Windows Defender Stuck on Removing Severe Threat

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 258
    Windows 10
       #11

    kstavert said:
    I followed the recommendations that I was given here...

    when I wrote, "I started with ADWClearner" - that was
    BEFORE I came here... the Reg Keys that would not
    delete are why i started looking for answers and how
    I ended up here.

    I ran everything I was advised to run - in the order as
    listed and now one of my PC's is squeaky clean...

    I can't thank you enough... another has the same
    crap on it and I'm going through the same process
    on it.

    You guys are the best. thanks

    Karen
    Stay safe my comrade.
      My Computer


  2. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #12

    kstavert said:
    when I wrote, "I started with ADWClearner" - that was
    BEFORE I came here... the Reg Keys that would not
    delete are why i started looking for answers and how
    I ended up here.
    I'm sorry if I misinterpreted that & I'm glad you got it sorted.

    If possible, can you post which cleaners you ran & which one deleted the infection so we'll have a reference point down the road should this happen to someone else.

    Also, once you have confirmed a clean system, take some time to make a system image. This will be invaluable down the road should your OS be compromised badly or hit with ransomware. Follow the tutorial & keep your images on a external HDD/Flash Drive that is not connected to the computer at all times. Make images on a regular basis. Keep 2 or 3 older ones just in case you inadvertently make one with malware.

    System Image - Create in Windows 10 - Windows 10 Forums

    A system image is an exact copy of all system disks which can be used to restore your PC to the state it was in at the time the image was made. By default, a system image only includes the drives that Windows requires to run, including Windows 10 itself, your system settings, programs, and files. You may also include any other drive in the image if you wish. When you restore your computer from a system image it is a complete restoration, you cannot choose individual items to restore and all of your current programs, system settings, and files are replaced with the contents of the system image.
      My Computer


  3. Posts : 54
    Windows 10/64
    Thread Starter
       #13

    Slartybart said:
    If you have any IObit software on your machine - please uninstall those
    If you paid for the software make sure you have a key to reinstall (not recommended)
    Hi Slartybart

    What does iObit have to do with this?

    I have used their uninstaller..... I will
    remove it from my PC's

    Thanks
      My Computer


  4. Posts : 54
    Windows 10/64
    Thread Starter
       #14

    OK... the whole malware crap began when my
    employer sent a file to me and it showed up
    in skype as a long url (instead of the file)

    He frequently sends DropBox links so I didn't
    really think anything of it.

    I copied the link and put it into a browser search
    and, when it took me to skype (I'd not been paying
    attention to the url), I realized that it was malware.

    I thought all was well because I'd not logged into
    my skype account... NOT

    When I sent a file to another computer, via skype
    the same malware link showed up.

    is it possible that the malware was IN the LINK?

    all three computers ended up with the same
    malware.

    I just finished a scan on the last PC and there
    are two additional files that MSERT couldn't/
    didn't remove

    Backdoor:PHP/Small.M
    Backdoor:PHP/WebShell

    Plus, these three
    VirTool:JS/Obfuscator.HO
    VirTool:JS/Obfuscator.HS
    VirTool:JS/Obfuscator.HN

    Do I use any different tools or different order
    to remove these additional malware?

    once complete, I will follow the directions for
    creating an image of the computers.

    Thank you

    Karen
      My Computer


  5. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #15

    kstavert said:
    Hi Slartybart

    What does iObit have to do with this?

    I have used their uninstaller..... I will
    remove it from my PC's

    Thanks
    iObit has some shady practices when it comes to installing unwanted items, such as PUP's.

    IObit is a chinese product that has been denounced by numerous security firms over their practices in the past, doing things like stealing definitions for malware detection from the malwarebytes databases, promoting rogue system tuneup utilities and more.

