Need help with a weird virus

[GoldenBlack]

Hey guys, I've been having some weird virus that comes randomly onto my Computer.

I have a 120 GB SSD that has Windows only on it, and a secondary 1 TB HDD where i put my games on.

At first I only had to reset my SSD and re-install windows but it keeps coming back, last time i reset both SSD and HDD and only left 2 games which are Rainbow Six Siege ( Downloaded from steam ) and GTA V ( downloaded from Rockstar games launcher ) so it should be clean, I also ran multiple scans with Windows Defender/Bitdefender/Kaspersky Anti-Virus/Malwarebytes etc

Point is, none of the above found anything wrong on my system, like litteraly 0 results

What the virus does: Let me describe last time it happened, I was playing R6S normaly, PC Crashed, upon restart It prevents me from using Internet connection, search anything on task bar, run avast antivirus( the one i had before virus comes in 1st time) and it also prevents me from shutting down my system ( Shows "This app is preventing you from turning off your PC" ) it has no title on it and I can't see what it is because when i open task manager it keeps crashing.

Point is if all the antivirus scans i ran didn't show any result, and  I don't download anything else, why does it randomly keep coming? like after a few days from reset it just comes back as if someone is manualy triggering it, someone said it could be from my network on Discord but I doubt it could be that because all my other PCs are fine. It just doesn't make any sense to me, if someone could please help me out because I've tried everything and it still keeps coming back.

Thanks in advance, and sorry for the long thread I tried my best to make it as short as possible without skipping a few details.

[TroghleM]

Others will probably be able to give you more detailed advice, but if you "only left two games", that doesn't feel like a clean reset. You should make a complete and clean reset. The one that ask you again what privacy settings you want, which language you need, to connect to your windows account, etc...  Avoid connecting to internet afterward, and try to use your computer. If it still appears, it might be a problem with your hardware or something else, but I can't help at that point and I don't want to say something too stupid. If it doesn't comeback, then connect to your router and once again, chek if it appear again. If it does, the it's probably coming from here. 

 

Oh, yeah, and make sure you have the latest windows update too. 

[GoldenBlack]

2 minutes ago, TroghleM said:

Others will probably be able to give you more detailed advice, but if you "only left two games", that doesn't feel like a clean reset. You should make a complete and clean reset. The one that ask you again what privacy settings you want, which language you need, to connect to your windows account, etc...  Avoid connecting to internet afterward, and try to use your computer. If it still appears, it might be a problem with your hardware or something else, but I can't help at that point and I don't want to say something too stupid. If it doesn't comeback, then connect to your router and once again, chek if it appear again. If it does, the it's probably coming from here. 

 

Oh, yeah, and make sure you have the latest windows update too. 

As i said, i reset both of my drives and ran multiple anti virus scans afterwards that found "No result"

And the games are official ones, not cracked ones to contain issues, problem is I decided to keep them because I don't wanna have to re-download 170 GB with my 500KB/Sec download speed, that'd take ages

And It can't be my hardware either

[TroghleM]

6 minutes ago, GoldenBlack said:

As i said, i reset both of my drives and ran multiple anti virus scans afterwards that found "No result"

And the games are official ones, not cracked ones to contain issues, problem is I decided to keep them because I don't wanna have to re-download 170 GB with my 500KB/Sec download speed, that'd take ages

And It can't be my hardware either

I understand the problem, I only recently got a good connection. 6 month age 100kbs was a good day for me. But the issue is that if the reset isn't complete, nothing guarante you that the virus is actually suppressed, and not for example, considered a "system file" and left in place. I think a complete factory reset is the only way to be sure, but tbh, if it's that much of a bother to re-download, you might want to wait for someone else to confirm. 

[AngryBeaver]

10 minutes ago, GoldenBlack said:

As i said, i reset both of my drives and ran multiple anti virus scans afterwards that found "No result"

And the games are official ones, not cracked ones to contain issues, problem is I decided to keep them because I don't wanna have to re-download 170 GB with my 500KB/Sec download speed, that'd take ages

And It can't be my hardware either

If you didn't remove them then you didn't do a full reset. Also, going off what you are saying doesn't tell me if you actually have something wrong. It could just be a hardware issue.

 

Try downloading and running malwarebytes. See if it finds anything. If not you can do a FULL clean install. I personally would get a flash drive and download a fresh copy of windows and make a USB installer for windows and just nuke everything.

[mariushm]

You may want to ask yourself if it's actually a virus. It probably isn't.

