1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware Won't Let Me Install Program To Remove It

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Flghtlss, Aug 31, 2017.

Tags:
  1. Flghtlss

    Flghtlss Private E-2

    Can someone PLEASE help me. I tried your steps but I can't get passed running Malwarebytes. I am assuming it's malware causing my problems and I can't do anything to scan and remove it. I had Malwarebytes installed but when I downloaded a file malware took over and it removed my Malwarebytes and when I try to reinstall it says "The Requested Source is in Use". I renamed the file like you said but still nothing. I have downloaded several virus/malware programs but it tells me the same thing when trying to install them. It won't let me go into safe mode and it won't let me open my task manager. It did let me run Windows Defender and it found a couple of threats but after removing them whatever is causing the problem is still there! Symantec used to have a virus scan that was 100% online but now you have to download a file and it won't let me run it!! Someone please tell me how to fix it. I'm desperate as I use my computer for my work.
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you were not able to do that, then we need to do a scan before the malware can load:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
    Plug the flashdrive into the infected PC.
    Option1: Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Option2: Enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
  4. Flghtlss

    Flghtlss Private E-2

    The only malware/ virus program it will let me run is msert.exe. it found TrojanDownloader:Win32/Dofoil.AC but it will only partially remove it. I can't open my task manager or anything. Windows Defender will scan but it's not picking it up.
     
  5. Flghtlss

    Flghtlss Private E-2

    By the way, I'm using Windows 10 and it won't let me go into safe mode or do a system restore. can I still download this to a flash drive and it work? I don't and a Windows disk either. :'(
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    When you boot up and immediately start hitting F8, what happens?
     
  7. Flghtlss

    Flghtlss Private E-2

    It just restarts like normal. No safe mode or repair options. I even tried Shift + Restart and went to settings and tried safe mode from there. It just reboots normally. My task manager starts to open and then closes. I'm pulling my hair out. Sorry if my replies are a bit slow. I take care of my aunt and don't always have a lot of time at the computer.
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's see if we can figure out what is going on with this. We need this to run and create a log.

    • Download TDSSKiller from Kaspersky directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 or Win10 do not double click on it but rather, right click and select Run As Administrartor. )
    • If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).

    [​IMG]

    • Click on Run to allow the application to run properly.
    • If you see any popup warnings from your antivirus or firewall about it trying to access the nework or similar, make sure that you allow it to run/have access.
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    You will then see the below window
    [​IMG]

    • Click on the Start scan button to begin the scan and wait for it to finish. When it finishes, you will see a window similar to below accept you may have one indicating infections were found.
    [​IMG]
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should already be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
    • Reboot and the infection should hopefully be removed.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  10. Flghtlss

    Flghtlss Private E-2

    I am so frustrated I'm in tears! It won't let me run Malwarebytes even per your instructions. I had Malwarebytes installed when this virus took over and afterwards my Malwarebytes icon was gone. I uninstalled it and deleted what files I was able to find and still nothing. What am I going to do?
     
  11. Flghtlss

    Flghtlss Private E-2

    By the way, My Windows Defender has been working but now it says it's turned off and it won't let me turn it back on.
     
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just do what I suggested in the previous posts.
     
  13. Flghtlss

    Flghtlss Private E-2

    Sorry. After malwarebytes wouldn't run I forgot to run MGTools. I hope I did it right. It was finished pretty quickly.
     

    Attached Files:

  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It did not run to completion. It only generated one log. Did you right click on the .exe and choose to run it as admin? It should take about 20 minutes and produce multiple logs.
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I also want you to try running RogueKiller.
     
  16. Flghtlss

    Flghtlss Private E-2

    Sorry Tim. I really am not a dummy, honest, but I forgot to run as admin the first time and all these pop ups kept coming at me so I had to shut my computer down to stop it. THEN I ran it as admin and it was finished rather quickly. Is there a way to do it again and have it run the full logs? I'm sorry, I do appreciate all your help. I had an emergency and I won't be at my computer for a few days. Will you please leave this thread open until I can get back home and follow the rest of your instructions?
     
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You only need to right click on the MGTools.exe and run it as Admin. and don't do anything until it tells you it is finished. But I also want you to try running RogueKiller and Hitman. Don't worry......I am not going anywhere.
     
  18. Flghtlss

    Flghtlss Private E-2

    Ok Tim, Here is what I had to do. When I ran MGTools as admin it would finish within seconds. You said it should take about 20 mins. so I ran it by double clicking and kept hitting YES to allow the program to do it's thing. THAT took about 20 mins. I hope it gave you what you need. Also, I ran RogueKiller and it found a lot of things and removed them. It will NOT allow me to run HitmanPro. Even after RogueKiller removed all that stuff I still have the problem. I hope this log helps. Oh, I forgot to mention that after running MGTools I have several folders and Icons that are very light. Almost transparent. Is that normal? And, thank you for being so patient. :)
     

    Attached Files:

  19. Flghtlss

    Flghtlss Private E-2

    I forgot to tell you that I like your Title... Jedi Malware Expert. I sure hope the FORCE is with you when you look at my logs zip. ;-) LOL
     
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since you managed to get RogueKiller to run, I would like to see the log.