    Take a look at their "partners" and you'll find that they're promoting some pretty nasty stuff. Here's one article regarding that kind of thing (basically using "scare ware" to increase revenue)
    IObit installs toolbar w/browser hijacker, adware: PC Talk Forum: Digital Photography Review

    IObit Malware Fighter: An anti-malware program that attempts to install malware Cloudeight InfoAve

    Using their uninstaller might not be a good idea, being you don't know what's going to be left behind.

    Suggest you uninstall it using Revo uninstaller (Free version) to make sure it gets all of the items out of your PC. Be sure to read the documentation well when using this program & make a back up as you can easily hose your OS if the wrong reg keys are removed.

    Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

    Revo Uninstaller Pro - How To

    Did you run TDSSKiller & did it find anything?

    Note   Note
    When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.


    It seems your getting reinfected from a source somewhere, if it showed up after sending a certain file to another PC, or the infection showed up after running a certain program/opening a file, then it's possible that file could be housing the malware.

    Any files you suspect should be submitted to VirusTotal

    VirusTotal - Free Online Virus, Malware and URL Scanner

    VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
    Note: Maximum file size: 128MB

    Meanwhile, there is a program called Norton Power Eraser that uses aggressive scans to try & ferret out deep rooted infections.

    Norton Power Eraser | Free Tool | Easily remove scamware that traditional virus scanning can’t detect.


    Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs.
    Norton Power Eraser Tutorials
    Last edited by Borg 386; 12 Aug 2016 at 08:35.
      My Computer


  6. Posts : 54
    Windows 10/64
    Thread Starter
       #16

    You guys are a wealth of very useful tools and info...

    thank you.

    I was oblivious to where iObit came from. I did know
    that their software is VERY obtrusive... kept trying to
    install more things...

    I've used Revo for many years... just used it to uninstall
    iObit and will make sure to never install any of their
    software again.

    Currently, Mbar is running on the last computer - the last
    one to be cleaned.

    I don't believe that I ran TDSSKiller... don't think that
    it was on the list? It's now in my arsenal and I will
    run it on all 3 computers once this one is cleaned.

    Any other recommendations/suggestions?

    thank you
    Karen
      My Computer


  7. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #17

    Yes, I mentioned it in post #6 (TDSSKiller). Go ahead & run that right away after the current scanner finishes. If you have a rootkit that could be one of the reasons the virus keeps returning.

    The link you are using my be redirecting you to another site that has malware. Check the link by R clicking & look at the Web Document addy to see if there are any misdirecting insertions. You can read how to spot those here:

    How to Recognize a Fake URL | eHow

    How to spot a fake link
      My Computer


  8. Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #18

    Here's a TDSSkiller tutorial:


    There are a few things to note about TDSSkiller:

    • Under options: Tick Loaded modules restarts the machine and loads a Kaspersky monitor - answer yes if prompted on the restart. This option protects the scanner from malware

    • Run TDSSKiller twice
      The first time accept the default recommendations - it will clean up known malware, but copy potential malware to quarantine (it won't remove the Potential malware). This allows you to send the file(s) to VirusTotal or another service for inspection. If the service finds the file harmful, you should clean it on the 2nd run.

    • There is a section on VirusTotal tool which points to another tutorial - you can use that or go directly to the VirusTotal website and upload any suspicious files there.

    • You may also accept that TDSSkiller knows what's it's doing and clean all suspicious files, although I can't honestly recommend doing that (I'd rather get a 2nd opinion BEFORE deleting a file).



    Once you've completed all malware on-demand scans, run the following to check that system files are intact ... each utiltiy might take soem time to complete. Please report back if any integrity errors are shown on the screen.

    Command Prompt (Admin)

    Dism /Online /Cleanup-Image /RestoreHealth

    SFC /ScanNow


    The order I usually run the scanners:

    • Full scan using the installed AV product
      If you use Windows Defender - run it offline
      Settings > Update & security > Defender > Offline

    • TDSSkiller

    • Malwarebytes

    • Temp File Cleaner

    • AdwCleaner

    • JRT

    • Hitman Pro (trial)

    • ESET Online Scanner
      -> This scan takes a long time, many people replace this step with Emsisoft Emergency Kit


    Please post the logs if you require assistance.

