I Downloaded Remote Desktop Software From A Scammer.

I downloaded remote Desktop software from a scammer now I have Boost and can't remove it. And

 

I called a phone number on a virus warning popup they told me to click on a download link then they took over my desktop, opened and viewed the chrome passwords and ran something on the cmd line. They showed me my ip address and said my wifi was compromised. When they said that I could get their help for $1,600, I hung up quick. But now my internet connects automatically and there is a BOOST speedometer on my desk top. In safe mode start up defender found csbmini.exe among several other things. I did not know what to do with the results so I left everything alone.

• compromise

 

No there was no agreement to install boost

 

No there was no agreement to install Boost

 

Sorry I may not have replied correctly. I can't find the read me first instructions!

 

https://forums.majorgeeks.com/threa...ide-incl-spyware-virus-trojan-hijacker.35407/

 

Following the instructions now. Thanks for the link.

 

The adwcleaner scan was over very quickly. I am afraid to delete or quarantine what it found. Sounds like something my HP Pavilion needs. Also as a by the way, I noticed that all my restore points are gone.

 

I Downloaded all the tools accept MG I disabled security and put an old version from 2011 in my recycle been. I moved my downloads folder to the desktop as I am not given a choice when downloading.

 

I finally obtained the logs. Here they are. I have not run MG Tools yet because after obtaining the hitman log I made the mistake of running hitman to fruition. Please advise should I continue with MGtools now or am I refused help As the hitman tutorial states this may happen?

 

How do I retrieve the MBAM log, your tutorial page is not loading Also, the scan result showed zero items?
I had run MBAM before I contacted you. I uninstalled that version with 17 items quarantined. I have it in my recycle bin. I tried to restore it for the log but it won't restore.
How do I remove items under the RK log? I guess I need to rerun it to get an active log?

 

1. I left RK minimized in the taskbar with scan results and then I ran Hitman. Was this correct?

2. I think there is a new HitmanPro icon on my desktop it is detailed as (HitmanPro 3.8 True Cloud computing Anti-Malware) Is this a malware shortcut?

3. FYI The Hitman version I ran was (...x64...SurfRight B. V.)

4. Icons on my desktop seemed to be changing their appearance particularly u Torrent and shortcuts to folders seem to be being added on their own. Is this malware behavior?

 

Seems or post have crossed. I did not see #15 when I posted #16.
Here is the Malwarebytes story:
Last Saturday I ran malwarebytes in safe mode and quarantined 17 items.
I then uninstalled and deleted MBAM.
I Found a MBAM folder in programs and renamed it "Salwarebytes" .
"Salwarebytes" is now in microsoft security essentials and cannot be moved.
There is an MBAM folder is in the recycle bin and cannot be restored.
Today I downloaded a fresh copy of MBAM and ran that just now 4U.

 

1. What would make my "u torrent" desktop icon change from the old "green CIRCLE" type logo to a new "square menu" type thing? I haven't clicked on the icon for five years. This computer was in put in mothballs (containing no problems) 5 years ago. The old logo is gone in folders with torrent files too. I just saw it when backing up files to an external drive a day ago.

2. There is a msert(1).exe icon on my desktop which worries me. I Have a USB stick that I have been moving between the infected computer and a newer clean computer, the msert(1)..exe has suddenly shown up on the USB stick!

3. Advanced Identity Protector worries me too. There are 5 search results for it all in AdwCleaner Quarantine! They say created 1/16/2021 the day this scam attack happened!

4. I tried to browse the web with chrome on the infected computer. Major Geeks was the first page I clicked on in favorites. The page did not load well just some blue text and pop ups for cloud and edge. I closed chrome and opened edge that worked better. I went back to chrome a few times and each time MajorGeeks loaded better finally I was able to download AVG Free from your site after first getting a SQL error.

5. Perhaps I did a little too much. I was just checking for problems on the infected computer. The AVG browser behaved differently than it did on my other clean pc. When it opened it imported all the bookmarks over from chrome. I would have preferred to get the bookmarks manually one at a time by visiting other websites. Perhaps I can delete the AVG bookmarks and then start over.

 

I will comply with your instructions.
Seems that all my out dated programs have lost their icons.

1. There is a program in my sys config startup tab called VDownloader.exe/silent manufacturer Unknown location location .... windows currentversion\run,
Is this a bad actor?

2. Would it behoove me to send you an MGtools log? I finally downloaded it.

 

Please help/.
While MGtools was running, it stopped. I have a message window titled ProcDll Logger ProcDll Logger has stopped working --- Check online for a solution and close... OR Close program.

 

I think I am OK it finished here is the resuts

 

I tried to run mgtools from the cmd at GetRunKey there is an error msg Unsupported 16 bit Application program or feature cannot start do to 64 bit incompatibility

Thanks For looking at MGlogs.
One more thing:
I remember something now Because I just found copy of AdwCleaner on my c drive it has 72 folders in its Quarantine folder.
What I did was after this scam attack, I installed and ran AdwCleaner in SAFE MODE.
Now I do not know what to do with Adwcleaner folder under OS (C: ) with 72 quarantined items!
Can I delete it? There is know AdwCleaner under add remove programs

 

Just two last issues:
You may refer me t0 software if you wish.
ISSUE 1. Its the msert thing.
A search for msert shows three files: (created shortly after the scam)msert
a. "properties infected computer m sert.exe" (there is a space in the word msert)
b. "msert (1).exe"
c. "MGlogs.zip" (strange as it seems this is displayed under msert search)
Can I Drag all this stuff to the recycle bin?

ISSUE 2. Is there a way to delete this unavailable folder from the desktop?
I opened a USB stick on my other clean computer and took a sniping tool image of a file from the infected computer.
I saved the image to a new folder on the desktop.
Now that folder can't be opened! or deleted! "error msg says location unavailable".
I removed the USB stick and wiped it by deleting.
Still have unreachable folder on desktop.

 

How do I tell if I am using an admin account?

I have no password on this computer. !!!!!!!!!!!!!!!!!!!

Just now I deleted that folder it was just called new folder the label changed to msert.
At first it would not shred with AVG shredder but I simply emptied the recycle bin and it was deleted.

Now windows 8.1 search shows I still have two msert files on the computer.

I searched the web for msert and it says it's malware. I now have two computers with msert.

 

Yes EVERTHING seems to be OK now on both computers ALL files were deleted.

Funny though how a search in the AVG browser shows results for msert malware seems some people just want you to download their software to remove it.

Thanks so much it is better work with MajorGeeks than follow youtube tutorials ect.

I wish I could show my appreciation. Back in the day MajorGeeks accepted Donations if I am not mistaken?.

For your amusement you may want to see my only old thread under the member name Rush2Done.