Help with a virus

MO35AB

MO35AB

Well-Known Member
OP
Member
Level 8
Joined
Apr 16, 2016
Messages
255
Trophies
0
Age
31
XP
1,440
Country
Algeria
no idea if this is the right section in gbatemp.

i torrent downloaded a game.
after install i got infected with several viruses spywares, i got most of theme eliminated, i guess :/
now ,every time i boot windows ,i find that the defender has been dis-activated by group policy, then i have to run "regedit", and delete an entry to reactivate it.
on the task manager i find a "gxxx.temp.exe", at every start up. where xxx=random number.
deleting it from "C:\Windows\temp\gxxx.temp.exe" , will create another one at start up with different number :/

HELP :'(
 
Joom

Joom

 ❤❤❤
Member
Level 16
Joined
Jan 8, 2016
Messages
6,067
Trophies
1
Location
US
Website
mogbox.net
XP
6,077
Country
United States
These are easy. Check your startup entries and you'll find what keeps dropping the binaries. Also, could you PM me a sample of one of the binaries?
 
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,281
Trophies
4
Location
Space
XP
13,834
Country
Norway
Joom said:
These are easy. Check your startup entries and you'll find what keeps dropping the binaries. Also, could you PM me a sample of one of the binaries?
Click to expand...
There are ways to run things on boot that won't show in the startup entries, but it's worth a try.
It's also worth booting in safe mode, it might prevent the malware from starting.
Also, Process Explorer will let him see what keeps putting that file there.
 
Last edited by The Real Jdbye,
The Real Jdbye

The Real Jdbye

*is birb*
Member
Level 23
Joined
Mar 17, 2010
Messages
23,281
Trophies
4
Location
Space
XP
13,834
Country
Norway
MO35AB said:
no idea if this is the right section in gbatemp.

i torrent downloaded a game.
after install i got infected with several viruses spywares, i got most of theme eliminated, i guess :/
now ,every time i boot windows ,i find that the defender has been dis-activated by group policy, then i have to run "regedit", and delete an entry to reactivate it.
on the task manager i find a "gxxx.temp.exe", at every start up. where xxx=random number.
deleting it from "C:\Windows\temp\gxxx.temp.exe" , will create another one at start up with different number :/

HELP :'(
Click to expand...
Malwarebytes is really good at removing things other AVs won't remove. Combine that with a good AV and hopefully you'll be able to remove whatever you have. Malwarebytes also has a rootkit scanner, which might help you.
It's best to run them from a live CD/USB. Medicat is a pretty good one: https://gbatemp.net/threads/medicat-dvd-a-multiboot-linux-dvd.361577/
I'm not sure if the Mini Windows 10 environment comes with any AVs or Malwarebytes, I would assume it does, but even if it doesn't you should be able to find portable versions of them that will work, or failing that, you should be able to install them.
330 said:
I would just reset the PC and wipe out everything.
Click to expand...
Sometimes that's the only option, but it should only be a last resort.
 
Joom

Joom

 ❤❤❤
Member
Level 16
Joined
Jan 8, 2016
Messages
6,067
Trophies
1
Location
US
Website
mogbox.net
XP
6,077
Country
United States
MO35AB said:
how to ?
(i already checked task manager / startup, clean.
Click to expand...
Check the startup folder for the Start Menu, and you can use a tool like CCleaner to check startup registry entries. Malware likes to hide in your AppData folder as well so that it doesn't trigger the UAC prompt, so that's a good place to start looking.
 
Last edited by Joom,
  • Like
Reactions: MO35AB
Captain_N

Captain_N

Well-Known Member
Member
Level 10
Joined
Mar 29, 2010
Messages
1,903
Trophies
2
XP
2,022
Country
United States
To attempt a repair manually you first have to find what is running and where the files are located. It is very important that you disconnect from any internet or network connection.

1st step is information gathering
The first tools you will need are Microsoft Sysinternals Autoruns and Process explorer. Use those to to figure out what is actually running. Keep note of the files you suspect and Google them. A good indicator of the infection is a start up entry or driver running from a temp folder. Nothing should be running from a temp folder.

Next you need a windows live disc
I recommend Gandalfs windows 10 live x64 or x86 .

