Opened malicious file and it has broken my Windows 7

Discussion in 'Malware Removal Assistance For Windows' started by Phenric, Jan 2, 2018.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. Phenric

    Phenric New Member

    Jan 2, 2018
    1
    0
    Terra
    Windows 7
    Comodo
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    5 hours ago. System started to run slow until it froze. Performed hard restart into normal mode with disconnected network and it ran fine until connected when after that it froze almost immediately
    Current issues and symptoms:
    Windows will permanently freeze shortly after launch. Can launch in safe mode with network, but I think it runs slow.
    Steps taken in order to remove the infection:
    It was pretty obvious it was a malicious file. It was a bmp file. It was my mistake opening it. Almost immediately after opening I realized it and disconnected network. Checked event viewer and found this:

    Nazwa dziennika:System
    Źródło: LsaSrv
    Data: 1/2/2018 3:54:41 AM
    Identyfikator zdarzenia:6033
    Kategoria zadania:Brak
    Poziom: Błędy
    Słowa kluczowe:
    Użytkownik: SYSTEM
    Komputer: ASUS-Komputer
    Opis:
    Anonimowa sesja podłączona z ASUS-KOMPUTER próbowała otworzyć dojście do zasad urzędu zabezpieczeń lokalnych na tym komputerze. Próba została odrzucona i został zwrócony stan STATUS_ACCESS_DENIED, który uniemożliwia przecieki informacji dotyczących zabezpieczeń do anonimowego użytkownika wywołującego.
    Należy naprawić aplikację, która podjęła tę próbę. Skontaktuj się z dostawcą aplikacji. Aby tymczasowo obejść ten problem, można wyłączyć to zabezpieczenie, ustawiając wartość \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD na 1.
    Ten komunikat będzie rejestrowany najwyżej raz dziennie.
    Kod XML zdarzenia:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
    <EventID>6033</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-01-02T02:54:41.758896600Z" />
    <EventRecordID>225274</EventRecordID>
    <Correlation />
    <Execution ProcessID="696" ThreadID="22356" />
    <Channel>System</Channel>
    <Computer>ASUS-Komputer</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data Name="Client">ASUS-KOMPUTER</Data>
    </EventData>
    </Event>

    I am sorry it is in Polish, system will not display it in english. I think Google does good work translating it.

    I ran Malwarebytes Anti-Malware in safe mode, it removed 160 items but this did not solve the issue.
    Logs added to help request:
    • FRST.txt
    • Addition.txt
    Described the issue in fields above.
     

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,726
    2,654
    Malware Removal, Gaming
    Windows 7
    ESET
    Hello,

    Can you access Task Manager from normal boot to see what is using your CPU?
     
Loading...
Similar Threads Forum Date
Opened a malicious .src file Malware Removal Assistance For Windows Nov 28, 2017
My PC has been acting up lately, some core apps like rundllhost.exe notepad.exe crashes when opened. Malware Removal Assistance For Windows Nov 21, 2017
.pptx opened => shellcode injected => Remote access in browser.. ! Malware Removal Assistance For Windows Jan 13, 2017