Windows 10: Microsoft bananas

Since first installation of Win10 on new Laptop with 8.1 Pre-installed, my computer has been infested with virus. I have had experts from Comodo and Microsoft to check and recheck, but the viruses reappears... At first I thought icrosoft had gone bananas in controlling my every move on my own laptop, denying access rights and general configuration trouble.

That's all I know this virus does... Every attempt to configure Windows and different accounts are made useless within days. All I can do on my machine is pretty much reboot, reinstall... One day my Microsoft account was cancelled three or four times. Adobe account denied access most of the time. I have no idea what the purpose of the virus is, but I has a lot in common with 'Blocking-Virus'. Except no ransom has appeared.

I am no virus expert and never hope to become one. But I have a nagging feeling this is connected to my first bad experience with virus. I never used antivirus except for checking now and then until my computer was hijacked for a week about a year ago. Even when I tried to enter BIOS I was stopped by whoever had taken control. For a week if I tried to start the machine, I was bombarded with silly reasons for why this was done. I had no interest whatsoever, but was alarmed by all the nonsense they had provided as some kind of ideology. Pages after pages stating that I was without hope and that I was very stupid not to stop the attack. I didn't spend a lot of time reading this. The only thing that struck me as odd, was that the writings were not half bad grammar and spelling wise. Then again, I did not analyze the texts.

This might be paranoia, but when with no further explanation I could suddenly start the computer. I used every antivirus I could find to get rid of the what I thought was planted. There was all kinds of virus on all computers at my home. Comodo was recommended and I liked that they have support 24/7 and that their so called 'GeekBuddies' use remote access. Once I had three shifts of GEEKS after another working what seemed to me solely on my computer. They all at some point argued that my laptop and different drives were virus free, but I could see from the screen that there was some essential part of their software that they could not configure as it was meant.

What to do next... I am very much fed up with rebooting and reinstalling. I have a background from journalism and photography naturally have some files, mostly photographs I guess, that I absolutely don't want to erase. I get bored reading technical stuff about virus, but would like to know if small and smart can a virus be. Are there examples of just a few numbers and bits added to for example a JPEG file? And if so, are they impossible tom detect if tailored for one infection. Because that's where I land in my paranoia, that some virus freak somewhere planted something and can activate it whenever I go online. My chief problem with this theory is why would anyone have interest in my files...

Well, after a night installing I got the message as the first time installing Windows 10 that Defender has been shut down blocked or whatever on this computer. That's a sure sign that next time I reboot, I might have to re-install...

Jo Arthur Andersen

:)

 

error code 800c0008 Windows phone 8.1

banana

 

Chaning the LIVE button

Top banana!

Thanks mate.

 

Please run Malwarebytes free. Be sure to uncheck the trial option during install Malwarebytes | Anti-Malware for your home and for your business
after that run Kaspersky TDSS Killer Download Free TDSSKiller - Rootkit Removal | Kaspersky Lab US
Then run the ESET Online Scanner http://www.eset.com/us/online-scanne...S-BR-C-Other|B

Whatever any of those find, please upload the log files. this will tell you how to upload files and screenshots here. https://www.tenforums.com/tutorials/1...en-forums.html

 

Hey Steve he might want to run FRST64 after too: Farbar Recovery Scan Tool Download


It also works on Win10, I ran it for something on the Malwarebytes Forum, for MBAE before.

 

For the record, FRST itself is just a non-invasive, diagnostic scanner.
It may point to malware infection and other anomalies.
But in order to remove malware and fix other issues, it requires the skills of a trained malware expert to craft a customized "fixlist.txt" script. One then re-runs it with the script, to generate a "fixlog.txt" log file.

Or did I misunderstand??*Redface

<just sayin'>

Cheers,

MM

 

Jo, try Essenbe's suggestion first.

If that doesn't work, download the free Win Patrol and see what your start-up programs are. If that doesn't work, try a "clean boot." The instructions are simple and you can find them at https://support.microsoft.com/en-us/kb/929135

It's possible that you don't have a virus; you have either a software conflict or a software vs. hardware conflict.

 

@Cliff S and @MoxieMomma I'm sure you guys are more experienced at malware than I am.

 

Perhaps, but your recommendation of MBAM is spot on target to begin with.

OP, unless you had this "Virus" prior to your installing windows 10, I doubt your issues are virus related, adware/malware possibly, or other SW/HW issues related to the upgrade on your particular system, not the fault of windows 10 itself.

 

@ joarthur98 . Is the laptop the only PC connected to the modem/router? Not talking Apple or Android. Not an expert on virus/malware but it could be your router that is compromised as you've done reinstalls. Just a thought.

 

Windows 10 forum.
Thanks a lot for all the advice. I am sorry for my late comment. I tried twice, but my laptop crashed to bluescreen both times when I started typing. I got spooked enough to stay away. I have only read through the advice once. This time I write my comments in advance and will copy your answers and see if it works. I am already impressed by your efforts. If it works I will be even more impressed, anyway post the outcome here.
Since last, I have re-installed at least twice. Of other fun; tried to run ‘mrt.exe’ several times as ‘Defender’ is useless. several times the last couple of weeks. When running it builds up to 3-4 virus found, but when done it says all is fine. At random I checked one of the files it said was without problems -it was called ‘folstart’. I looked it up and learned that it was not a nice file at all. I tried to follow some advice but it ended in crash and re-install first time – now I have deleted nearly at random any registry keys program and files that I thought looked suspicious. Probably a few too many. Status; pc barely functioning
Among the more annoying things since last was that twice I have lost a few hours’ work where I thought not possible. First time was working with a picture in Photoshop with a saved copy and automatic save every five or ten minutes. Photoshop stopped working or rather disappeared in a blink. My saved copy and Photoshop’s safety were also gone. Later the same happened working in Word, on a file uploaded to OneDrive to be safe. I had written six or seven pages when word got stuck. When re-opening the file it was half a page. I got a message asking if I wanted my file merged with OneDrive’s remote and happily agreed. Next my file was reduced to two sentences.

