Windows 10: Trojan deep in my system

Have you tried renaming AdwCleaner & Malwarebytes to something different, such as iexplore.exe (or another random name) . Sometimes renaming scanning tools is sufficient action to allow the cleaners to run when they are blocked by malware.

If malwarebytes has installed on your system but can not run, it has a program called Chameleon that attempts to override the malware block. Instructions are here:

https://support.malwarebytes.com/cus...tem-?b_id=6447

Also there is a stand alone version that can help get it installed:

Malwarebytes | Chameleon - Free Malware Removal Tool

 

Hi!, yes I have tried renaming both applications. Also here is the logs from the programs I was able to run.Fixlog.txt LOG ROGUEKILLER.tmp.txt Rkill2.txt

EDIT: And to run Chameleon I would need a internet connection, and as far as I have seen this would let the trojan download more viruses/adwares.

And if Chameleon does not help, I would then have all the adwares that the trojan downloaded still on the PC :/

 

Did you follow the guide simrick has posted? Follow it exactly. After you uninstall listed apps and run FRST with fixit.txt other programs should be able to run.

 

I followed the guide from word to word untill I got to ADwcleaner.

EDIT: I almost forgot, the MCafee app and no IOBits were on the system. Sorry for forgetting this.

 

Thanks. Looking at the logs now.

 

No problem. Please uninstall WinZip Registry Optimizer. Then, go ahead and run RogueKiller again. This time I'd like you to delete everything it finds. The only possibly legit program it's flagging is WinZip Registry Optimizer, and you really shouldn't be using that anyway (it will cause more problems than it will help). However, if this program was a torrent, then it is suspect. Everything torrented is suspect. Torrents are nothing but problems nowadays.

Okay thanks.

Chrome is completely gone, right?
Did you find ESEADriver2 in Device Manager or no?
Were you able to run FIX in the FRST tool?

What I'm seeing are browser hijackers/redirectors, a trojan and rootkit. Nothing that warrants a clean install at this point, as long as we can get control over the system. Malwarebytes will get rid of most of this - that's why it's being prevented from running. So, we're going to run it outside the operating system:

Go to a clean PC and download Kyhi's custom rescue environment.
Windows 10 Recovery Tools - Bootable Rescue Disk - - Windows 10 Forums
Save the ISO to the desktop of the clean PC. Right-click the ISO and select MOUNT or OPEN WITH WINDOWS EXPLORER. This will mount the ISO and assign a drive letter to it.
Copy all the files inside the ISO over to a clean flash drive.

Boot the infected system to the flash drive.
Use the included network connection utility to get it online, if necessary.
(no worries going online with this, as your OS is dormant at this point.)

Open up Malwarebytes, update the definitions, select full scan of OS drive, and select to scan for rootkits.
Open the scan log and post it here on the thread before you leave the rescue environment.

 

I uninstalled WinZip? :/, Also that EseaDriver was not found. I searched around could not find it. Google was completely uninstalled, but there was an error in the middle of removing it. Not sure what it is, but after 10min Chrome was gone. The one log in the FRST shows the "fix" and yes, i was able to run it.the ISO right now.

 

Okay thank you.

 

So there is no problem using the internet connection while still booting that Rescue?

Also, You want me to not leave the recovery while you're checking the logs?

 

Nope, no problem using internet while in the rescue environment. Your OS (Operating System) is not running, so the infections are dormant and can be removed.

 

Okay*Smile Going to boot it up now *Party

 

That's not necessary, but you may want to run a second Malwarebytes scan after the first; only because sometimes, some things need to be removed so others can be found.

You may want to run Ccleaner on your browsers and remove everything (not sure how well this works in the rescue environment, as I've never tried that one personally).

But I think you can go ahead and leave the rescue environment when you are finished, and then go back to my instructions post and try to run the scans again, in the order I suggested.

You can find all the programs here, in X:, when you've booted to the rescue environment:

 

Just to be clear, I only suggested you post the Malwarebytes log while in the recovery environment, because you will lose it after leaving the recovery environment. It's also possible to create a folder on the flash drive and save it there.

 

It seems like it is not letting me boot into the drive. I boot the Flash Drive on the PC, but nothing special happens. It just runs Windows as usual and all files starts and loads in as usual? Is it supposed to do this?

 

Usually there is a special key you can press as soon as you turn the system on (like F12, or Esc - it depends on the system manufacturer), and it will pause the boot process and give you a menu to select what media you want to boot from. For instance, for some Dell and HP models, you can press Esc (Escape key), and the boot menu comes up before Windows loads. There you have a selection of Windows Boot Manager (which is your normal OS), USB drive, optical drive, network, etc... Sometimes you have to start tapping this key as soon as you turn the system on, and keep tapping it until the one-time-boot-menu appears.

Kyhi's rescue environment is like a mini-W10, but you'll see the desktop looks different.