Windows 10: Malware help please + cryptoprevent

  1.    4 Weeks Ago #1

    Malware help please + cryptoprevent


    So I have this in the log of cryptoprevent
    Event ID=866 Message of: Access to C:\Users\Zman\AppData\Local\atbizdu\cgcstpk.exe has been restricted by your Administrator by location with policy rule {B6AF3C37-6012-4DEC-87BB-5125E94F5BC5} placed on path C:\Users\AdminZman\AppData\Local\*\*.exe.

    on a constant basis I cannot get into that folder I cannot delete it rename it or anything if I try to take ownership of it I get told I cant even though Im a adminstrator account.
    I booted off a windows 7 disk went to a command prompt and deleted it yet its back again Ive ran malwarebytes hitman pro windows defender. How do I figure out how thats being created and whats trying to access that exe?

    thanks
      My ComputerSystem Spec


  2. Posts : 3,242
    3-Win-7Prox64 2-Win10Prox64
       4 Weeks Ago #2

    Hi,
    Seems like at bizz is some sort of social media sharing site have you ever joined it ?
    You can try the normal like scanning with malewarebyes and adwcleaner and see what it finds.
      My ComputersSystem Spec

  3.    4 Weeks Ago #3

    nope never joined anything named close to that I have tried malwarebytes thou.
      My ComputerSystem Spec

  4.    3 Weeks Ago #4

    Hi. Have you resolved this or are you still looking for help? It sounds to me as if you have some sort of Rootkit (keeps spawning itself over and over).

    Malwarebytes has an option to scan for Rootkits, but you have to check the box for it in Settings> Protection.
    I would first start out with this though:

    Run RKILL
    Download RKill
    This program doesn't install on the system. It just runs, and closes/ends all suspicious running items. Everything it does is temporary and undone by a reboot.

    Run a scan with ADWCleaner
    Downloads - AdwCleaner - ToolsLib
    If the scan finds anything, it will offer you an option to clean - go ahead and do that. After cleaning, it will prompt for a reboot - do that as well.

    Then run RKILL again.

    Now run Malwarebytes with the Rootkit scan box checked and see if anything is found.

    Posting the logs here from RKILL and ADWCleaner will also help.
      My ComputerSystem Spec


 

Related Threads
Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
Is CryptoPrevent 8 user friendly? in AntiVirus, Firewalls and System Security
I didn't get around to updating to version 8 as this program is easy to forget you have... Now I have reinstalled Windows I will probably reinstall it. I recall someone saying version 8 was not so user friendly as the old version, is that true? Is...
Is this a malware in AntiVirus, Firewalls and System Security
I am having real problems posting in here as in the post disappearing suddenly and I am also getting this pop up see pic have checked with Google and cannot get any firm ideas.
malware in AntiVirus, Firewalls and System Security
I do not understand what to do with Wise Uninstaller as a result of a scan with AdwCleaner. Please see attachment. I notice another file flagged but do not recognize it. I use Revo in conjunction with Wise because you can type a program not...
Solved CryptoPrevent Version 8 is Out in AntiVirus, Firewalls and System Security
Another great addition to fighting the criminals CryptoPrevent Malware Prevention Foolish IT

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:47.
Find Us