 

It could just be some protection (anti piracy, multiplayer protection) built into those games or some other crap that causes you problems, like a windows update

As for internet issues, maybe it's a flacky network card which doesn't initially properly after a computer reset, but may start properly when the pc is fully shut down and then turned on (full power disconnection).

 

You don't have to re-download those games from the internet. Use the Backup game option in the Steam menu to create a backup of the game... when you want, you can restore the game from backup without downloading anything.

If you're worried about a virus infecting the game, you can right click on the game entry in Steam and hit properties, then click on the option 'Verify game integrity'... Steam will check each file to make sure it's 100% identical with their copy on the server and if there's some changes, Steam will only download the differences.

As for GTA, you can just copy the folder somewhere and when you want to reinstall it, just copy the folder back, it should work.

[GoldenBlack]

Just now, TroghleM said:

I understand the problem, I only recently got a good connection. 6 month age 100kbs was a good day for me. But the issue is that if the reset isn't complete, nothing guarante you that the virus is actually suppressed, and not for example, considered a "system file" and left in place. I think a complete factory reset is the only way to be sure, but tbh, if it's that much of a bother to re-download, you might want to wait for someone else to confirm. 

System files are independant from games, games are on a different drive while my system is on my SSD with nothing else with it, I wiped all my SSD for a clean windows Install, so I doubt it could be that, and reseting both of my drives, without the games backup is my latest solution, for now I'm trying with backup of the games, if it shows up again i'll do it.

Even though it wouldn't make sense because all anti viruses didn't find anything with my current Data on both Drives 

[GoldenBlack]

1 minute ago, AngryBeaver said:

If you didn't remove them then you didn't do a full reset. Also, going off what you are saying doesn't tell me if you actually have something wrong. It could just be a hardware issue.

 

Try downloading and running malwarebytes. See if it finds anything. If not you can do a FULL clean install. I personally would get a flash drive and download a fresh copy of windows and make a USB installer for windows and just nuke everything.

That's what I did ( the second part ) but that's the first time i reset both drives, first times i used to only reset my SSD and re-install windows, so i thought it could be from my other Data in the secondary drive so i'm trying this solution for now, if it still comes back i'll wipe everything off 

[AngryBeaver]

37 minutes ago, GoldenBlack said:

What the virus does: Let me describe last time it happened, I was playing R6S normaly, PC Crashed, upon restart It prevents me from using Internet connection, search anything on task bar, run avast antivirus( the one i had before virus comes in 1st time) and it also prevents me from shutting down my system ( Shows "This app is preventing you from turning off your PC" ) it has no title on it and I can't see what it is because when i open task manager it keeps crashing.

This could be explained by issues with windows files, ram, corrupt sectors on a disk... etc. This doesn't necessarily point to a virus.

 

I mean this is starting to sound much more like a hardware/software issue than it is a virus.

 

[GoldenBlack]

3 minutes ago, mariushm said:

You may want to ask yourself if it's actually a virus. It probably isn't.

 

It could just be some protection (anti piracy, multiplayer protection) built into those games or some other crap that causes you problems, like a windows update

As for internet issues, maybe it's a flacky network card which doesn't initially properly after a computer reset, but may start properly when the pc is fully shut down and then turned on (full power disconnection).

 

You don't have to download those games from the internet. Use the Backup game option in the Steam menu to create a backup of the game... when you want, you can restore the game from backup without downloading anything.

If you're worried about a virus infecting the game, you can right click on the game entry in Steam and hit properties, then click on the option 'Verify game integrity'... Steam will check each file to make sure it's 100% identical with their copy on the server and if there's some changes, Steam will only download the differences.

As for GTA, you can just copy the folder somewhere and when you want to reinstall it, just copy the folder back, it should work.

I did that with GTA Yeah, as for Rainbow Six Siege i'll do that too in  a bit, but about the connectivity, I'm using a wifi USB and it works properly, Last time it was working then after rebooting, it stoped working and as i said 

there is this "process" that prevents me from doing the following: Connecting to Wifi/opening task manager etc ( indicated on the thread )

And I'm pretty sure it's not hardware related either 

[GoldenBlack]

1 minute ago, AngryBeaver said:

This could be explained by issues with windows files, ram, corrupt sectors on a disk... etc. This doesn't necessarily point to a virus.

 

I mean this is starting to sound much more like a hardware/software issue than it is a virus.

