Status
Not open for further replies.
Operating System
Windows 7
Infection date and initial symptoms
This happened about 2 weeks ago. The initial signs were when multiple fake programs were opening.
Current issues and symptoms
Not 100% sure but can't install or run most all antivirus and malware.
Steps taken in order to remove the infection
The only thing i've been able to run is ccleaner. I manually removed all the fake exe files I could find.
System logs
Yes, I've uploaded both FRST.txt and Addition.txt logs

MoeB74

New Member
One of my kids downloading something and what it did was open multiple instances of fake programs to eat up memory. Also, it's currently blocking chrome from working and not allowing me to open any antivirus or malware protection and in most cases also not letting me even install the programs. I was able to find and delete most of the fake programs. Not sure if their are any more, but there's still something in the system that's making the system not act right. Also it's adding data to a drive partition to a drive that's segmented for computer recovery. Also the only time chrome will work is when it's hijacked by a fake chrome exe file.
 

Attachments

  • Like
Reactions: oldschool

TwinHeadedEagle

Removal Expert
Staff member
Verified
Hello,


Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Quarantine Selected button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

MoeB74

New Member
Hello,


Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Quarantine Selected button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
That's the whole point of my post. I can't the malware is blocking it from installing.
 
  • Like
Reactions: oldschool

TwinHeadedEagle

Removal Expert
Staff member
Verified
Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).



    Access the notepad and identify your USB drive

    In the Command Prompt please type in:
    Code:
    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.



    Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.
 
  • Like
Reactions: oldschool

TairikuOkami

Level 22
Content Creator
Verified

Malware like smartservice blocks AVs based on the digital signature and the name. CureIt randomizes the name, but it has still got the certificate.
They made an unsigned Zemana for smartservice, but it is no longer around, there are some AVs without a certificate, but they are usually weak.
The best option is to use a bootable removal USB, like ESET SysRescue or Kaspersky Rescue Disk 18 or Dr.Web LiveDisk - Как это работает?
 
Status
Not open for further replies.