Solved Virus and Malware removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PatrickAshfield

Thread Starter
Joined
May 24, 2021
Messages
19
A month ago I installed Windows 10 on a HP desktop. Today I opened a reliable news site I have used often, but then I opened a celebrity slideshow. Immediately Microsoft shut down my computer. I called the number given and was ran through a bunch of questions. I was told that my IP address was used to access porn sites. I DO NOT LOOK AT PORN. Am I in danger of being regarded as a user of porn sites? Then I was told that other bad file could not be removed without my sighing up for $300 for 2 0r 5 years service. When I objected the price came down. This made me suspicious. Perhaps this person was the one who hacked me. He told me that the hackers even had my IP address. I got a copy of super antispyware and did a scan. All was good except the presence of 158 cookies. I deleted these. I can easily clear out this computer and reinstall Windows 10. Can I change my IP address? Do I have to? My server is through Xfinityprepaid. Thanks for your help. Patrick
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Hi, Patrick.

The safer thing to do, if you have clear evidence that you have been hacked, is to reinstall Windows, with deleting all partitions and do a fresh beginning.

However, if you don't want to reinstall your operating system, you can attach your logs here, so we can have a look at them. It's up to you.

Let us know about your decision.

Here are the log posting instructions: Everyone MUST Read This BEFORE Posting for Help in This Forum | Tech Support Guy (techguy.org)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Hi, Patrick.

Thanks for the logs.

These are some basic rules I would like you to follow, during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


================================

Let's begin.

There are some signs of system's corruption as well as disk's damage. So we will start from this.


1. Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot would be fine).

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot would be fine).

3. Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

In your next reply please post:
  1. The two screenshots after DISM and SFC
  2. The chkdsk result
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Is there a danger if I download a few photo files and music file to a thumb drive.
Download from the internet? If yes, I prefer not to do that yet please.
 

PatrickAshfield

Thread Starter
Joined
May 24, 2021
Messages
19
Hi, Patrick.

Thanks for the logs.

These are some basic rules I would like you to follow, during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


================================

Let's begin.

There are some signs of system's corruption as well as disk's damage. So we will start from this.


1. Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot would be fine).

2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got (a screenshot would be fine).

3. Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    Code:
     chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

In your next reply please post:
  1. The two screenshots after DISM and SFC
  2. The chkdsk result
Here are files requested. Is there some way I can determine what sites I logged onto on Monday July 12 in early afternoon? I looked at news sites I always looked at. I am sure they are safe. But on one ( I don' know which) I opened a sidebar site that presented a slideshow that was maybe on celebrities. That's when Microsoft shut down everything. It might be helpful to locate this problem place. Thanks again for help.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Hello, Patrick.

Thanks for the logs. The corruptions found are fixed now, so we can move on. No need to search and show me the sites you got to. Also, the warning you got was not from Microsoft. It was a phishing message, to give your personal data to them. As for the backup you want to do, of course. You can do that.

Let's move on.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
 Adobe Flash Player 10 ActiveX
Shockwave 7.0.3 Player
  • Select the above programs, one by one, and click Uninstall.
  • Restart.
Check the following programs and if you don't need them, repeat the above procedure for them. The HP programs are preinstalled programs, meaning that they were installed in the computer when you bought it. Personally, I don't keep programs I don't need/use. It's your decision if you keep them or uninstall them. Let me know about your decision.

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics


2. Uninstall applications

Click on the Start button, locate the following apps, right click on each of them and select uninstall.

McAfee WebAdvisor
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System
Norton Safe Web
Norton Security Protection


3. Uninstall Norton Internet Security

The product is disabled, out of date and not shown in your programs list. Use the Removal tool, following the instructions here, to correctly uninstall it: Download and run the Norton Remove and Reinstall tool