 

If it was a hardware issue, reseting windows wouldn't fix it, and the if we can call that "symptoms" are the same each time, and they are gone after a windows re installation, I also tried disabling windows update ( This time only ) I'll see if it comes back again or not

[Syaoran]

Have tried scanning with Malwarebytes? 

Is rootskit scan enabled on avast?

You can download glasswire and see any weird IP comes up, don't open siege, discord or anything else.

7 minutes ago, GoldenBlack said:

And the games are official ones, not cracked ones to contain issues, problem is I decided to keep them because I don't wanna have to re-download 170 GB with my 500KB/Sec download speed, that'd take ages

And It can't be my hardware either

Transfer to games to a USB or another drive

Then create a Windows media key on a different computer (you don't want the virus, if there's one, to copy itself to the media key)

Delete all partitions on the 2nd drive and then do a full reset.

After that, test the system. If it's still going on, boot into the USB and delete all partitions on all drives and install windows.

[GoldenBlack]

And i'm presuming it's a virus because when i try shutting down my PC  it says " this program is preventing your system from shutting down"  and it has no title/icon on it so it's obviously a virus more than a hardware issue

[GoldenBlack]

1 minute ago, Syaoran said:

Have tried scanning with Malwarebytes? 

Is rootskit scan enabled on avast?

You can download glasswire and see any weird IP comes up, don't open siege, discord or anything else.

Transfer to games to a USB or another drive

Then create a Windows media key on a different computer (you don't want the virus, if there's one, to copy itself to the media key)

Delete all partitions on the 2nd drive and then do a full reset.

After that, test the system. If it's still going on, boot into the USB and delete all partitions on all drives and install windows.

That's what I did:

went to my other PC, Created a windows media key to a formated USB 

booted through the USB, once on partitions i did Shift + F10 to open CMD

ran diskpart, selected both disks and ran Clean command on both of them to reset them

Installed windows on the SSD, changed boot to SSD and removed the USB and then i copied back the games from the external HDD i moved them to back to my PC's HDD and ran an antivirus scan with kaspersky that found " no result " 

That's what i did this time, unlike other times where i only used to reset the SSD and not the HDD

[AngryBeaver]

15 minutes ago, GoldenBlack said:

I'm using a wifi USB and it works properly, Last time it was working then after rebooting, it stoped working and as i said 

there is this "process" that prevents me from doing the following: Connecting to Wifi/opening task manager etc ( indicated on the thread )

And I'm pretty sure it's not hardware related either 

See if we are talking about a USB wifi, they are notorious for issues like you are experiencing. So that isn't a system at all and the process preventing a shutdown could be related to the USB stick too. If you have the option try a hardwired connection for a while to see if the problem goes away.

 

15 minutes ago, GoldenBlack said:

If it was a hardware issue, reseting windows wouldn't fix it, and the if we can call that "symptoms" are the same each time, and they are gone after a windows re installation, I also tried disabling windows update ( This time only ) I'll see if it comes back again or not

Except the issues aren't resolved by a window reset. You said they keep coming back, that sounds like intermittent issues and you are drawing conclusions that it was resolved by a reset temporarily.

 

You have to be careful with the assumptions you make when trying to run down the issue. I would try to rule out hardware issues at this point. Then if nothing stands out as an issue after testing things like the drives and memory. You could choose to do a full destructive format and reinstall. Make sure you go the USB install route for windows and completely format all your drives in the setup. Then install your OS and see if the problem comes back, if it comes back then more than likely it is 100% an issue with your computer. I mean it could be something on your network, but this doesn't sound like a worm or lateral movement type scenario. You just aren't important enough for that. So some script kiddie commodity stuff sure, but anything deeper is pretty much out of scope for this scenario. So I pretty sure if this was malicious something would have been able to detect it... even if this was 0-day this has been going on for a few days now and I would expect definitions to be picking it up... even more so since you have formatted the main drive at least once possibly twice.

[TroghleM]

17 minutes ago, GoldenBlack said:

If it was a hardware issue, reseting windows wouldn't fix it, and the if we can call that "symptoms" are the same each time, and they are gone after a windows re installation, I also tried disabling windows update ( This time only ) I'll see if it comes back again or not

Actually, minor problems in your hard drive might cause problems that can be temporary solved by a fresh install. A friend of mine had a broken HDD in his laptop and kept using it for months before changing it. He just had random crash every thirty minutes, and each reset of the computer stopped them for around a week, then they came back. He changed his HDD after some time, and it stopped. So it might still be the problem.

