST.txt
    88.5 KB · Views: 27
  • mbam.txt
    1.2 KB · Views: 31

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

No malware was found in your log.

This fix will do some maintenance and reset the important services.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:
start

Comment: All processes will be force closed, System Protection will be enabled
Comment: New Restore Point will be created, All network proxies will be removed
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:

Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKU\S-1-5-21-2847217304-2819276743-4079655184-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2847217304-2819276743-4079655184-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2847217304-2819276743-4079655184-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2847217304-2819276743-4079655184-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]
Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]
U3 aswbdisk; no ImagePath
U1 avgbdisk; no ImagePath
U1 bdvedisk; no ImagePath
U4 HomeGroupListener; no ImagePath
U4 HomeGroupProvider; no ImagePath
S3 MpKsl6f527073; \??\C:\Windows\Temp\219959F0-5EB9-AFA6-008F-63B383F6747E\MpKslDrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]

Comment: Items from the Addition.txt log that will be removed.
AlternateDataStreams: C:\Windows\system32\.crusader:A00C7B7425 [3314]
AlternateDataStreams: C:\ProgramData\agent.1649167946.bdinstall.v2.bin:5FF0C58234 [3314]
AlternateDataStreams: C:\ProgramData\cl.1649168011.bdinstall.v2.bin:87D4A05FFB [3314]
AlternateDataStreams: C:\ProgramData\cl.kit.1649168010.bdinstall.v2.bin:075A7D6067 [3314]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3314]
AlternateDataStreams: C:\ProgramData\unins000.exe:5FA9ECDA59 [3314]
AlternateDataStreams: C:\ProgramData\unins000.exe:8A5F68F8C0 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk:1069064143 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk:4E42ED6D31 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3314]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [3314]

Comment: Resetting of services and maintenance.
cmd: ECHO Y|CHKDSK C: /F

cmd: pushd\windows\system32
cmd: net stop bits
cmd: net stop cryptSvc
cmd: net stop wuauserv
cmd: net stop msiserver
cmd: del /s /q C:\Windows\SoftwareDistribution\download\*.*
cmd: net start cryptSvc
cmd: net start bits
cmd: net start wuauserv
cmd: net start msiserver
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
StartBatch:
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
netsh interface IP delete arpcache
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start mpsdrv
net start bfe
net start MpsSvc
net start winmgmt
netsh winhttp reset proxy
Endbatch:
cmd: Bitsadmin /Reset /Allusers
cmd: winmgmt /verifyrepository
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp

Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixlog.txt and let me know what problem persists.

If any problems run a scan with the Farbar program
Just check the boxes as seen here:
L7kNU5y.jpg



Attache logs in your next reply
 
Last edited:

blacky

New Member
Thread author
Apr 15, 2022
13
One thing I would like to address, I cannot update my laptop to windows 11 is giving me an error "0xc1900101 error to be specific.
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Attach it.

Press the Post reply button.
Click the Upload file button
Browse to the location of the file and attach it.

Post your reply.
 

Jonwinter

Level 1
Jan 20, 2022
30
Well I will suggest to do network troubleshooting or you can check you network driver if it is outdated. If you find any driver outdated try to update that manually or use can use a good tool to update your outdated driver like advanced driver updater or any other good tool.
 

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Bread down the size of the FRST.TXT log.
Open the File with Notepad and delete all the lines after this entry.

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Save the file.

===

This is what I need you do to with the Addtion.txt log.

Open the File with Notepad.

COPY all the data from this entry to the End .

==================== Event log errors: ========================

Application errors: ==================


Open a new file in Notepad and PASTE the contents to iit.
Save the file as Application.txt
===

Now do this with the Additonal.txt logs.

Open the File with Notepad (it may still be opened) and delete all the lines after this entry.

==================== Event log errors: ========================

Save the file.

You should not be able to attach the files.

If the content of the 3 Files are still too long to attach use 2 or 3 replies to attach one or two files at a time.
 

blacky

New Member
Thread author
Apr 15, 2022
13
Here is it
 

Attachments

  • Application.txt
    9.2 KB · Views: 33
  • FRST.txt
    48 KB · Views: 30

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Sorry for this long delay.

I remember seen your logs and I wanted to inform you that your Application.txt log (the actual Addition.txt) was wrong.
You submitted the bottom of the log.

My instructions were :

Now do this with the Additonal.txt logs.

Open the File with Notepad (it may still be opened) and delete all the lines after this entry.

==================== Event log errors: ========================

Save the file as Additon.txt log and attach it for my review.

Apparently I forgot to send my message before.
 

blacky

New Member
Thread author
Apr 15, 2022
13
oh my fault here is the result
 

Attachments

  • Additional.txt
    44.7 KB · Views: 23

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    3.5 KB · Views: 31

blacky

New Member
Thread author
Apr 15, 2022
13
here is the result. my internet connection is okay not. now my concern is that i cannot install armoury crate it is giving .200 error and also i cannot update my laptop to windows 11
 

Attachments

  • Fixlog.txt
    18.7 KB · Views: 25

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,597
Hi,

Hope this will help.

You should check with them if the problem persists.

Can't Install Armoury Crate




---

I cannot update my laptop to windows 11

What is the error message from Microsoft when you try the upgrade.

p.s.
Your computer may not be compatible at this time.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top