Windows 10: Some Virus Keeps Removing or Breaking Antivirus, Defender, Update and more

I'm having a problem with a virus that keeps coming back. This has been going on for a month. Going back to the beginning, the first thing I noticed was that my antivirus icon had disappeared from the tray. At that time I was using K7 Ultimate Security with a paid subscription. I would try re-installing the AV, but after rebooting my computer it would just disappear again as if I never tried installing it. I also noticed that my Windows Defender screen was also broken. All of the icons that would usually appear virus protection, firewall, etc. were gone. It was just a blank white screen. The same thing for Windows Update. It was just broken and not looking like it normally would. The next thing it would do is break Chrome. When I would try to go online, it would say "access denied." The virus was seemingly corrupting my system, one thing after the next.


So, I downloaded Malwarebytes from my other computer and installed it on my infected one and apparently it found and removed some trojans. Some of the names that I recall were winlogonUI, StartupCheckLibrary, Maintenance.vbs, and some other stuff with just a long set of letters and numbers. Some of the descriptions said they were bitcoin miners. After Malwarebytes had apparently removed these viruses, I still noticed that Windows Defender and Update were broken. I just decided to re-install Windows using the system reset. I chose to "keep my files."


After doing that, everything seemed fine, but then about a week later, the same thing happened. My antivirus disappeared again! This time I was using Kaspersky free version because I thought the K7 was not good enough. This time it looked like the virus hadn't had a chance to corrupt Defender or Update yet, so I simply did a system restore point and this brought my antivirus back and again everything seemed fine. I ran a virus scan and nothing was found. I thought that maybe by doing the system restore it took me back to a time before the virus infected my computer. Fine, I thought. Still couldn't figure out where I was getting these viruses from though.


Then again, this same thing happened maybe 5 more times over the course of the month. To fix each problem. I tried things ranging from system restore points, to restoring my computer using a system image, it just keeps coming back no matter what. It just happened again yesterday and I got a whole bunch of rootkit and virus removal tools. Norton Power Eraser found StartupCheckLibrary.vbs and Maintenance.vbs. I thought I had already removed these with Malwarebytes a long time ago. I had NPE delete these .vbs files and now they are apparently gone. Upon startup, I got two error boxes that say that each of these files are missing. Fine. I know how to quit that script. No big deal. I will do that later.


So, next, I also downloaded the Malwarebytes Anti-Rootkit Tool beta and it listed 3 infected items:


Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C21485C7-D40A-460F-B0D9-2024D9D1A07B}Path --> [Trojan.Agent]


Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C21485C7-D40A-460F-B0D9-2024D9D1A07B} --> [Trojan.Agent]


Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\StartupCheckLibrary --> [Trojan.Agent]


Notice how the last one says StartupCheckLibrary. Well I guess that is the rest of the virus that goes along with the .vbs file Norton found and deleted. Fine. I had the MBMAT remove these infections. Now everything seems fine. Now when I restart my computer, I don't get the error box that says StartupCheckLibrary.vbs is not found, but I DO still get the one for maintenance.vbs. I think this means part of the virus is still on my computer, but I am not sure.


I ran all the rootkit scanners and virus removal tools I have and every one says that my computer is clear. Now in about a week they will most likely come back, start breaking my antivirus again and all and I have absolutely no idea why.


Does anyone know why I keep getting this on my computer? What can I do to get rid of this once and for all? I'm not sure if its just laying dormant on my computer somewhere or if I keep getting infected from some program, or if its coming through my browser or what.


One pattern I did notice, right before the virus comes back, right before I notice that my antivirus disappears, when I start up the computer, for just a brief moment, it will look like it's about to boot up into safe mode. Then it will restart again a second time and it will boot up in the normal mode. Right after this happens is when I notice that the virus is back and my antivirus is broken. I guess this thing has special UAC access in order to be able to do that.


Thanks for any info or ideas on what to do. Sorry for the long description.

:)

 

Help me removing this virus!!!!

Hi.

Yesterday my brother in law ask me to format his machine, It has XP. His PC was infected with the virus (or worm) AMVO.EXE, I'm not awared of that and when I plug my USB into his computer my memory got infected too......infecting my main rig later. The virus itself It's not dangerous (just don't let unhidde files via menus, need to open MS-DOS console and change file atrubutes).

This virus I was able to remove It with a script downloaded from MYGEEKS.COM 'cause any antivirus succes on remove it completely,but like a month ago a friend of mine got the same prob but MUCH more annoying 'cause when I tried to use the script the system suddenly restarted, when I tried to enter into the MS-DOS Console the system restarted and when I tried to search any info about the virus (via google, don't tried It with a different search engine) the system restarted....VERY,VERY,VERY ANNOYING.

