Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

I Think That My Computer Has a Virus

Solved 
6K views 54 replies 3 participants last post by  DR.M 
#1 ·
First of all, I could not download the Farbar Recovery Scan Tool. I tried several times but each time, I saw a message from Windows Defender indicating that this was not a regular download, and it wouldn't let me download it.

The problem occurred this evening. All of a sudden, my computer began running very slowly and some icons on the desktop would not open the programs, e.g., the VPN on my computer. I ran Malwarebytes and Hitman Pro Alert, but the programs did not detect any malware. If someone can tell me how to bypass Windows Defender and download the Farbar Recovery Scan Tool I will appreciate it.
 
#35 ·
Dr.M, thanks again for your help. Please see the attachments. Windows Defender was working tonight and it is turned on; Malwarebytes Windows Security Center is turned-off. I sincerely appreciate your help and I try to reply as soon as possible but I am working some long hours, and it may take me a day or two to reply with the information that you requested. And, yes, I am very concerned with my computer's security knowing that there are people who would like to hack my computer for whatever purposes that they might have. Thanks again for your help.
 

Attachments

#36 ·
Dr.M, today I was cleaning the Temp files in my computer and under %temp%, there were two files that would not delete. These two files required the Administrator's permission to delete and after giving the permission, they still would not delete. I Googled one of the file names and discovered something that I would like you to take a look at. (Please see the attachment for a screenshot of what I discovered when I Googled one of the file names.) Could this be malware? Thanks. And, did you have a chance to look at my previous post with the information that you requested?
 

Attachments

#37 ·
Hi, referee007.

Apologies for the late reply.

Windows Defender was working tonight and it is turned on; Malwarebytes Windows Security Center is turned-off.
You posted again the Firewall setting instead of the Windows Security screenshot. Can I see the Windows Security screenshot, please, so to confirm that everything works fine?

Dr.M, today I was cleaning the Temp files in my computer and under %temp%, there were two files that would not delete.
How did you try to clean the Temp files? Did you use the Wise Cleaner or the Disk Cleanup utility?

These files are being used by any software on the computer as temporary files for the software to work properly when launched or being used. It is sometimes created invincibly on the computer and is usually removed or deleted once the program is closed.

In any case, there is nothing to worry about them.
 
#38 ·
Dr.M, thanks again for your help. Please see the attachments for screenshots of the Windows Security page and the Firewall & Network Protection Page. I deleted the temp files by holding-down the Windows logo key and they typing "temp," "%temp%" and "prefetch" and then deleting all of the entries in these three (3) areas. Since you indicated that some software needs the temp files to work properly, I don't be deleting these files in the future. Also, I still use the Wise Disc Cleaner but I deleted the Wise Cleaner 365 because I believe that it messes around with the Registry and I don't want anything messing around with the Registry. Thanks again for your help, and if you need anything further, please let me know.
 

Attachments

#39 ·
No need to do the above to clean your disk from temporary files or any other file. Disk cleanup can do the job for you. Just to have in mind in the future:

Disc cleanup
  • Press the Windows icon on your keyboard, together with the letter R.
  • Type in the blank area cleanmgr and then press OK.
  • Select Drive C and press OK.
  • Select everything you don't need in the list that will appear. Actually, you can select everything there, but be careful if you need some files in the Downloads folder.
  • Press the button Clean up system files and wait a bit.
  • Again, select everything you don't need, including old Windows installations, if any.
  • Select the tab More options.
  • Under the title System Restore and Shadow Copies, press Clean up.
  • Press Delete and OK if you are asked to.
  • Wait some time (depending of the items that are deleted).
  • Make a restart when the process is finished.

As for using Wise cleaner or any cleaner, yes, we do not recommend in any way their use in cleaning the registry.

Since the computer is now clean, and Windows Defender works fine, let's finish the job.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 
#40 ·
Dr.M, thanks again for your much appreciated assistance for letting me know about "cleanmgr." And, I do not intend to tamper with the Registry in any shape or form. Please see below for the results of running KpRm.
__________________________________________________________________________________________________________________

# Run at 12/5/2021 8:48:50 PM
# KpRm (Kernel-panik) version 2.9.2
# Website https://kernel-panik.me/tool/kprm/
# Run by User from C:\Users\User\Desktop
# Computer Name: DESKTOP-7RCNB9G
# OS: Windows 10 X64 (19043)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\User\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-12-05-20-48-49

- Delete Tools -

## AdwCleaner
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0 (1).exe deleted
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0 (2).exe deleted
[OK] C:\Users\User\Downloads\adwcleaner_8.3.0.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\Addition.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\Fixlog.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST-OlderVersion deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST.txt deleted
[OK] C:\Users\User\Desktop\Tech Support Guy - Communication\FRST64 (1).exe deleted
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 11/25/2021 13:51:02 deleted
~ [OK] RP named Restore Operation created at 12/01/2021 12:22:09 deleted
~ [OK] RP named Revo Uninstaller Pro's restore point - x264vfw - H.264/MPEG-4 AVC codec (remove only) created at 12/04/2021 02:05:48 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 12/05/2021 11:50:01

-- KPRM finished in 153.70s --

Dr.M, thanks again for your help. It is greatly appreciated. And, if you can make any further suggestions, they will be greated appreciated also.
 
#41 ·
Excellent, referee07!

We reached the end of this road, finally!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe's Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like μTorrent, Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.