    Please do the following:

    Download OTL to your desktop.

    Double-click OTL.exe to start the program.
    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code
    Code:
    :processes
    :killallprocesses
    :otl
    O2 - BHO: (no name) - {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - (no file)
    :files
    C:\Users\Wanda\AppData\Local\Temp
    C:\WINDOWS\tasks\MSWTLAOJGYRMMWST.job
    C:\WINDOWS\tasks\rbDBAJbUYzvtyL.job
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    "NoExplorer"=dword:00000001
    @="URLRedirectionBHO"
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
    @=""
    "NoInternetExplorer"="1"
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F56DBC1-D07A-45F4-9AB7-A9F6E7A3CB21}]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BAC74E39-7874-4F20-94FD-FFD4B2E125DC}]
    
    :commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]
    
    
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.
     
  21. Flghtlss

    Flghtlss Private E-2

    Hi Tim,

    I did what you said. When I started the process a box popped up and I hit "OK". That was around noon. It's 8:00 pm and it's still sitting there. I can't click on anything but it's not froze up because I can minimize it and move the box around. It says in the statusbar "Processing Registry Data "No Explorer"=dword:00000001..." and it's been saying the same thing all day. How long does it usually take the program to run?
     
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    OK, close it out and please get me the log from running RogueKiller.
     
  23. Flghtlss

    Flghtlss Private E-2

    I hope this is right.
     

    Attached Files:

  24. Flghtlss

    Flghtlss Private E-2

    This is the Deletion Log... I think. LOL
     

    Attached Files:

  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good. Please try running it again to be sure it is clean. Also try running ADWCleaner and Hitman and attach all the logs.
     
  26. Flghtlss

    Flghtlss Private E-2

    When I started up my computer this morning this popped up on Notepad. Apparently OTL tried to run but couldn't complete. Should I try it again too? It won't let me run hitmanPro or ADWCleaner. I m starting RogueKiller now but it will be awhile. It takes hours. LOL
     

    Attached Files:

  27. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Once RogueKiller is done, lets try this since OTL didn't complete:

    Download OTM by Old Timer and save it to your Desktop.

    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7, Win8, or Win10 don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Processes
    explorer.exe
    :files
    C:\Users\Wanda\AppData\Local\Temp
    C:\WINDOWS\tasks\MSWTLAOJGYRMMWST.job
    C:\WINDOWS\tasks\rbDBAJbUYzvtyL.job
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
    
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F56DBC1-D07A-45F4-9AB7-A9F6E7A3CB21}]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BAC74E39-7874-4F20-94FD-FFD4B2E125DC}]
    
    :Commands
    [purity]
    [ResetHosts]
    [createrestorepoint]
    [emptytemp]
    [start explorer]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.
     
  28. Flghtlss

    Flghtlss Private E-2

    OK I ran OTM and after the reboot notepad opened with the info that was in the green box before it closed.Here is what it had:

    Code:
    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    C:\Users\Wanda\AppData\Local\Temp\PhotoshopCrashes folder moved successfully.
    C:\Users\Wanda\AppData\Local\Temp\lilo.5876 folder moved successfully.
    C:\Users\Wanda\AppData\Local\Temp\flaF4BC.tmp folder moved successfully.
    C:\Users\Wanda\AppData\Local\Temp\flaB8BF.tmp folder moved successfully.
    C:\Users\Wanda\AppData\Local\Temp\fla359C.tmp folder moved successfully.
    C:\Users\Wanda\AppData\Local\Temp\fla24E6.tmp folder moved successfully.
    Folder move failed. C:\Users\Wanda\AppData\Local\Temp scheduled to be moved on reboot.
    File/Folder C:\WINDOWS\tasks\MSWTLAOJGYRMMWST.job not found.
    File/Folder C:\WINDOWS\tasks\rbDBAJbUYzvtyL.job not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F56DBC1-D07A-45F4-9AB7-A9F6E7A3CB21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F56DBC1-D07A-45F4-9AB7-A9F6E7A3CB21}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BAC74E39-7874-4F20-94FD-FFD4B2E125DC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAC74E39-7874-4F20-94FD-FFD4B2E125DC}\ not found.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTM Restore Point
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 313336 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
     
    User: Default.migrated
     
    User: Public
     
    User: Wanda
    ->Temp folder emptied: 92244466 bytes
    ->Temporary Internet Files folder emptied: 94518771 bytes
    ->Google Chrome cache emptied: 426898731 bytes
    ->Flash cache emptied: 314704 bytes
     
    %systemdrive% .tmp files removed: 275303 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 222258109 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 798.00 mb
     
