Windows Activation Pro is a Nightmare! Help!

S

SynthiaHasProblems

New Member
Thread author
Aug 24, 2016
3
I have a HUGE problem (as my name humorously suggests)!
So, I've decided to re-run my Lenovo 6585 Windows 8 Laptop after a year of keeping it shut-down and in the closet. I stopped using it after I noticed a very stubborn infection kept forcing my browser to overload the pages with fake malware alerts (which are very real now, but I can't trust anything on my PC at this point) and a scary, robotic voice that won't let me close it with a fake message to call a "toll free number to get assistance". Traumatic.
Anyway, after I tried doing a System Restore, my computer can't get farther than the login screen, and it's because of a Windows Activation Pro Scam Virus! I've done everything that I could that was suggested in a step-by-step guide on this very site, see link: Remove "Windows Activation Pro" virus (Call for Support Scam) and NOTHING has worked! I will provide pictures of every screen transition after I try removing the lock screen, just to show you what kind of a box I'm in.
14100469_644709452357393_6509823725200528854_n.jpg

So, after I unplug the thing 3 times, it activates Automatic Repair (it doesn't work).

13962562_644709562357382_229680329459487964_n.jpg

Then it does this thing (again, it doesn't work).

14080061_644709549024050_6127404780313931471_n.jpg

Doesn't work, once again. I press 'Restore'.

14051607_644709629024042_6051357808707445009_n.jpg

It redirects me, after the "Restore", to this lovely screen. I press 'Troubleshoot'.

14051687_644709709024034_3685337316125717549_n.jpg

As you can see, I was making my way to 'Advanced options', and pressed it.

14063992_644709749024030_3761446307575246579_n.jpg

Then, as the link I tried suggested (or rather, the most logical thing to do), I went into 'Startup Settings' and pressed number 6, which was 'Enable Safe Mode with Command Prompt' (Step 2 in the link.)

14079714_644709812357357_1092157287531244178_n.jpg

And here's command prompt, with the missing, traditional screen I keep seeing with the virus, as seen here:
14040029_644710185690653_4068963415572421492_n.jpg

See how that is missing in the background of the Command Prompt pic? Yeah, just a black screen...
When I enter 'taskmgr' into the Command Prompt, it opens respectfully, but all of the 'exe' files and other things named in the link I tried were nowhere to be found, or they are going by a different name. I'm providing the pics here:

In 'Processes', nothing, except a bad CTF Loader.
14079865_644709872357351_714275898087275978_n.jpg

14100375_644709929024012_3948918227064467670_n.jpg


In 'Startup', nothing again.
14102746_644709962357342_6402868284831992938_n.jpg

14079714_644710059023999_1909800129850660346_n.jpg

14102472_644710089023996_7490281621940930117_n.jpg


In 'Details', nothing.
14100480_644710145690657_2430502069447212797_n.jpg


And finally, I couldn't even accomplish the first step as the link suggested, where I opened Task Manager on the lock screen, and got this, which doesn't look normal to me:
14021614_644710242357314_681890731152900437_n.jpg

After I request it to open, (pressing 'Yes' in the prompt box), Task Manager doesn't even open.

So, as you can see, I'm trapped and can do, at this point, nothing. Please help me!
Thank you,
~SynthiaHasProblems
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Click Start and while holding Shift key on your keyboard click Power --> Restart.
Note: It is important that you keep Shift key pressed while doing this or it won't work.
  • Now you should get a window like this where you need to click Troubleshoot.
Windows-10-2.jpg

  • In the next window, click Advanced options and select Command Prompt.
  • Now you should log in into your account and after that Command Promptwindow.
notepad.png
Access the notepad and identify your USB drive

In the Command Prompt please type in:
Code: 
notepad
and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.


FRST.gif
Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.
 
S

SynthiaHasProblems

New Member
Thread author
Aug 24, 2016
3
Thank you so much for your help! Here you go, I don't really understand what's going on here, but I'm sure you'll be able to tell me.
 

Attachments

  • FRST.txt
    23.2 KB · Views: 2
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
 

Attachments

  • fixlist.txt
    14.7 KB · Views: 3
S

SynthiaHasProblems

New Member
Thread author
Aug 24, 2016
3
Here's the log. The thing APPEARS to look normal once I log-in...my browsers aren't loading normally, and it tells me that it's because it hasn't updated in a while. Should I go ahead and update the system?
 

Attachments

  • Fixlog.txt
    26.3 KB · Views: 1
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I would like first to see fresh FRST reports from your Normal windows mode.

FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

Similar threads

L
    • Like
  • Locked
Solved "Felidae" Chrome Extension
Replies
17
Views
789
Windows Malware Removal Help & Support
icotonev
icotonev
P
  • Locked
Microsoft Edge infected w/"yahoo search redirect virus"
Replies
7
Views
541
Windows Malware Removal Help & Support
nasdaq
nasdaq
M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
564
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top