4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Toolbar: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{52C17D8A-4825-490D-8AD6-0E69A752C190}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{13248ADE-1873-4CF2-80F0-47C0FC101808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {4B4BA80F-DB49-4084-85E7-E4DB3EC7F8FC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {894AE2FB-FE94-4953-B2EC-5DDAF01532D0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {A86E0EFB-28EB-41AE-A73A-DB019290C162} - System32\Tasks\{610D2340-47BE-4957-B151-3612AA17A24C} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {C187DD99-F9B8-4ADA-A609-7E04FDF3A318} - System32\Tasks\{6B3F9A93-8509-4DAB-A6F2-A9E7A498A33B} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {D0E165D5-8DBE-4A02-9217-7368C87E2F70} - System32\Tasks\{89F2FEF1-4D46-485E-A010-9016159F3B16} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {EA6CBEC4-39E9-45B1-B6DD-3F8C783EEBC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
U3 idsvc; no ImagePath
C:\Program Files (x86)\Norton Internet Security
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What programs you uninstalled in step 1
  2. If everything went fine with steps 2 & 3
  3. The fixlog.txt
 
Last edited:

PatrickAshfield

Thread Starter
Joined
May 24, 2021
Messages
19
Hello, Patrick.

Thanks for the logs. The corruptions found are fixed now, so we can move on. No need to search and show me the sites you got to. Also, the warning you got was not from Microsoft. It was a phishing message, to give your personal data to them. As for the backup you want to do, of course. You can do that.

Let's move on.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
 Adobe Flash Player 10 ActiveX
Shockwave 7.0.3 Player
  • Select the above programs, one by one, and click Uninstall.
  • Restart.
Check the following programs and if you don't need them, repeat the above procedure for them. The HP programs are preinstalled programs, meaning that they were installed in the computer when you bought it. Personally, I don't keep programs I don't need/use. It's your decision if you keep them or uninstall them. Let me know about your decision.

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics


2. Uninstall applications

Click on the Start button, locate the following apps, right click on each of them and select uninstall.

McAfee WebAdvisor
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System
Norton Safe Web
Norton Security Protection


3. Uninstall Norton Internet Security

The product is disabled, out of date and not shown in your programs list. Use the Removal tool, following the instructions here, to correctly uninstall it: Download and run the Norton Remove and Reinstall tool


4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKU\S-1-5-21-4194323796-1499932326-3689530080-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
Toolbar: HKU\S-1-5-21-4194323796-1499932326-3689530080-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{52C17D8A-4825-490D-8AD6-0E69A752C190}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{13248ADE-1873-4CF2-80F0-47C0FC101808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Task: {4B4BA80F-DB49-4084-85E7-E4DB3EC7F8FC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {894AE2FB-FE94-4953-B2EC-5DDAF01532D0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {A86E0EFB-28EB-41AE-A73A-DB019290C162} - System32\Tasks\{610D2340-47BE-4957-B151-3612AA17A24C} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {C187DD99-F9B8-4ADA-A609-7E04FDF3A318} - System32\Tasks\{6B3F9A93-8509-4DAB-A6F2-A9E7A498A33B} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {D0E165D5-8DBE-4A02-9217-7368C87E2F70} - System32\Tasks\{89F2FEF1-4D46-485E-A010-9016159F3B16} => C:\UbiSoft\The Settlers IV\S4.exe
Task: {EA6CBEC4-39E9-45B1-B6DD-3F8C783EEBC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
U3 idsvc; no ImagePath
C:\Program Files (x86)\Norton Internet Security
cmd: ipconfig /flushdns
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. What programs you uninstalled in step 1
  2. If everything went fine with steps 2 & 3
  3. The fixlog.txt
I spoke with the people from the phishing who got access to the computer and did things. They certainly made changes. Is Microsoft aware of this type of thing. I do not understand why I am uninstalling programs if I intend to do a re-install of Windows 10. If I reformat the hard drive am I not removing everything? Also if I copy a few video files, like Pinterest stuff and short music files to a thumb drive to move them am I carrying with them corrupted files. Please bear with me as all is new to me. You have been most helpful. I have no need to backup anything as everything is replaceable including the files I want to move.

Do the following get removed by a reformat? I will remove them as you suggest. But I do not know if I will ever need them. Is it necessary to remove them.
VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

I am not sure how to do a reformat with Windows 10. Can you explain?

