In need of expert assistance / RESOLVEDPost Date: 2017-09-16 |
Post Reply
|
Page 12> |
Author | |
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply
Topic: In need of expert assistance / RESOLVED Posted: 16 Sep 2017 at 1:31pm |
Either "she who must be obeyed" or one of the anklebiters (of indeterminate age) has presented me with some of the most heinous malware/virus that I have had the displeasure of trying to remove.
Windows 10 running Chrome... Solutions I have tried: Malwarebytes (safe mode) bit defender (not safe mode, won't run in safe mode) CCleaner Avast! (not safe mode, won't run in safe mode) Windows repair <cmd prmpt>: sfc /scannow (nothing found) Complete reinstall Chrome power reset router My ping is so high that I cannot run an Ookla Speed test Any help at all would be appreciated. I've been at this for about 10 hours now, need to get sleep, and will try something (anything) new tomorrow. Edited by Snaike - 18 Sep 2017 at 2:47pm |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 2:37pm |
Have you tried eset in safe mode with all options picked for scanning?
I'm not clear about what your actual virus/problem is tho sorry if I missed it but if you can explain better Edited by DST4ME - 16 Sep 2017 at 2:38pm |
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 16 Sep 2017 at 2:37pm |
In the search box type Msconfig, Enter, then go to startup in msconfig and look thru the startup programs. It can take time, but look for anything that looks strange. You might use Google to search for some you can't identity. Start unchecking the boxes and restarting. Sometimes the CPU usage column can help identify what's running that shouldn't in Task Manager.
Task Manager also has a list of running programs. Look thru them. I can be a trial and error task. Edited by bprat22 - 16 Sep 2017 at 2:39pm |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 2:39pm |
He can edit startup apps from CCleaner also
|
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 16 Sep 2017 at 2:41pm |
Yes.
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 2:42pm |
I didn't understand what the actual problem is
|
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 16 Sep 2017 at 2:46pm |
Yeah, not sure if it's the rig not staying stable or an internet issue. Snaike after he gets some shut eye maybe can give more detail.
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 2:49pm |
Ya thanks
|
|
db188
DS Veteran Joined: 29 Jul 2014 Online Status: Offline Posts: 2115 |
Quote Reply Posted: 16 Sep 2017 at 3:00pm |
stated his "ping is high" sounds like a network issue to me. could be spyware or p2p programs hogging all of the bandwidth.
try running a trace route. To do so, drop into command prompt (Start > Run > type: cmd, run as admin, to the host/site you're trying to reach). if you notice the problem is in the initial hop then it's probably a localized matter and you know it's something with your pc. if it's a later hop then it's out of your control and you need to contact your ISP with your trace route results. finally, it could be a bad NIC, either an add-in card or from the mobo, or even a congested/overloaded router/modem. in which case you'll need to swap out the bad hardware. Edited by db188 - 16 Sep 2017 at 3:03pm |
|
Aventum 3
I7-6700K Gigabyte G1 Z170X Gaming GT 16GB Corsair Dominator 3000MHz Corsair Hx1000i 1000W Samsung M.2 980 Pro 2TB;Samsung 850 EVO 1TB MSI RTX 3080 Ventus OC 10G LHR Gigabyte M28U 4K |
|
FR3SHM3AT
Groupie Joined: 12 Feb 2011 Online Status: Offline Posts: 494 |
Quote Reply Posted: 16 Sep 2017 at 3:40pm |
Have you tried creating another admin account logging into that one and seeing local or entire system. If was local just move files to new account and when done delete old account and all files left. If system just Reformat and when you get to keep old files [keep them] on new install go into c: drive find windows old all of your files should be located there. Easier than spending 10 hours on it. I have not ran Anti-Virus in 7 years [Crazy or not it's true] Most of my issues I cause myself. My best friend is regedit for those pesky files DS KEVIN Edited by FR3SHM3AT - 16 Sep 2017 at 3:44pm |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 4:17pm |
Just check your firewall and see what things are connected trace route is another way to look.
Edited by DST4ME - 16 Sep 2017 at 4:18pm |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 16 Sep 2017 at 11:37pm |
Ok, I was not clear and for that I apologize.
This is from memory, after sleep and now not near the machine. First noticed was a very high ping in Armored Warfare and PUBG.... IAStorIcon error was next When on actual websites, random windows pop up when I click on the GUI; new window opens at the same address I was clicking on, and the window I clicked on changed to advert (funny, the first one was for NORTON) Start in safe mode, immediate error box that only says "this application will not load" without any indication of what application that is. Malwarebytes, Avast!, bitdefender scans find nothing. As stated above, windows 10 repair found no irregularities uninstalled and reinstalled chrome. Thanks for help. I'll be near the machine again around 0900 pdt. |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 16 Sep 2017 at 11:56pm |
Your problem is not in your browser, its a Malware, can you post us a screenshot of your startup apps from CCleaner?
please go here and do an online scan at least , its hiding itself from avast and defender. IAStorIcon belongs to intel's rapid storage technology assuming its the real one and not Malware disguising itself as rst. Edited by DST4ME - 17 Sep 2017 at 12:17am |
|
db188
DS Veteran Joined: 29 Jul 2014 Online Status: Offline Posts: 2115 |
Quote Reply Posted: 17 Sep 2017 at 1:27am |
browser hijacker from the sounds of it.
go into the browser's tools menu click on manage add ons, select toolbars and extensions, disable any suspicious toolbars. now check your homepage setting and change it back if it was replaced by the spyware. do this step for all add ons, extensions and toolbars. run Chrome's cleanup tool. manually change your default browser and search engines DST4ME's probably correct that it's hiding in your startup disable and delete any listing that includes "search" in the title. if none of that resolves the problem you might have to repair the Windows Host File |
|
Aventum 3
I7-6700K Gigabyte G1 Z170X Gaming GT 16GB Corsair Dominator 3000MHz Corsair Hx1000i 1000W Samsung M.2 980 Pro 2TB;Samsung 850 EVO 1TB MSI RTX 3080 Ventus OC 10G LHR Gigabyte M28U 4K |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 2:35am |
I think a browser hijacker would have been picked up by mb or av, I'm thinking its a little deeper than that but lets see.
|
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 17 Sep 2017 at 2:46am |
You might get lucky by just going into Control Panel then add/remove programs and look thru it for something that doesn't belong. Or go by install date near the time this issue started.
