Malware!!!!!

[alexnt]

I have this problem:

I have scanned with mbam, adwcleaner, junkware removal tool and tdsskiller. They detect malware so I remove the threats BUT when I reboot the task scheduler says "the remote computer was not found". The service is stopped and when I 2click it is greyed out. Then I change task scheduler service start to automatic in registry and I reboot. When I scan with the above softwares they detect the exact same threats.

 

[itsmyjobtoknow]

You have, in my eyes at least, two options...either get a stronger anti-virus software installed and to get rid of it....or format the machine and install a fresh copy of Windows

[mapegl]

Just now, itsmyjobtoknow said:

t....or format the machine and install a fresh copy of Windows

agree. wipe the system clean and start over. If you have windows 10, this will be quickly done.

[Guest]

Holy crap how does one get such a bad infection?

I would just reinstall, no other way to get 100% clean

[Arwanell]

backup important files and fresh install bro...

[xAcid9]

I would run ADWCleaner and see if it detect the same thing. 
Then run System File Checker.

Of course a OS reinstall is better if you have the time to do that but i prefer to seek & destroy those things myself.

[ExozeGD]

when you have a clean install then download avast or something that will atleast try keeping it clean

[ShaunC]

I have an ISO of the software geeksquad uses to remove viruses and such.  You can give that a try if you don't want to reformat

download here: https://drive.google.com/open?id=0B6RdaXFnwpG5Ui1oV29TdGF3RTg

[itsmyjobtoknow]

3 minutes ago, xAcid9 said:

I would run ADWCleaner and see if it detect the same thing. 
Then run System File Checker.

Of course a OS reinstall is better if you have the time to do that but i prefer to seek & destroy those things myself.

 

Doesn't nuking the entire OS count as a form of seek & destroy?

[Tieox]

Holy smokes, what did you browse to get all that malware

[xAcid9]

Just now, itsmyjobtoknow said:

 

Doesn't nuking the entire OS count as a form of seek & destroy?

that only destroy, no seek and no fun.

[alexnt]

1 hour ago, itsmyjobtoknow said:

1 hour ago, itsmyjobtoknow said:

You have, in my eyes at least, two options...either get a stronger anti-virus software installed and to get rid of it....or format the machine and install a fresh copy of Windows

I have eset smart security alreadi installed but it detected nothing!

1 hour ago, HydraGaming said:

Holy crap how does one get such a bad infection?

I would just reinstall, no other way to get 100% clean

I downloaded a file from a private tracker that was supposed to give direct links to all windows versions iso.

1 hour ago, Arokhantos said:

Doing scan in windows safe mode usually can fix things, even couple of them if does't become less infected after 2e or 3e scan then wipe it, make sure whatever you install or use ain't infected either, you might be reinstalling it without realising its the source of the infection.

Done it already in safe mode

1 hour ago, xAcid9 said:

I would run ADWCleaner and see if it detect the same thing. 
Then run System File Checker.

Of course a OS reinstall is better if you have the time to do that but i prefer to seek & destroy those things myself.

Done it already

1 hour ago, ShaunC said:

I have an ISO of the software geeksquad uses to remove viruses and such.  You can give that a try if you don't want to reformat

download here: https://drive.google.com/open?id=0B6RdaXFnwpG5Ui1oV29TdGF3RTg

I ll give a try

 

[alexnt]

I believe that the task scheduler service triggers the infection!!!!

[xAcid9]

13 minutes ago, ganja7 said:

I believe that the task scheduler service triggers the infection!!!!

Which? Mind taking screenshot of the Action tab?

[alexnt]

15 minutes ago, xAcid9 said:

Which? Mind taking screenshot of the Action tab?

The windows task scheduler service. I ll send a photo later.

 

[alexnt]

5 minutes ago, Arokhantos said:

Their probably a task scheduled that needs to be removed, if you still trying to remove it then i suggest doing this while having the machine disconnected from the internet and use another system to post etc, backdoor cannot function if it has no internet acces.

I believe that it is not functional right now because I have removed it with mbam and not run task scheduler which is what triggers it.

I ve been scanning and removing for many hours but whenever I change task schdl status to auto it regenarates. I dont believe that I can remove it completely. I will dual boot to linux now as you suggested not to use windows online and make a fresh install the next days.

[alexnt]

I tried to boot kaspersy rescue disk but when it is loading(graphics mode) it stops with kernel panic error.

[target51]

Have you tried navigating to the location of the malicious files and manually deleting them? Also try pressing (Windows Key)+R and typing in msconfig, Windows 10 has this in task manager.  Look at start up, is there anything you don't recognize? If so disable it (This will require a reboot). But before you reboot, set up your AV to run a scan on boot this could help us kill the malware prior to it locking the processes. Look up malware analysis pieces online e.g. http://vms.drweb-av.de/virus/?i=3764676

[alexnt]

23 hours ago, target51 said:

Have you tried navigating to the location of the malicious files and manually deleting them? Also try pressing (Windows Key)+R and typing in msconfig, Windows 10 has this in task manager.  Look at start up, is there anything you don't recognize? If so disable it (This will require a reboot). But before you reboot, set up your AV to run a scan on boot this could help us kill the malware prior to it locking the processes. Look up malware analysis pieces online e.g. http://vms.drweb-av.de/virus/?i=3764676

You are the man!!! I manually deleted 3 rar files in program files/common files/microsoft system/serviceprofiles. Probably antimalware didnt have access to compressed files and could not detect them as threats. I also deleted the associated keys in registry.

[target51]

2 hours ago, ganja7 said:

You are the man!!! I manually deleted 3 rar files in program files/common files/microsoft system/serviceprofiles. Probably antimalware didnt have access to compressed files and could not detect them as threats. I also deleted the associated keys in registry.

No problems bud. Now i highly recommend that you keep running a full scan daily for 90 days to ensure that it definitely has not persisted. In addition to this make sure that you reset all of your login creds and enable dual factor authentication on them (if you can). Finally, learn from your mistake, most malware makes it onto a machine due to social engineering, be skeptical and above all if it looks dodgy then research!