Attached is the fixlog.txt. Again thanks for great help and you continued patience.
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
I spoke with the people from the phishing who got access to the computer and did things. They certainly made changes. Is Microsoft aware of this type of thing.
WHY did you do that? Spoke with the people who tried to attack you? Please DO NOT do again such a thing! Microsoft has nothing to do with this!

I do not understand why I am uninstalling programs if I intend to do a re-install of Windows 10. If I reformat the hard drive am I not removing everything?
You never told me that your plan is to re-install Windows. In your initial post you just said: I can easily clear out this computer and reinstall Windows 10.

Yes, doing a clean re-install, most of the times will remove everything.

Also if I copy a few video files, like Pinterest stuff and short music files to a thumb drive to move them am I carrying with them corrupted files.
The corrupted files have to do with Windows, not the simple files you have in your computer. There are some infections that can transfer themselves in the removable drives but I can't see something here that justifies that.

Do the following get removed by a reformat? I will remove them as you suggest. But I do not know if I will ever need them. Is it necessary to remove them.
Yes, a clean install will remove them. A factory reset won't as they consist pre-installed software.

I won't give any other instructions, until you tell me what you want to do: clean the computer or re-install the operating system.
 

PatrickAshfield

Thread Starter
Joined
May 24, 2021
Messages
19
To set things in proper order: On July 12 I was looking at news sites and clicked over to some site on their page about celebrities. A slide show ensued. Suddenly a screen appeared telling me that Microsoft had shut down my computer because of malware attack. I was given a phone number to call. I assumed this was from Microsoft, i.e., a Microsoft phone number. I called the number and someone there made what I thought was corrections. Perhaps I was wrong to assume this was Microsoft. But it seemed the right thing to do at time. Again should Microsoft be advised of this?

Do these phishing people have access to my IP address? Does the IP address reside on computer or router. I am with XfinityPrepaid.

I want to do what is best. If re-installing the Windows 10 is best I will do it. If all is good right now, I will follow advice.

What does a factory reset mean? After I remove these following files am I to get HP to reinstall them via Internet download? Do I need them?

VIP Access SDK
HP Setup
HP SimplePass PE 2011
HP Support Assistant
HP Support Solutions Framework
HP Vision Hardware Diagnostics

Sorry if I am a bit dense about these things. Again, I assumed from beginning that I was working with Microsoft and not some fake. Doesn't Microsoft Defender in Windows 10 not protect me from these attacks. After re-installing Windows 10 am I still subject to such attacks?

Again thanks for all kind patience and superb help.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Hi, Patrick.

Yes, let's put things in an order.

You had an illegal attack by strangers claimed to be from Microsoft. These phishing attempts are well known and depending on what you let the hacker do in your computer, you may consider to contact the Authorities.

"Someone made changes" you say. How? You gave him remote access? He told you what to do and you just did what he said? I don't know. In addition, there is no way to know if he got your IP. Firewalls suppose to prevent this.

Your logs don't show signs of an infection or a remote access activity. There are only signs of browser hijackers.

Here, we can clean the computer.

BUT: If you don't feel well with that or you want to do a clean install to be 1000% sure that everything is clean, is up to you.
 

PatrickAshfield

Thread Starter
Joined
May 24, 2021
Messages
19
Again thanks for all kind help. Do authorities mean Microsoft? Surely they should want to know. I did some things I was told and they did others making changes. Do you think all that was done is cleaned out now? I guess it would be best to do a clean re-install of Windows 10. Please explain best way to do that so that hard drive is completely clean before I re-install. What does it mean if they have my IP address. Does this not remain the same even with a re-install? Can they still do me harm even if I re-stall? I seek your best advice on this matter as to re-nstall or anything else you think best for me to do. Again, sorry to be a bother. With much thanks.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,199
Authorities means the Police.

Microsoft is aware of these attempts and every computer user has to be aware of them too.

I believe that you should not worry about your IP. However, I recommend you to change your passwords (wifi, rooter, email/bank accounts etc., using a healthy device).

Re-installing the operating system would clean everything.

Instructions about clean install

(FIRST BACKUP YOUR FILES)


How to do a Clean Install of Windows 10 the Easy Way (howtogeek.com)

See the first method, install Windows from scratch. When you reach the partition step, select all the partition and delete them (not just format them).
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top