Virus/malware? Computer Username Changed On Its Own & Problem With Mgtools Scan

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gigi Dee, Feb 21, 2017.

  1. Gigi Dee

    Gigi Dee Private E-2

    My apologies in advance for the length. Not sure how much info you needed.

    Lenovo IdeaPad 100s. Windows 10 32bit TrendMicro AntiVirus

    First noticed username name change when I signed in on 2/13/17. The Username was Gigi Dee now it's Gigi Gee.
    I downloaded and ran Malawarebytes on 2/13/17. Nothing amiss noted. Searched internet couldn't find any posts with similar user name change problem.

    Internet has slowed down and today during email keystrokes were very delayed. Not sure if this is related but recently the computer sometimes doesn't fully shut down after I do the usual windows shut down. It seems to shut down but the power light remains on. I have to depress the power button for a few seconds, the screen flashes and the power light goes off.

    The date of the folder with the new user name Gigi Gee was 2/13/17 and remained constant until 2/19/17 and now it changes to the current date when I log on. Not sure if this is normal.

    There are other folders in the User Folder with older dates and shortcuts. I don't recall but maybe they were there before. I don't often look in there. There are more folder, shortcuts and files visible in the Gigi Gee User folder than before I ran all the scans today.
    USER Folder names: Gigi Gee, Public & Default & Default User & Default.migrated

    Note: This computer is about 18 months old. It has been reset to factory setting two times in 2016 after Windows 10 updates caused internet access problems.

    Even though I am the only person to have owned this computer, it doesn't recognize me as an administrator. probably because I am signed in under the Gigi Gee user.
    When I tried to download MGtools to the C: drive I got an error message that I need permission of the administrator.

    Once I got MGTools downloaded, I initiated the scan.
    MGTools started the .bat process. It got to a place where the command line said
    "Ignore any message about access being denied. Just wait for the program to finish running"
    Several Access denied command lines followed.

    A window popped up saying An App needs to install NTVDM. After reading about it, I allowed installation.

    Then a new Microsoft popup window "Do you want this APP to make changes to your device Registry Editor?
    I clicked yes. The window closed but then popped up again within seconds. It popped up continually after that. Even when I clicked No. It seemed to be stuck in loop with the MGTools command prompt window reappearing each time the Popup window closed.
    I didn't see anything about this on the Using MGtolls instruction page.

    The window popped so frequently I couldn't even get the task manager up. Finally I had to force shut down the computer.

    Although MGTools appeared unfinished when I shut the computer down I found the attached zip file in in a GigiGee/AppData/Local/Virtual Store directory

    I've attached all the other logs as well. The MGTools folder has many files in it but not the MGlogs.zip file.
    Should I run the MGTools.exe file again or uninstall & download again and re-run? Full disclosure, I didn't turn off Antivirus before running perhaps that was the problem?

    Thank you!
     

    Attached Files:

    Gigi Dee, Feb 21, 2017
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in your logs. I suggest you pursue this in the software forum.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    3. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your Windows version in this link: Disable And Enable System Restore
      • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
     
    TimW, Feb 22, 2017
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds