Windows malware help!!!!

[jhinfex]

Hello, my PC running windows 10 having some sort of svchost.exe malware attack, it make me unable to preform any task beside login to the desktop screen. The screen keep flickering like crazy and i'm unable to access any on screen app nor the taskbar, i can only manage to open task manager with ctrl+alt+delete shortcut, and in details there are bunch of svchost.exe pop like crazy. I tried to go into safe boot but the same problem appear in safeboot as well and. Please help, i have a lot of stuff that relate to my assignent in that drive so i can't just reinstall windows.

[LUC1D]

are all your important files backed up and can you get into the bios?

 

 

[jhinfex]

1 minute ago, LUC1D said:

are all your important files backed up and can you get into the bios?

 

 

No nothing is backed up

But i can get into bios 

[Murasaki]

If you are able to launch a program from Task Manager (File > Run new task) then you can try running Autoruns which will let you see programs launching on startup and disable this malware from executing on logon. If the malware is specifically made to not launch any program other than its name you can try renaming autoruns' application to "svchost.exe" to trick it.

 

You should be able to download it from your phone or other device and run it while connected to your PC as a storage device.

 

This is ultimately what I would try in this specific case.

[TrigrH]

47 minutes ago, jhinfex said:

No nothing is backed up

But i can get into bios 

Insert windows installation media.

Once booted into the windows installer

hit Shift+F10

type notepad hit enter

File > Open

(change file type from .txt to all files)

You can now browse and backup your files to removable storage

*Note in this window file operations do not update live, so be patient.*

Once backed up, close notepad and CMD, install windows.

[jhinfex]

30 minutes ago, Murasaki said:

If you are able to launch a program from Task Manager (File > Run new task) then you can try running Autoruns which will let you see programs launching on startup and disable this malware from executing on logon. If the malware is specifically made to not launch any program other than its name you can try renaming autoruns' application to "svchost.exe" to trick it.

 

You should be able to download it from your phone or other device and run it while connected to your PC as a storage device.

 

This is ultimately what I would try in this specific case.

Can you provide me a step by step to the autoruns thingy ?

 

 

[jhinfex]

13 minutes ago, TrigrH said:

Insert windows installation media.

Once booted into the windows installer

hit Shift+F10

type notepad hit enter

File > Open

(change file type from .txt to all files)

You can now browse and backup your files to removable storage

*Note in this window file operations do not update live, so be patient.*

Once backed up, close notepad and CMD, install windows.

Yeah i recall that the last option but i really don't want to install windows, it's just a massive pain in the butt to reinstall everything, there are some applications that i have to config manually and it took like days, i don't want to relive that but thank you

 

[Needfuldoer]

15 minutes ago, jhinfex said:

Can you provide me a step by step to the autoruns thingy ?

Run msconfig instead, it's already on your machine.

 

https://answers.microsoft.com/en-us/windows/forum/all/msconfig-the-system-configuration-tool/273dea8e-4cbe-47e9-8489-f400e879ce17

[jhinfex]

1 minute ago, Needfuldoer said:

Run msconfig instead, it's already on your machine.

 

https://answers.microsoft.com/en-us/windows/forum/all/msconfig-the-system-configuration-tool/273dea8e-4cbe-47e9-8489-f400e879ce17

Ok i'm in the sys config app

what am i suppose look for ?

[Needfuldoer]

3 minutes ago, jhinfex said:

Ok i'm in the sys config app

what am i suppose look for ?

Anything that looks weird. Processes with no title, things running out of your user directory on startup, non-Microsoft processes with garbage names...

 

As long as you tick the "Hide all Microsoft services" box, nothing you disable will ruin everything forever. You can always go back and re-enable things.

 

Post a screenshot of the Startup tab if you want to.

[jhinfex]

Just now, Needfuldoer said:

Anything that looks weird. Processes with no title, things running out of your user directory on startup, non-Microsoft processes with garbage names...

 

As long as you tick the "Hide all Microsoft services" box, nothing you disable will ruin everything forever. You can always go back and re-enable things.

 

Post a screenshot of the Startup tab if you want to.

ok it doesn't work

it keep flickering with a bunch of svchost.exe in task manager

 

[jhinfex]

14 minutes ago, Needfuldoer said:

Anything that looks weird. Processes with no title, things running out of your user directory on startup, non-Microsoft processes with garbage names...

 

As long as you tick the "Hide all Microsoft services" box, nothing you disable will ruin everything forever. You can always go back and re-enable things.

 

Post a screenshot of the Startup tab if you want to.

And i can't send any media, the forum lock my account for like 15mins lmao just because i miss type my password twice

[Murasaki]

1 hour ago, jhinfex said:

Can you provide me a step by step to the autoruns thingy ?

 

 

There are no steps, you see an entire list of startup entries, untick those who look suspicious (svchost.exe or similar) and restart to see if they dont appear anymore. Some things that can help you though:
You can additionally go in Options > Hide Microsoft Entries which will remove anything signed by Microsoft thats guranteed to be from the OS.

You can also go in Options > Scan Options and tick "Check VirusTotal.com" so it also provides you with a quick scan of the items.