    Particularly difficult malware might require another offline scanner, such as Avast or Bitdefender, but the above list is normally more than sufficient to declare victory.

    The entire scanning process should be run in one session so that malware has less of a chance to re-infect. Depending on the work to be performed (clean up), it could take an entire day. You don't have to sit there and watch it, but you shouldn't use the machine while cleansing it. Run the scan, come back and if it's done, start the next one
      My Computer


  9. Posts : 54
    Windows 10/64
    Thread Starter
       #19

    'Windows Defender Stuck on Removing Severe Threat


    Slartybart said:
    Here's a TDSSkiller tutorial:

    There are a few things to note about TDSSkiller:

    • Under options: Tick Loaded modules restarts the machine and loads a Kaspersky monitor - answer yes if prompted on the restart. This option protects the scanner from malware
    • Run TDSSKiller twice
      The first time accept the default recommendations - it will clean up known malware, but copy potential malware to quarantine (it won't remove the Potential malware). This allows you to send the file(s) to VirusTotal or another service for inspection. If the service finds the file harmful, you should clean it on the 2nd run.
    • There is a section on VirusTotal tool which points to another tutorial - you can use that or go directly to the VirusTotal website and upload any suspicious files there.
    • You may also accept that TDSSkiller knows what's it's doing and clean all suspicious files, although I can't honestly recommend doing that (I'd rather get a 2nd opinion BEFORE deleting a file).



    Once you've completed all malware on-demand scans, run the following to check that system files are intact ... each utiltiy might take soem time to complete. Please report back if any integrity errors are shown on the screen.

    Command Prompt (Admin)
    Dism /Online /Cleanup-Image /RestoreHealth

    SFC /ScanNow


    The order I usually run the scanners:

    • Full scan using the installed AV product
      If you use Windows Defender - run it offline
      Settings > Update & security > Defender > Offline
    • TDSSkiller
    • Malwarebytes
    • Temp File Cleaner
    • AdwCleaner
    • JRT
    • Hitman Pro (trial)
    • ESET Online Scanner
      -> This scan takes a long time, many people replace this step with Emsisoft Emergency Kit


    Please post the logs if you require assistance.

    Particularly difficult malware might require another offline scanner, such as Avast or Bitdefender, but the above list is normally more than sufficient to declare victory.

    The entire scanning process should be run in one session so that malware has less of a chance to re-infect. Depending on the work to be performed (clean up), it could take an entire day. You don't have to sit there and watch it, but you shouldn't use the machine while cleansing it. Run the scan, come back and if it's done, start the next one
    My sincerest apologies... I was trying to work and
    fix 3 computers at the same time... and, didn't pay
    attention to the scan results.

    It took 4 days to scan my main PC - 1 TB internal
    drive and 3 TB external drive ;( and I didin't use
    it the whole time.. YUCK!

    After they were all done, I ran msert on quick scan
    to see if it found anything else... I think/hope/believe
    that all 3 computers are now clean..

    I am making system backup files of all right now.

    I have the scan results if those would be of value?

    thank you with all my heart for your very complete
    and generous assistance.

    Karen
      My Computer


  10. Posts : 54
    Windows 10/64
    Thread Starter
       #20

    I had asked if it's possible that a link
    contains a virus... would anyone know?

    I run a live skype support room. More
    and more frequently, when people
    try to send files to me - or any link
    for that matter, it shows up as the
    malware link. (I no longer download
    anything that is sent to me)

    I have not touched it again...

    and, I don't know whether the
    link is being transformed to malware
    because of something on my computer
    or a virus on their computer?

    Any thoughts?

    I took a screenshot of the malware
    link and uploaded it to prnt.sc... here's
    the link to that screenshot:

    http://prntscr.com/c6gq70

    Thank you again

    Karen
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:24.
Find Us




Windows 10 Forums