Jump to content

Malware / Virus Help!

Captain Of Light
By Captain Of Light
in Troubleshooting
 Share
Posted

HELP!!! I have this virus /  malware called "Windows Installer" And its creeping me out. It look 100% Suspicious with typos everywhere. I tried to uninstall it from my computer, delete the shortcut, I even deleted my temp folder (Where it was located under a super weird name.)

 

The File: http://prntscr.com/5bkzd1

The Installer Scam: http://prntscr.com/5bkwy4 

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/
Share on other sites
Link to post
Share on other sites
Posted

I am working on making a batch file that auto runs all my tools, so everyone sit tight for that.
For now, download this : https://www.dropbox.com/sh/6eftoutzp7abmbo/AACItIX-uRxZB1u2L9zl0Xh3a?dl=0

If you have anything that gets in the way of windows, use rkill (the red one), run as admin.

First run Adware Removal tool (as admin).
After that, use ADWCleaner (as admin)
Combofix (as admin; only if you are using windows 7 and below)
HitmanProX64 (As admin; you can enter any email address. Example: iuasdrfkljufasd@nowhere.com)
Run RogueKillerX64 (As admin) and remove anything that isn't green.
Install malwarebytes, update it, and run a full threat scan.
At the same time as malwarebytes, run an MSE/Defender scan.
And while those two are running, install spybot 1.6.2, update the library (not the version, say no to 2.1), make a registry backup with spybot, and then close it.
Right click and run it as admin, and let that scan finish. 
Once they all finish, remove what MSE finds, then what spybot finds, and then remove what Malwarebytes find (in that order).
Restart, and open Malwarebytes, go to history, and then delete all.

After all that, reset all browsers to default, even the ones you dont use, delete extensions from chrome, and use Revouninstaller to remove any programs that are bad fully (launch, double click on the program, run advanced uninstaller, and delete all extra registry keys/files).

run CCleaner for a final good measure (temp files, and then scan for registry, backup, delete, scan, delete, scan, delete, scan, is there more? no? Restart. If it boots, delete the backup) and do your updates, and you're good to go. 

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3551660
Share on other sites
Link to post
Share on other sites
Posted

I am working on making a batch file that auto runs all my tools, so everyone sit tight for that.

For now, download this : https://www.dropbox.com/sh/6eftoutzp7abmbo/AACItIX-uRxZB1u2L9zl0Xh3a?dl=0

If you have anything that gets in the way of windows, use rkill (the red one), run as admin.

First run Adware Removal tool (as admin).

After that, use ADWCleaner (as admin)

Combofix (as admin; only if you are using windows 7 and below)

HitmanProX64 (As admin; you can enter any email address. Example: iuasdrfkljufasd@nowhere.com)

Run RogueKillerX64 (As admin) and remove anything that isn't green.

Install malwarebytes, update it, and run a full threat scan.

At the same time as malwarebytes, run an MSE/Defender scan.

And while those two are running, install spybot 1.6.2, update the library (not the version, say no to 2.1), make a registry backup with spybot, and then close it.

Right click and run it as admin, and let that scan finish. 

Once they all finish, remove what MSE finds, then what spybot finds, and then remove what Malwarebytes find (in that order).

Restart, and open Malwarebytes, go to history, and then delete all.

After all that, reset all browsers to default, even the ones you dont use, delete extensions from chrome, and use Revouninstaller to remove any programs that are bad fully (launch, double click on the program, run advanced uninstaller, and delete all extra registry keys/files).

run CCleaner for a final good measure (temp files, and then scan for registry, backup, delete, scan, delete, scan, delete, scan, is there more? no? Restart. If it boots, delete the backup) and do your updates, and you're good to go. 

I don't generally recommend any kind of registry cleaner, even if it's CCleaner.

"It pays to keep an open mind, but not so open your brain falls out." - Carl Sagan.

"I can explain it to you, but I can't understand it for you" - Edward I. Koch

"I didn't die! I performed a tactical reset!" - Apollolol

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3552187
Share on other sites
Link to post
Share on other sites
Posted

I don't generally recommend any kind of registry cleaner, even if it's CCleaner.

Anything other than CCleaner is junk and probably fake, but CCleaner is good. 

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3552317
Share on other sites
Link to post
Share on other sites
Posted

I work for AVG.  Just run Malwarebytes.  I mean, I normally just restore from a System Image and so do the others.  But, I'd recommend running Malwarebytes. 

 

BUT!!!   Firstly download Process Explorer (you should do even if you aren't infected) and hit the check box to submit to virustotal. That will just scan every process with VirusTotal and you can see if any running processes are infected, then submit the exe to virustotal www.virustotal.com  and that will show you the hash as well as scan it with multiple antivirus vendors.  

 

Just don't forget to check the PE details (packaged executable?) and see the details, it might reveal something.  I'm not a malware researcher but my friend is.  (incase your wondering why I'm saying the whole virustotal biz)

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3553483
Share on other sites
Link to post
Share on other sites
Posted

I work for AVG.  Just run Malwarebytes.  I mean, I normally just restore from a System Image and so do the others.  But, I'd recommend running Malwarebytes. 

 

BUT!!!   Firstly download Process Explorer (you should do even if you aren't infected) and hit the check box to submit to virustotal. That will just scan every process with VirusTotal and you can see if any running processes are infected, then submit the exe to virustotal www.virustotal.com  and that will show you the hash as well as scan it with multiple antivirus vendors.  

 

Just don't forget to check the PE details (packaged executable?) and see the details, it might reveal something.  I'm not a malware researcher but my friend is.  (incase your wondering why I'm saying the whole virustotal biz)

My method will nuke pretty much anything you can throw at it. 

It's very rare that there is a virus left over.

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3553556
Share on other sites
Link to post
Share on other sites
Posted

Anything other than CCleaner is junk and probably fake, but CCleaner is good.

I didn't say it wasn't good. I use it, and the latest revision is great. However, it can(just like any other program) delete things from the registry that shouldn't be deleted, thereby causing problems.

"It pays to keep an open mind, but not so open your brain falls out." - Carl Sagan.

"I can explain it to you, but I can't understand it for you" - Edward I. Koch

"I didn't die! I performed a tactical reset!" - Apollolol

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3553631
Share on other sites
Link to post
Share on other sites
Posted

I didn't say it wasn't good. I use it, and the latest revision is great. However, it can(just like any other program) delete things from the registry that shouldn't be deleted, thereby causing problems.

Thats true.

That is why it has that handy backup feature.

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
https://linustechtips.com/topic/260559-malware-virus-help/#findComment-3556526
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×