Windows 10: [HELP] I think I'm infected with UNKNOWN malware/virus

I have a newly bought laptop, an Acer Aspire E 15. What that lead me to think that I'm infected is because when I tried to visit my Windows folder (because I was searching for 'SystemApps' folder to disable Cortana) I saw random weird files with random names and all of the are 1KB only.




I have not done anything yet. I have an Avast Free installed and a Norton pre-installed when I bought it.
Please help me.

NOTE:
I don't want to reformat it, I was traumatized on windows update, I don't want to download updates that took 2 days making my laptop unusable because of resource hog of windows updates.

EDIT:
I tried to delete them and checked them every time if they will return and they did not so I stopped checking it but a little while ago, they appeared again.

:)

 

MALWARE PROBLEMS

hello.. can any one help me.. my laptop is infected by virus/malware got from unknown source(viaUSB) now everytime I scan my laptop it suddenly restarting, I done it several times but still it restarting..

 

I think my laptop is infected with malware or virus please help!!

Hi Gaurang,

Try doing a clean boot and check if it helps.

Putting your system inClean Boot state helps in identifying if any third party applications or startup items are causing the issue. You need to follow the steps from the article mentioned below to perform
a Clean Boot.



https://support.microsoft.com/en-us/kb/929135



DISCLAIMER: After troubleshooting, refer to this section "How to reset the computer to start normally after clean boot troubleshooting".

Please let us know if you need any further assistance.

Thank you.

Have a good day!

 

I would get rid of the Avast, keep the Norton and get Malwarebytes, Run full scans with both Norton and Malwarebytes. If you don't come up with anything don't worry about it. Pay for Malwarebytes so that it will run full time it great for malware and ransomware, I pay for Norton more because I always have, and it plays well with Malwarebytes Together and personal responsibility I feel pretty safe I take all the warning serious that both programs notify of and don't unblock them unless I am completely sure of the file or program.

As far as all those files go just google them they could be tied to any program even maybe Avast.

To Disable cortana Enable or Disable Cortana in Windows 10 Windows 10 Tutorials

If your convinced your infected, and don't feel you can resolve yourself, Norton has pretty good tech support, I have no Idea if Avast does or not but since if you got a virus or malware using there product they would be the best ones to identify what you have and how to get rid of it.

 

Googling some of those file names often finds them associated with a W32.Sality infection.
https://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99
@simrick would know more and be best placed to advise.

 

Hi.
If it is indeed Sality, then Bree has given you the link for Symantec's Norton Power Eraser, which they recommend to use (look under the removal tab).

Sality can get in many times through infected flash drives. So, Panda's USB vaccine can help against that.
Download Panda USB and AutoRun Vaccine - MajorGeeks

But, here's the real problem: If you have Avast and Norton on the system at the same time, they tend to cancel each other out, and you get very little protection. You should only have one anti-virus and one anti-malware actively running on a system.

Malwarebytes Antimalware has a free trial which will actively protect you for (I think) 30 14 days. This plays nicely with Norton or Avast or Defender. Incidentally, Avast free is VERY good, and I would not discount it.

So here's what I would do:

Uninstall one of your active anti-virus programs.

Run RKILL
This will stop any malicious processes currently running. Everything it does is undone by a reboot.
Download RKill
If it won't let the rkill.exe run, try the one named iExplore (to fool the infection). If that doesn't work, try the unsigned one...
Post the log here for us to review.


Run ADWCleaner (scan, then clean)
Downloads - AdwCleaner - ToolsLib
It will require a reboot to clean.
Post the log.

Run RKILL again.
Post the log if it finds anything this time round.

Run the Norton tool.

It's quite possible that, after you are clean, the DISM commands will be required to restore some of your system files. Bree can help you with that.

 

Here are a couple other options if you find the Norton tool doesn't work:

How to Remove Win32/Sality in 3 Easy Steps | AVG

How to disinfect my computer from Virus.Win32.Sality

 

wait wait wait, I'll follow your instructions @simrick I'll update ASAP *Biggrin Thank you all for your replies!
I'll stick with nortron too @Clintlgm
@Bree How harm is sality is?

 

@simrick the unsigned one was detected by Windows defender as a Trojan



Here's the results.
RKill
AdwCleaner
RKill (2nd)

What's Norton Tool?

 

I found the Norton Tool that @simrick talking about, it's the Norton Power Eraser. And it says no threats found.

I run as admin the AVG tool and It just opened and somewhat scanned so fast and close itself too. So I don't know what really happened.

Right now I'm scanning using the Kaspersky tool. I will update again ASAP when it finished.

 

Kaspersky Tool somewhat stuck for already 30 mins. and looks like it doesn't do anythings else, no success or fail messages appears. So decided to close it and will start it again later on. I'll update again here ASAP.

 

bump

I still have these annoying files and I'm scared from what it can do to my pc *Sad

 

In the opening post you had a problem with Windows updates.
Windows updates are going to happen latter this month with a major Windows upgrade starting on April 10, 2018.
An option may be to create a bootable windows 10 iso after April 10, 2018 and use it to perform a clean install followed by a Windows update to complete the Windows 1803 installation.

Windows 10 Redstone 4 (version 1803): All the new features and changes Pureinfotech

 

Sensible suggestion, but a minor note. That's 'Patch Tuesday'. Normal practice in the past has been to release the next Features Update about a week later. Brink expects 1803 to appear around the 18th April.

 

Yes, the unsigned will, of course, be flagged, because it is unsigned. *Wink It's okay.

The first log from RKILL shows a ton of reparse points - that is not normal, and it could be the reason for all these files showing up. But ADWCleaner found nothing and the second run of RKILL did not show anything malicious.

Norton found nothing - good!

Not sure why that one is not working for you.

You can try their offline rescue disk - you boot the system to it, and it cleans outside the operating system:
Kaspersky Rescue Disk 10


Or, you can try the ESET Online Scanner:
Free Virus Scan | Online Virus Scan from ESET ESET
Click on the SCAN NOW button. It will take a while.
Let us know if it finds anything - there is an option to save the scan results to a text file.
If it doesn't find anything, I'd be pretty confident that your system is clean, it just has problems.

I would then work on the DISM commands to get your operating system back in shape:

Open an Administrative Command Prompt and enter these commandsism /Online /Cleanup-Image /checkhealth (enter)

Dism /Online /Cleanup-Image /scanhealth (enter)

Dism /Online /Cleanup-Image /restorehealth (enter)

sfc /scannow (enter)
You can post screenshots of the results of each command if there are any problems.

Alternatively, you can wait and perform a clean install in a couple weeks as suggested. A clean install will wipe everything, so be sure your data and software keys are backed up to another location.

Here's some very detailed information on Sality:
Sality - Wikipedia


Sorry I was not available yesterday.