[Syaoran]

6 minutes ago, GoldenBlack said:

That's what I did:

 

9 minutes ago, GoldenBlack said:

And i'm presuming it's a virus because when i try shutting down my PC  it says " this program is preventing your system from shutting down"  and it has no title/icon on it so it's obviously a virus more than a hardware issue

There's must something funky with windows or a program then, try looking in event viewer:

Windows Logs > System

Scroll until you get to a time where you tried a shut down and look for 'The following application attempted to veto the shutdown'

[BlackManINC]

22 minutes ago, GoldenBlack said:

That's what I did:

went to my other PC, Created a windows media key to a formated USB 

booted through the USB, once on partitions i did Shift + F10 to open CMD

ran diskpart, selected both disks and ran Clean command on both of them to reset them

Installed windows on the SSD, changed boot to SSD and removed the USB and then i copied back the games from the external HDD i moved them to back to my PC's HDD and ran an antivirus scan with kaspersky that found " no result " 

That's what i did this time, unlike other times where i only used to reset the SSD and not the HDD

Have you tried running an antivirus scan at boot time? Its about as in dept as a scan could possibly get since it runs the scan before your O.S or any services start running, which means neither is the malware, assuming there is one. I never tried it myself but there are tutorials showing you how. Here is one from Avast since you have it installed. You might be infected with a rootkit, which aren't easily detected by a normal scan if designed by a skilled hacker. I'm not sure how reliable Avast really is, and I personally prefer malwarebytes, so take it with a grain of salt. Before even doing this, make sure Avast's virus library is up to date.

 

Link: https://support.avast.com/en-us/article/Antivirus-Boot-time-Scan/

[AngryBeaver]

2 minutes ago, BlackManINC said:

Have you tried running an antivirus scan at boot time? Its about as in dept as a scan could possibly get since it runs the scan before your O.S or any services start running, which means neither is the malware, assuming there is one. I never tried it myself but there are tutorials showing you how. Here is one from Avast since you have it installed. You might be infected with a rootkit, which aren't easily detected by a normal scan if designed by a skilled hacker. I'm not sure how reliable Avast really is, and I personally prefer malwarebytes, so take it with a grain of salt. Before even doing this, make sure Avast's virus library is up to date.

 

Link: https://support.avast.com/en-us/article/Antivirus-Boot-time-Scan/

You can also run in safe mode which will only run the bare minimum to get windows to boot... which means those items will not be booting either.

[BlackManINC]

Yeah, what he said. 

[GoldenBlack]

I use the same WIFI USB on my other PC sometimes when i'm not using this one, it's not the issue because if it was, i'd have the same issue on my other PC.

And why am i assuming that it's not hardware related: Because it shows that there's a program that's preventing me from shutting down my PC, logicly that same program is what's not letting me access internet or task manager to trace it down and find what it is.

Everytime it occurs i find that same program preventing me from doing the stuff i said above ^

My PC doesn't crash, it only crashed once out of like 7 cases including that i use it for atleast 8 hours a day So if it had issues it'd most likely crash atleast once a day

Just try to follow my logic

[GoldenBlack]

3 minutes ago, AngryBeaver said:

You can also run in safe mode which will only run the bare minimum to get windows to boot... which means those items will not be booting either.

I'm not using avast anymore though 

[AngryBeaver]

1 minute ago, GoldenBlack said:

I use the same WIFI USB on my other PC sometimes when i'm not using this one, it's not the issue because if it was, i'd have the same issue on my other PC.

And why am i assuming that it's not hardware related: Because it shows that there's a program that's preventing me from shutting down my PC, logicly that same program is what's not letting me access internet or task manager to trace it down and find what it is.

Everytime it occurs i find that same program preventing me from doing the stuff i said above ^

My PC doesn't crash, it only crashed once out of like 7 cases including that i use it for atleast 8 hours a day So if it had issues it'd most likely crash atleast once a day

Just try to follow my logic

Well if you already know what it is and isn't then I guess there is nothing more for any of us to add. Good luck!

[GoldenBlack]

It just basicaly shows once every 3 days or up to a week, as if it was triggered manualy and i don't have issues with connecting to my internet/crashes or anything like that during that period, i only have those issues once i see that this program is preventing me from shutting down my PC

so logicly, it's a virus and not hardware problems 

[GoldenBlack]

1 minute ago, AngryBeaver said:

Well if you already know what it is and isn't then I guess there is nothing more for any of us to add. Good luck!

I'm just saying that I already went through those possibilities, and you're telling me it's hardware issues while it's clearly not bro I'm not  saying it the way you're taking it but yeah thanks for the help ig