I wrote this a few days ago. Probably will try tour advice - in computor hell now. It just seems so pointless to be spending 95 % of my time trying to avoid anotrher crash. My host file is full of addresses - and I have spent near two days tring to delete it, every ICACLS command and TAKEOWN. Thanks again...

Jo Arthur

 

I have seen Malwarebites and TDSS Killer been recommended before so I had the mbam-file dowloaded on another computer. It worked and found a lot, crashed and got a lot of messages saying how infected it was... I will call it an improvement that it looks like my computer is actually being used for something if that is what the addresses in my hosts-file means. It says it wS created by SPYBOT , but yhen I don't understand why it has made it impossible to alter it.

I will try and upload some screenshots, but now the machine is so slow I have to wait some 30 seconds for my typing here to finish. This is just incredible boring...

 

Lost focus... Difficult to stay focused whene everything is in slow motion and sometimes no motion at all.
As I said before; I gave up using mbam. TDSS-killer I have been using from my portable-apps... I'm loosing it again too annoying - have to reboot, re-install, whatever...

 

Hi.
Folstart is a worm. It spreads via flash drives and across LANs, in torrents, etc. and that's why it's spreading to your other systems.
Worm/Folstart.A.19 - Avira Virus Lab
I suspect that when you reinstall your OS, and load your stuff back on, you are loading on the same stuff that got you infected. For instance, if you are installing a P2P program again, that could be where it's coming from. Or, it's already in a file that was torrented, and when you put it back on your system, you reinfect it. And, any flash drives or external backups are probably infected and spread it back to your newly installed operating system. Of course, it goes without saying, that any illegal software or cracking programs are loaded with this stuff too.

TDSSKiller and Malwarebytes are good starts, but you say you're having problems with them.

First run RKILL. I would suggest downloading the file version named iExplore.exe, as the worm probably will recognise RKILL.exe and block it from running. RKILL stops suspicious operations to give you control to run other scans. Everything that RKILL does is "undone" by a reboot. So, if you have to reboot after running any scans, run RKILL again before proceeding.

Then, try ADWCleaner.

Another superb one for these things is HitmanPro. They have a free 30-day trial.
HitmanPro offers you a Free Scan for a second opinion. It is designed to check if your security measures work. If nothing is found (and we sincerely hope so), then you will never need a license. When a virus is found, then you will receive a free 30-day license to remove the threat.

Then, for protection, install FoolishIT's CryptoPrevent, which blocks rogue executables from running in your %AppData% folder (which is where this worm operates). Upon first install, it will ask you if you want to "whitelist" everything - say no because you don't know if you're clean or not, and you don't want to whitelist the worm.

Then install Panda's USB Vaccine to prevent this from happening again.

Finally, get all your portable media cleaned out - either scanned or formatted.

As @Fabler mentioned, it's quite possible that your router is compromised, if all your systems are getting infected, but I really think it's because you are fighting a worm and it "travels".

There is also the possibility that your hard drive has a low-level infection. This has happened in the past - Hard drives from China were being shipped from the manufacturer with viruses already installed. On your next OS install you might want to include a "cleanall" function. @essenbe can tell you how to do that.

Once you have control of your system, run the ESET Online Scanner.

 

My suggestions
1. Use a pc of which you are 100 % sure it's clean to purchase and download a decent anti virus software. Copy it onto a usb flash drive, again you need to be sure it's 100 % clean (you might want to purchase a new one for this task).
2. Disconnect all your computers, phones, tablets etc. from the network (LAN and internet) as each and every one of them could be the source of the infection (yes, even Android phones can spread Windows viruses)
3. Format the hard disks of your laptop
4. Reinstall Windows from scratch (just to make myself clear: it needs to be a legit copy, cracked Windows versions often come with "preinstalled" malware).
5. Don't connect anything and don't install anything.
5. Connect your clean usb flash drive with the anti virus software and install it.
6. Now connect only the laptop to your LAN and the internet again. Use it for a while without connecting any usb drives.

If it runs for a while without being infected again you can assume that this pc is clean now. Repeat the process with every Windows PC you've got. As soon as all of your Windows PCs are clean you can start to clean out your usb drives. But don't do it with Windows. Create a boot disc using your anti virus software and boot one of your PCs with it. As soon as the live system is booted connect one usb drive (not before) and scan it. As soon as it's clean repeat the process for all your usb drives.

Once all your usb drives are clean start reinstalling your software. But heed the following advice: Never ever install cracked software. The motivation for most crackers is to spread malware with their cracked software. And don't download software from some random website. Only download it from the developers website.

Please keep in mind that not following the exact sequence of my description would possibly result in one or more of your computers being infected again.