     
    OTM by OldTimer - Version 3.1.21.0 log created on 09122017_074058
    
    Files moved on Reboot...
    Folder move failed. C:\Users\Wanda\AppData\Local\Temp scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-116.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-13251.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-13780.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-17892.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-20524.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-20562.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-28549.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-3144.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-31687.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-3821.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-4122.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-5666.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-5862.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-7575.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-8464.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Temp\date-9691.vbs scheduled to be moved on reboot.
    File move failed. C:\Users\Wanda\AppData\Local\Microsoft\Windows\INetCache\counters2.dat scheduled to be moved on reboot.
    C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
    C:\Users\Wanda\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
    File move failed. C:\WINDOWS\temp\msidntfs\SSL\cert.db scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\gnserv.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\spserv.dat scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\svcvmx.zip scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\TmpFile1 scheduled to be moved on reboot.
    
    Registry entries deleted on Reboot...

    I'm not sure if I had to insert it as a CODE or not so I did just to be safe. I am attaching the fill you wanted also. I ran RogueKiller again and it found more things and deleted them but the problem still persists. I will attach those logs also. I have had viruses before but nothing like this. It seems like my computer is running slower by the day.

    Thanks for bearing with me, Tim!

    P.S. I just noticed the info under the green bar is the exact same thing as the file you asked me to attach. Is that supposed to be the case?
     

    Attached Files:

  29. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's see if you can get this to run:

    Download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the cureit-beta.exe file and allow to run
    • If it prompts you about getting any updates, get the update and then rerun the cureit-beta.exe installation.
    • When it finishes you will have a green window with a Start and an Update selection. Click Start
    • the Express Scan of your PC window will come up. Click OK to scan main memory to detect infected process in memory.
    • If anything is found in memory, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • You may see a popup window to Buy or get a discount on the program. Just click the X at the top right to close this popup. The scan will continue.
    • Once the short scan is completed, click the Custom Scan radio button. Then Select each of your hard disk drives (that is if you have more than one). A red dot shows which drives have been chosen.
    • Click the green arrow at the right under the Dr.Web logo, and the scan will start.
    • Click 'Yes to all' if it finds any problems and asks if you want to cure or move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! This is necessary because there could be files in use that will be moved or deleted during reboot.
    • After reboot, rename the DrWeb.csv file to DrWeb.txt so that it can be uploaded here and then attach the log from Dr.Web to your next reply
     
  30. Flghtlss

    Flghtlss Private E-2

    It won't let me run it. I am so frustrated! :'(
     
  31. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  32. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  33. Flghtlss

    Flghtlss Private E-2

    I don't know if it will ever be right again or not. It seems like everything is against me. LOL The Microsoft tool says it's not compatible with my version of windows (I am running Windows 10) and Eset DOES require a download and It won't let me run it just like all the rest. Grrrr! Is there an updated version of the Microsoft tool?
     
  34. Flghtlss

    Flghtlss Private E-2

    Whoops! I'm so sorry. I downloaded the 32 bit by mistake. It's running now.
     
  35. Flghtlss

    Flghtlss Private E-2

    Hi Tim,

    The program had run for most of the day and my computer froze up so I had to run it again. Sorry for taking so long again. I was taking care of my aunt. The program didn't find anything but I definitely know something is there. My computer is running slow, I still can't open task manager or start up in safe mode, most of the programs you have suggested won't run and now it says my Windows Defender is turned off and I can't turn it back on. Any idea from here? Could it be that Ransomeware I keep hearing about? Thanks Tim!

    Wanda
     
  36. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Arrgh!! Ok, lets try a recovery. Right click the start menu and choose Settings. Once that opens, click on Update and Recovery. Once that opens, on the left, choose Recovery. When that opens, your first choice will be to Reset the PC> you can choose to keep all your files and documents. Don't worry, but it will take a long time.

    Report back.
     
  37. Flghtlss

    Flghtlss Private E-2

    Arrgh!! is right! Will I lose the programs and things I have installed? Sorry I'm such a tough case. I'm just trying to keep you on your toes. LOL
     
  38. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you will have to re-install programs that were installed.
     
  39. Flghtlss

    Flghtlss Private E-2

    Oh man. That could take WEEKS! Ugh! I ran RogueKiller again and t found more stuff but after I had it remove them I can't click on my start button or anything. It said svhost (I think that's right... svchost maybe?) was a virus but I have seen that in my task manager for ages. I had it remove it because I assumed the program knew what it was doing. Should that have stayed? I really have no more options, huh?
     
  40. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you can't open Settings, you can get to reset by restarting your PC from the sign-in screen. Press the Windows logo key Windows logo key +L to get to the sign-in screen, then hold the Shift key down while you select Power > Restart in the lower-right corner of the screen. After your PC restarts, select Troubleshoot > Reset this PC.
     

Share This Page


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


<