First time having this and its out of my league (virus)


  1. Posts : 12
    Windows 10
       #1

    First time having this and its out of my league (virus)


    Hello guys.
    I will try to describe the issue as much as i could.
    Recently i detected at my work place that one PC acted weird and the SSD was 100% or the pc froze up.
    Taking a look at it i discovered that it has in task manager a running Bittorrent instance that at first i believed its just a simple problem. I killed the app and search for its folder and deleted that. As i was browsing the pc for more clues i discovered that the pc has an alternative username created as Administrator too also a folder filled with fully downloaded porn and movies. I deleted everything and removed the user also ran a TRON script that i heard of and that also deleted some files. Thinking i was done i closed the PC but i was noticed that the issue reappeared and to my surprise the Bittorent app was running again. Neither the Windows Defender did nothing or Online scanners or Malawarebytes or that TRON script with his suite of apps to remove this kind of things found an issue. But everytime was trying to remove that running Bittorrent at a restart of the PC the app would run again even if i deleted it remove it close it scan it. Nothing worked. To my surprise i discovered that most of the network PC had the same issue. I decided to do a full format on all of the pcs in the network (not the wireless ones) without the internet connected on all of them because i said it might spread over network somehow. Today one of the PC had it running again + downloaded already a bunch of things too.
    The process is called Bittorrent.exe and has also sometimes others running bittorrentie.exe x2 and torrent-manager that i always find running. It always has his files in C:\Users\PCNAME\AppData\Local called Bittorrent helper or something like that.
    All PC running the latest WIN 10 HOME with last updates available on Windows Update
    I really dont know how to get rid of it because once its there its not going away (I believe it has a autorun or a script or a batch file or something that passes the check on the windows antivirus and gets started again once it sees its not running or something)

    No we dont use torrents on those pc and the user using it does not even know how to install or use it.
    No no one else has access inside of the rooms beside the people working there and none did it as a joke or to get something to pass the time

    Tried - Blocking it with glasswire but glasswire is not free to stop it from having access to internet (kind of a fix but nothing else was fixed as its doing its job meaning its still there and i cant remove it.
    Tried - Kaspersky Cloud Antivirus (delivered the same notifications about different apps or different things trying to modify things from PC and made the PC unusable because each time was asking for a restart to remove it even if that did not fix the issue because in a minute or two it gets the same notification / Offline usb to scan it (No results from scanners) / Online Antivirus scanners / Malawarebytes / Formating PC

    Maybe the formatting without the wireless ones was a mistake. But i am talking about 9 PC that i need to format and install the required programs and updates and drivers by myself so it was a hard task in hours.

    First time having this and its out of my league (virus)-1.jpgFirst time having this and its out of my league (virus)-2.jpgFirst time having this and its out of my league (virus)-3.jpg
      My Computer

  2. Ghot's Avatar
    Posts : 15,955
    Win 10 Home 10.0.19044.1469 (x64) [21H2]
       #2

    @bogtheman

    I would agree, that you should have formatted ALL of them, if you were going to format most of them.
    The fact that this "infection" is downloading porn and movies... points to a person.
    I would think that an infection would try to do other things.. like steal banking information.


    You might want to try here. They aren't fast, but they will solve the problem.
    Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com
      My Computer


  3. Posts : 12
    Windows 10
    Thread Starter
       #3

    Ghot said:
    @bogtheman

    I would agree, that you should have formatted ALL of them, if you were going to format most of them.
    The fact that this "infection" is downloading porn and movies... points to a person.
    I would think that an infection would try to do other things.. like steal banking information.


    You might want to try here. They aren't fast, but they will solve the problem.
    Virus, Trojan, Spyware, and Malware Removal Help Forum - BleepingComputer.com
    That's exactly what I wanted to avoid for people going for a person that did this. I can guarantee that it's not the case 100% but that's not the point in my issue because I'm not looking for a person i am looking in solving the problem created. I can go on in the reasoning behind the 100% but it's not important to this case in hand. But thanks for the link I will try there for sure too.
      My Computer

  4. Callender's Avatar
    Posts : 4,605
    21H1 64 Bit Home
       #4

    Enable Command Line column in Task Manager.

    Task Manager Startup Flooded With Unknown Apps

    Then it should show the path. if you can't uninstall the programs then maybe someone droppeed the portable versions ion the drive and set them to auto start. In that case remove the startup entries and delete the folders containing the programs.
      My Computer

  5. MaloK's Avatar
    Posts : 1,443
    Windows 7 Pro
       #5

    Hi,

    First thing to do is to segregate the network completely disconnect all pc network cable and forget all WIFI network on all affected machines.

    Clean computer one by one.

    Boot in safe mode and use Norton Power Eraser. do a full scan and disinfect everything found.

    Reboot directly to safe mode and use Autoruns to locate / delete startup entries find files implicated and delete manually all suspicious files.

    Restart the computer in normal mode and use Autoruns to locate / delete (again), do a full scan with your antivius.

    Remove admin right from all user and create and use an alternate administrator account, disable buit-in administrator and guess account. make sure defender / smartscreen works before going back online.

    Change every single password on your network including. All users, all routers, all other edge device you could have.

    Put the machine back on the internet and work with it to make sure it's clean. If you succeeded the problem should not come back...

    Use the same method to clean the other machines. If you have servers on the network they must pass the same treatment.

    All data drives and critical archives must be scanned too.

    I sincerely wish you all the best. but you're in a dire situation at the moment.
      My Computers


  6. Posts : 12
    Windows 10
    Thread Starter
       #6

    MaloK said:
    Hi,

    First thing to do is to segregate the network completely disconnect all pc network cable and forget all WIFI network on all affected machines.

    Clean computer one by one.

    Boot in safe mode and use Norton Power Eraser. do a full scan and disinfect everything found.

    Reboot directly to safe mode and use Autoruns to locate / delete startup entries find files implicated and delete manually all suspicious files.

    Restart the computer in normal mode and use Autoruns to locate / delete (again), do a full scan with your antivius.

    Remove admin right from all user and create and use an alternate administrator account, disable buit-in administrator and guess account. make sure defender / smartscreen works before going back online.

    Change every single password on your network including. All users, all routers, all other edge device you could have.

    Put the machine back on the internet and work with it to make sure it's clean. If you succeeded the problem should not come back...

    Use the same method to clean the other machines. If you have servers on the network they must pass the same treatment.

    All data drives and critical archives must be scanned too.

    I sincerely wish you all the best. but you're in a dire situation at the moment.
    For a part i kind of did that but i somehow got stuck by not doing all. Let's hope your recommendation works because none of the things that i used detected BitTorrent as bad. Believe that the last picture from Kaspersky it was into something but that ended bad because it made the PC unusable. What I don't see and find is where it's starting again from. Thanks a ton
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:32.
Find Us




Windows 10 Forums