Try System Restore if you have any saved dates. Probably not that easy but depends on how imbedded the malware is. I have fixed a number or hijacks over the years by removal in add/remove or msconfig' s startups. Good luck. |
|
db188
DS Veteran Joined: 29 Jul 2014 Online Status: Offline Posts: 2115 |
Quote Reply Posted: 17 Sep 2017 at 3:41am |
does MB find the Google redirect virus?
|
|
Aventum 3
I7-6700K Gigabyte G1 Z170X Gaming GT 16GB Corsair Dominator 3000MHz Corsair Hx1000i 1000W Samsung M.2 980 Pro 2TB;Samsung 850 EVO 1TB MSI RTX 3080 Ventus OC 10G LHR Gigabyte M28U 4K |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 8:34am |
If it is g redirect and its variants then that is a rootkit the av should catch it. I believe eset online scanner will catch it or some parts of it. But mb should catch something also, but most times we need to kill/stop the malicious software first then scan it.
Edited by DST4ME - 17 Sep 2017 at 8:38am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 8:39am |
More news. Turned the machine on, start up with the IAStorIcon error, tried to dl the ESET scan and *surprise*! My 120GbSSD is full. Funny, it was at 80Gb a few seeks ago.
So, ESET didn't dl the scan So, removed about 10Gb of files, Tried ESET again... yea, disk's still full. Edited by Snaike - 17 Sep 2017 at 8:40am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 8:50am |
Sorry about the size... having difficulty with a few files.. bear with me... there is nothing I don't recognize in the startup files Edited by Snaike - 17 Sep 2017 at 8:56am |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 8:55am |
Can you install on another drive like usb? Or install from another device on usb then bring usb over to this pc.
can you run mrt? |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 8:59am |
MRT will not run. "This app has been blocked by your system administrator".... looking at USB sources now. I have some USB drives but they are all encrypted.
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:01am |
Be careful it is possible once you connect that usb to the infected pc it becomes infected also, so use one that has nothing important on it.
Make sure you are doing all of this as an admin. Was windows /mb /av all upto date before infection? Edited by DST4ME - 17 Sep 2017 at 9:04am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 9:04am |
Everything is admin. No USB to spare.
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:06am |
I assume looking at your hdd under "my computer" is not showing full, is it?
If the virus is blocking us we need a way to scan/add apps from external so we need some kind of a external drive usb, sd, etc Have you tried safe mode wirh network ti see if you can download eset or run mrt Edited by DST4ME - 17 Sep 2017 at 9:13am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 9:13am |
No... I have 400GB free on my HDD, I've rerouted the DL path to the HDD and I'm about to try ESET again.. brb
Failure to Dl... disk full.
That's next Edited by Snaike - 17 Sep 2017 at 9:22am |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:24am |
What is connected to the pc right now will read as full, that is why we need to download to an external not yet connected to the pc Edited by DST4ME - 17 Sep 2017 at 9:25am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 9:26am |
No network in safe mode.
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:27am |
Also how much space do you see for c drive under my computer, does read full here also?
|
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:28am |
You nean you chose the option for safe mode with network and got no network?
need an external to run a portable anti Malware like hitman (trial) Right now your malwarebytes and av is all infected, we need to run a portable version of them from external. Edited by DST4ME - 17 Sep 2017 at 9:34am |
|
Snaike
Moderator Group Just a dude trying to keep the spam away Joined: 23 Jan 2014 Online Status: Offline Posts: 9459 |
Quote Reply Posted: 17 Sep 2017 at 9:34am |
Yes. I have mrt running now. I'll get back when its done |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:35am |
Ok great
Below would be next step if mrt doesn't help. need an external to run a portable anti Malware like hitman (trial) Right now your malwarebytes and av is all infected, we need to run a portable version of them from external. Btw full scan on mrt please Edited by DST4ME - 17 Sep 2017 at 9:38am |
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 17 Sep 2017 at 9:39am |
You have IAStorlcon in startup. Can you delete it and try ? Can always reinstall. Not sure its exact function.
Try a Disk Cleanup. I always go for the more simplistic first since they fix most issues. |
|
DST4ME
DS ELITE Joined: 14 Apr 2008 Online Status: Offline Posts: 36758 |
Quote Reply Posted: 17 Sep 2017 at 9:44am |
He has a nasty virus |
|
bprat22
DS ELITE DigitalStorm East -- (Unofficially!) Joined: 08 Jun 2011 Online Status: Offline Posts: 20391 |
Quote Reply Posted: 17 Sep 2017 at 9:49am |
Yeah, got it. I have never failed to fix a virus issue, or what appeared to be a virus, by just deleting things in startup or programs running , even those that appear normal, or by do cleanups like Disk cleanup, CCleaner, Malwarebytes, etc.
But, this could be a real humdinger. |
|
Post Reply | Page 12> |
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You can vote in polls in this forum |