Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

The famous StartupCheckLibrary.dll and winscomrssrv.dll

10K views 46 replies 3 participants last post by  ndxc 
#1 ·
I have a bad history with this trojan. Already got infected by it a few times, had to format my PC like three times recently.

Then on 9th January I got infected again and decided to find a way to remove it or work around it somehow. I noticed it always deleted and/or blocked my Windows Defender, Windows Updates and any antivirus I had installed at the time. It also deleted any restore points I created, but this time I managed to restore it somehow. It wasn't through Windows 10 System Restore, but through the advanced restart, then restoring from there.

Then as expected I got infected again since it was just a restore and now I'd like your help to assist me on removing it without either restoring or formatting my PC, if possible.

I also suspect on what could be infecting me again and again but unfortunately I can't remove the things I suspect because I need them. But if you could help me get rid of it once I can at least learn the process and repeat it by my own when needed.
 

Attachments

See less See more
1
#44 ·
Do you think I should try this before starting a new topic? An in-place repair.
I'm also considering reformatting it entirely, might be faster I don't know. What do you think?

Also do I have to remove the tools we used?
That's all questions I think and I really can't thank you enough for all your time and support @iMacg3. You're awesome bro!
 
#45 ·
Hi ndxc,

Trying the in-place upgrade is fine. (If you need assistance with it, you can start a topic in the Windows 10 forum. )

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service online, external hard drive, or CD/DVD.

The following articles have more information about methods to back up your computer:

What's the Best Way to Back Up My Computer?

5 Ways to Back up Your Data
----------------------------------------------------
Here are some articles about how to keep your computer safe on the Internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top