unknown virus from KAT.eu? no control over pc! Hlp

[wasnt me]

Every file on my pc seems to be missing? They are not there at all there because I can access the explorer files but that's it nothing else! Now before anyone says "KAT, YOU ARE PIRATING"! To be clear the game, Modern Combat 5, my son was downloading was free. It was an emulated mobile device file he was going for to play on bluestacks. The game is free to begin with so there is no illegal downloading. OS is active and legal with valid tag/key.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Can you boot to Safe Mode? Can you access your Desktop?

 

[wasnt me]

No I can not boot into safe mode. F2 and f12 are the only ones working. F8 won't start safe mode like it should! I can access the desktop but nothing will open all my app icons turned white and file can not be found! The only folder I can open is explorer! But still once it opens I click anything and all that happens is I get a pop up saying Windows is not active! And my IObit software is saying over and over (new start up program detected) but I can't open the program to disable the new program! I can open task manager and it says my CPU is running at 99% I have an i7 I have never seen it run that high

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Click Start and while holding Shift key on your keyboard click Power --> Restart.

Note: It is important that you keep Shift key pressed while doing this or it won't work.​

• Now you should get a window like this where you need to click Troubleshoot.

• In the next window, click Advanced options and select Command Prompt.
• Now you should log in into your account and after that Command Prompt window.

Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

 

[wasnt me]

Here is the file you needed. Thanks for all your help.

 

[TwinHeadedEagle]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[wasnt me]

hi I ran everything you asked in the same way you asked but when I hit fix I get a warning message that says looks like you don't know what to do! to prevent system damage this tool will exit! the only option is to exit the program?

 

[TwinHeadedEagle]

Sorry, can you try with this Fixlist attached?

 

[wasnt me]

thanks this one worked

 

[TwinHeadedEagle]

Can you boot now?

 

[wasnt me]

but I just did the try to boot windows normally and it seems to be running different? there is some applications that are missing now. the pop up of windows not being activated is gone. still have no access to any files or folders. and I also see the original file containing the virus is still on the pc named setup_9581

 

[wasnt me]

also explorer now crashes when I open the explorer file before I could open it just not do anything in it.

 

[wasnt me]

not sure if it matters but I can now open console from right click start menu.

 

[TwinHeadedEagle]

Yes, your PC looks heavily infected/damaged.

Can you boot again to Advanced options and try to perform a system restore to the time before it happened?

You have this restore point:

Restore point date: 2016-03-13 01:16

Before you do it, can you upload all of these files:

2016-03-14 18:11 - 2016-03-14 22:33 - 00698941 _____ C:\Users\Heather\Desktop\Setup_9581.zip
2016-03-14 18:10 - 2016-03-14 18:10 - 00699285 _____ C:\Users\Heather\Downloads\Setup.zip
2016-03-14 18:12 - 2016-03-14 18:12 - 00830664 _____ (GeneralTechnologies) C:\Users\Heather\Desktop\Setup__9581_il255688.exe

via this link:

Zippyshare.com - Free File Hosting

That would help. Provide me with download links for them.

 

[wasnt me]

im working on that now two of them are saying has properties that can not be copied to a new location.
and the third one I cant locate. now moving them is freezing my pc. I don't think this virus wants to go anywhere. these are the files containing the the setup files I can see from the areas I can access! I just realized I can run regedit now so I can try key searching files containing setup_9581? sending the files on zippy now

 

[wasnt me]

apparently I don't know how to get the dl link once the files are uploaded?

 

[wasnt me]

links removed

 

[wasnt me]

restore is complete. I have almost full access. there is files that need to be removed like iobit, smart defrag, advanced system care, these and more programs are missing these or more files
C:\program files (x86)\ IObit\IObit
uninstaller\''unins000.msg'' is missing. please correct the problem or obtain a new copy of the program?

also the virus seems to be gone. but there is some missing files as well as the original zipped virus file setup_9581 is on my desktop! but the .exe file and the extracted files are gone.

 

[TwinHeadedEagle]

Okay, let's see what is there:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[wasnt me]

so AVG did not stop this virus before it hit and after restore it could not find any virus. I also submitted the virus file to AVG and today it finds three files containing the virus setup_9581.
I have not let AVG do anything yet because I did not want to interrupt what you had going on.