That time I thought It was another virus, formated the PC and the virus was gone, but yesterday the same thing happened and my PC was not in the "formated" list. I wanna know if there's a way to remove it without formating or It's another virus/worm that It's causing the issue.

AND more important, I'm against using anti-virus, but I'm used to run ZoneAlarm or Bit Defender......are they good antivirus or what do you guys think is the BEST of the BEST antivirus available today????????
Many thanks for reading.

 

Guide: Virus Removal 101

Software and Background​
In this section we will briefly go over the software being used and why we chose this software as opposed to other options. This is more of an academic type of post that will clarify the more important "WHY" when it comes to removal. It is important to understand that in order to effectively remove or have the best chance too remove a virus you must have the proper tools. The software listed below is based on several key points. Those mostly being.

• Free
• Easy to use
• Minimal user interaction
• Update friendly

At no point should you think that the software chosen was chosen because it is better than xyz or the "Best". That doesn't mean the software is "not the best" just that I am trying to break the mindset of "Best" it is important to shake the idea that a one off solution is always going to be the better one.

A Porsche is fast and will get you to work sooner than an 18 wheeler but if your hauling tractors to work the 18 wheeler is better suited. This is no different in the security world applications are built for a specific purpose for the most part and because of the nature of heuristic code engines some software will do better than others even if it is the same area of interest.

Software List​
- Threat Restraint

• Rkill

-Rootkit Removers

• TDSS
• bootkitremover
• MBAR

-Broad Spectrum Scanners

• Roguekiller
• EEK
• MBAM
• Sophos VRT
• HitmanPro

- Malware/Junkware Removers

• ADWCleaner
• JRT

-Targeted Repairs

• Powerliks
• Combofix

-Wrap-up and Repair

• TWEAK
• REVOuninstaller
• Ccleaner

Examples

Above is the list of software this guide will cover and what you will be using to disinfect the machine in question. Now; we will go more into why we separate them into groups in the next section. Here I will explain weakness and strength between software types and programs so you can understand why there are so many.

A common question is why don't we have a 1 all solution paid or otherwise that can handle all of well...all of this. The answer is simple.

You can't.

Every virus removal tool is different in some way. Some are able to detect things others can not. Above are the groups of different software. For example EEK is a broad spectrum scanner. However EEK cannot detect rootkits as well as programs specifically designed to remove rootkits like TDSS. Likewise Programs like TDSS are completely incapable of detecting malware, it simply isn't programmed for it.

Software in the same category also behaves differently. Hitman is very good at detecting browser issues and cookies. However Sophos isn't so great at browser infections but is better at scanning core system folders.

The AV world is full of these kinds of checks and balances which makes proper removal more of a skill than a click of a few buttons. Nothing is 100% and you must rely on the differences the tools have to increase your chances of success.

- Running scans in order

Running scans in the correct order might be something you are unfamiliar with. I will try to break down the basic concept as to why this is important to you. For the most part it boils down to permissions. Be it actual NTFS permissions or actual Privilege. Digging deeper you should ALWAYS attack an infection in this order.

• Threat restraint

Threat restraint is an important step because it will allow you the user to more easily work with your machine which is probably super slow because of infection. Using programs like killemall or Rkill stop known malware processes which free up memory and CPU making it a little easier and faster to deal with your machine.

• Root/Boot Kits

As previously covered Root and Bootkits are low level infections that grant admin (root) access to the machine. This software also for the most part changes permissions of core system files in order to more easily control your machine. It is very important to target and remove these infections first because the modifications they make can stop other higher level removal tools from working correctly.

• Virus Scans

Actual Virus removal comes next. Trojans, worms, spyware all virus class infections cause some kind of issues with system services, built in security protection and have the ability to prevent removal tools from opening. These kinds of infections need to be delt with second so that we can ease the restraints on the system so that our tools have the proper permissions and resources to run.

• Mal/Junkware scans

These are the last class of tools to run. These infections usually adhere to the user level of least privilege. They are really annoying and bothersome but are usually the most simple to remove. Unfortunately the tools that remove them require the use of system resources most of the time and assume they have everything they need to proceed. For this reason malware and junkware removal scans are done last because they totally rely on the previous steps being done and corrected to run correctly.

• Repair

Repair tools like tweak are used last. These programs reset windows to a default usable state. From folder options and icon size to default services and program startup. Most of the virus removal tools correct security related issues that the virus they are removing affected.

However sometimes more things have been touched and damaged and for these we use repair software last to correct the remaining issues after a full removal.

 

Virus Not Detected By Windows Defender

Hi,

If your running two antivirus at the same time and Windows Defender did not detect the virus, We suggest that you remove the virus with the third party malware that you're currently using. We recommend to use a single anti virus. and keep it up-to-date.

Let us know if you need further assistance.