Solved What can I do to remove trojan virus in my laptop?

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
My laptop OS is Windows 10. As soon as I notice that my laptop is infected with trojan virus, I identified the location of the virus file but I cannot delete it. I entered the safe mode and I can't access my user already. (I'm the administrator) so I'm using a guest account. I tried to reformat C: drive but it needs the administrator password, I entered the password but rejects it that is why I can't reformat it also. I also tried to delete the file using cmd before entering the safe mode but the file cannot be deleted. What can I do about it? It can't connect to the internet (safe mode). It's okay to lose the files since its a new laptop so it doesn't contain much important files. Any advice? What's the best thing to do? I'm about to consult a technician tomorrow morning but I'm worried if they can still fix it. It's a new laptop I bought (ASUS TUF Gaming FX505) and it just got infected with trojan virus, how unlucky😭😭 thank you for your response everyone <3
 

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
To be honest, I visited a website to download an installer of proteus 8.9 since I'm gonna need it for my online class. There is no warning so I thought it's okay and does not contain any virus so I installed it. Then, that happened. I know it's my fault:cry:
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hello Louvern and welcome to TSG,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....
 

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
Hello Louvern and welcome to TSG,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....
My laptop is not connected to the internet so I think I can't download that. But can I download it instead from another PC then transfer the installer to my laptop using Flash Drive?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Yes you can use the flash drive for the installers, but Malwarebytes and AdwCleaner need an internet connection to update after being installed. Why is there no internet connection...?
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Scratch that last message, use the flash drive and transfer and use FRST only, get the logs back here same way....
 

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
Scratch that last message, use the flash drive and transfer and use FRST only, get the logs back here same way....
Sir I transfered the installer for FRST but it can't be installed because it asks for administrator permission. I entered my admin password but rejects it. I can't install any program right now. I even connected it to the internet using LAN cable to get the installers. I'm stuck in the safe mode using a guest user. I tried to login to my account (admin account) using the correct password but I could not logged in.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
The best way forward now is to run frst via the recovery environment.... Continue:

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window....

Other options for Choose an option window at following link:

How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt.

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Startup Repair"

If that fails go through that process again, this time select "System Restore" from there follow the prompts to run System Restore to any date prior to this issue happening..

If those all fail go through same process again, from Troubleshoot select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thanks,

Kevin...
 

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
Update: I am still unable to install any programs because it keeps on asking for administrator password and I only have limited access that is why I cannot do anything on Safe Mode. I decided to backup D: drive and format the laptop. Then I installed malwarebytes, FRST etc. and removed the virus. Thank you.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hello Louvern,

Do you require any further assistance...?

Thank you,

Kevin
 

Louvern

Thread Starter
Joined
Oct 30, 2020
Messages
8
Yes, though I created a separate forum for this and I was advised to proceed here
The files are encrypted to .jdyi extension. So far this is what I have done already (see attached photos):
(I installed Emsisoft Decryptor but it says that decryption is impossible) What am I going to do? And where can I get help? Where can I report regarding this issue? Thank youuu for your response
1604419335466.png
1604419350077.png
1604419358334.png
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top