Boot the PC with the Live disc
Then you can manually delete the files to prevent them from running when the system starts. I actually copy the suspect files to their own folder encase the system blue screens when the files are removed. if the virus sets its self up as a driver you will usually blue screen from that. After the computer boots look to see if its running. The virus has to be stopped from running or any editing you do will usually be undone. then you can edit what runs using Microsoft sysinternals autoruns. You then delete all the entries that you find there as well as any services that the virus created. Now is the time to run adwcleaner, malwarebytes and junkware removal tool. they will clean all the registry entries up. You also should delete any system restore points because viruses usually infect that so when you try to restore it re-installs the virus lol

Manual removal is not easy. I have gotten good at it because i know where to look. If its a root kit, i suggest a fresh install.
To prevent infections make Images you your system drive so you can restore the entire drive to the point before the infection. I recommend using a virtual machine program like vmware to run a virtual machine. Do all your web browsing in the virtual machine. Hell, install Ubuntu Linux in a virtual machine and run that. good luck infecting that....
 
Last edited by Captain_N,
  • Like
Reactions: MO35AB

Site & Scene News

Go to forum More news

Popular threads in this forum

"New Windows driver blocks software from changing default web browser"

Windows users should try to be more open minded to try Linux

Does anyone still use Windows 7 as their daily OS?

Windows 11 might not update if you have these popular apps installed

Was there ever going to be new generations of SATA after SATA III?

can't host parsec

Use Win10 system as Bluetooth Speaker without user input?

Misc  So I have a bunch of empty DVD-R discs. What should I do with them?

General chit-chat
Help Users
  • HiradeGirl @ HiradeGirl:
    Let's play.
  • K3Nv2 @ K3Nv2:
    I should add a 256gb card in mine and load like 100ps1 titles to it eventually I will
  • HiradeGirl @ HiradeGirl:
    Will you play them all?
  • HiradeGirl @ HiradeGirl:
    I've only ever played Castlevania Symphony of the Night from PS1.
  • K3Nv2 @ K3Nv2:
    We don't play games here
  • Xdqwerty @ Xdqwerty:
    @HiradeGirl, I dont have one of those but gbarunner2 in twilight menu works quite decently for me
  • Psionic Roshambo @ Psionic Roshambo:
    Don't get me wrong GBA absolutely had some great games but overall the sound and graphics just meh to me
  • K3Nv2 @ K3Nv2:
    The remastered crash bandicoot was pretty decent ngl
  • HiradeGirl @ HiradeGirl:
    @Xdqwerty I had a NDS long ago, but L and R broke very fast.
  • HiradeGirl @ HiradeGirl:
    My sister had a N3DS XL and it suffered the same fate.
  • Xdqwerty @ Xdqwerty:
    @HiradeGirl the L button barely worked at all in the dsi i previously had
  • Xdqwerty @ Xdqwerty:
    my dad bought me a dsi identical to that one
  • K3Nv2 @ K3Nv2:
    That could be an easy fix without even opening it with some ipa maybe unless the entire button broke
  • HiradeGirl @ HiradeGirl:
    That´s why I never got any handheld before the Switch.
  • Xdqwerty @ Xdqwerty:
    @Psionic Roshambo, thats why patches exist
  • K3Nv2 @ K3Nv2:
    Ds games are best played on a DS emulation is fine but having actual hardware is better obviously
     +1
  • K3Nv2 @ K3Nv2:
    Or N3ds/2Ds
  • Xdqwerty @ Xdqwerty:
    @K3Nv2, or most "gimmicky" consoles
  • K3Nv2 @ K3Nv2:
    Nah the dual screen makes them better because that's how they were developed for
     +1
  • HiradeGirl @ HiradeGirl:
    Wii U is also great.
  • HiradeGirl @ HiradeGirl:
    For DS games.
  • HiradeGirl @ HiradeGirl:
    Also, 3DS games through NTR streaming on Wii U.
  • HiradeGirl @ HiradeGirl:
    It's very cool.
  • HiradeGirl @ HiradeGirl:
    Even playable.
  • K3Nv2 @ K3Nv2:
    If you can have main game on big screen and touch lay out on wiiu tablet I can see that
    K3Nv2 @ K3Nv2: If you can have main game on big screen and touch lay out on wiiu tablet I can see that