I'm glad I was able to help you.
 
#42 ·
Dr.M, thanks again for all of your help and for sending me these tips on how to keep my computer safe. I do have some qualms about Windows Updates. I realize that I should be updating Windows, but about two months ago, after Windows updated the Windows' System, my computer suffered a major malfunction. I kept seeing "the blue screen of death" and no matter what I did Windows would not boot-up. I took it to a computer repair shop and the gentleman there tried to fix it with software that he had, but he was not able to fix it, and he told me that he needed to reinstall Windows after which I would not have any of the programs that I added after I received the computer. Well, I took the computer home and tried Restore again and a miracle happened and Windows booted-up. I took the computer back to the repair shop and he suspended Windows updates and I have kept the updates at bay ever sense because I don't want to face "the blue screen of death" again. I know that I really need to update Windows but I don't want to go through the same thing. Any ideas or suggestions? Thanks again.
 
#43 ·
I took the computer back to the repair shop and he suspended Windows updates and I have kept the updates at bay ever sense because I don't want to face "the blue screen of death" again.
Stopping updates is not a solution to any problem. And for sure is not a professional advice. Putting the computer in great risk just to avoid an issue, doesn't solve anything. The updates are necessary as I explained before and if there is a problem with any of them, it must be checked and get solved.

However, I see that your computer is running with the latest update, so no problem for now.
 
#44 ·
Dr.M, thanks again for your replies. Last night I checked "Updates" and saw that there were two cumulative updates available. I downloaded and installed these updates and when my computer something appeared to happen to the computer secondary to the updates. It took maybe two minutes for the computer to reach the log-in screen at boot-up, and then the wallpaper showed-up but the icons didn't and noting in the lower tray appeared. After about a minute the icons appeared and the lower tray showed the icons there, but when I clicked on a program, nothing happened. I didn't want to do anything last night and when I started the computer this evening the same thing happened. I tried System Restore and Restore completed it's thing and then I saw a message indicating that System Restore did not restore anything which may have been due to a protection program (My computer does not have a virus protection program; it uses Defender and Malwarebytes.). And then, it started working better. I don't know what happened, but it seems that Updates did something to my computer. (After I followed your last instruction about deleting all of the tools that were used clean and diagnose my computer, it ran very fast with no problems.) Do you have any ideas about what happened after the two updates were downloaded and installed? Thanks again.
 
#46 ·
Hi, referee.

Let's see once again FRST logs.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it's safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
 
#47 ·
Dr.M, thanks again for your replies and for your expertise. I think that the problem has been solved. Since I subscribe to Microsoft's Office 365 and Azure, I was able to contact Microsoft's support and chat (via the computers) with a Microsoft Tech. He advised me that several files were probably corrupted and after he advised me to run sfc /scannow and another program, the problem cleared-up. I am still concerned with Windows' Updates. After working with you my computer was running very fast with no problems. But... after the Updates (only two) the problems surfaced. Are we beta testers for Microsoft's updates? It seems that Microsoft is not able to eradicate all of the bugs in updates before the updates are released to the public. In any event, thanks again for all of your help and your expertise.
 
#48 ·
I'm glad your problem is resolved.

As to the Windows updates, I already said that they are necessary. If problems occur after them, then we have to see/fix the actual reason which is not the updates themselves. Well, at least most of the times. ;)

Is there anything else regarding this computer?
 
#49 ·
Dr.M, thanks again for your replies. There is one lingering problem. It seems three of the icons in the lower tray do not respond when they are supposed to be activated by clicking on them. They are the date/time icon, the speaker/volume adjustment icon, and the connectivity icon, I.e., the icon that shows which Wi-Fi signal is being used or if the VPN is being used. The other icons in the tray all work. I was advised that this might be due to something wrong with Windows Explorer. Do you have any ideas as to why this is happening? Thanks again for your help and I will continue downloading and installing Windows Updates.
 
#50 ·
I often have the same issue with the sound icon. What solves it for me (having in mind that we both tried DISM/SFC), is either a restart or restarting the Windows Explorer.
  • Right click anywhere on Taskbar
  • Task Manager
  • With the Processes tab selected, find Windows Explorer, click on it and then click on Restart, at the bottom right corner.
 
#51 ·
DR.M, thanks again for your replies and for your expertise. I reset Windows Explorer, but the problem persists. The Notifications icon, the Time/Date icon, the Speaker/Volume icon, the Connection icon and the Battery status icons all do not respond when clicked.

I wanted to mention that after I downloaded and installed the two Windows updates, I received a message that a file could not be found. (Please see the attachment for a screen of the message.) I am wondering if this missing file is the cause of the icons in the lower tray are not working?
 

Attachments

#52 ·
Hi.

For the Taskbar icons, try this:
  • In the Search area type PowerShell and select to run it as administrator (important).
  • Copy the following command and paste it in the PowerShell window.
    Code:
    Get-AppxPackage | % { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppxManifest.xml" -verbose }
  • Enter.
  • Let the command to execute itself.
  • Restart the computer.
  • Check the taskbar icons again and let me know if they work.

As for the error you are getting:

See here how to resolve it: Error: Windows Cannot Find IGCCTray.Exe (intel.com)
 
#53 ·
It appears that this issue is resolved, and therefore this topic has been marked as such.

If you are the topic starter and still need assistance, please reply back to the thread. Everyone else, please start a new topic by following the instructions here.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top