Windows 10: Malware that won't go away (text file included)

  1.    18 Sep 2017 #1

    Malware that won't go away (text file included)

    I have this malware that keeps saying Windows has an update and I foolishly went to click it because it looked official and Malwarebytes blocked access. I can't find the program anywhere in Revo Uninstaller but I do have the log of what Malwarebytes blocked that I saved to a text file.

    This program is so mysterious and I'm having trouble. I did delete some .exe called BIGUBIK or something along those lines from the computer because User Account Control asked if I want to run that program when I clicked OK on this updater thing. But the pop up still comes up and it makes it so I can't click X and it shows up over any other program so the only way to deal with it is to click OK. Fortunately it doesn't do anything because it gets blocked. My nephew installed some crap with some Teamspeak like service against my wishes and I think he put it on there. Any help? I'm assuming this mshta.exe that shows up is the culprit.

    chromium text.txt
      My ComputerSystem Spec

  2. Posts : 6,348
    Windows 10 Pro Build 1709
       18 Sep 2017 #2

    Hi pjmcquirk85

    Have you launched a full Malwarebytes scan. Please ensure root kits is selected.

    I would also try their other procdut ADWCleaner.

    Some of these products will work better from Safe Mode. Please access through the Advance Startup Options.

    Easiest way to start, hold shift key down and click restart.

    Boot to Advanced Startup Options in Windows 10

    In future provide nephew with a Standard account and do not supply admin password.

    Good luck

      My ComputerSystem Spec

  3.    18 Sep 2017 #3

    Look in username/appears/local and any folders below you should find a file setup.log it's the problem then note the time the pop happens and check scheduled task for that time that's what starts it
      My ComputerSystem Spec

  4.    21 Sep 2017 #4

    Ok guys thanks. I'll try both those things.
      My ComputerSystem Spec

  5. Posts : 6,348
    Windows 10 Pro Build 1709
       21 Sep 2017 #5

    I assume no joy.

    Sounds like you might have something in your registry that is kicking it off.

    If you download and run autoruns you maybe able to find it. I say maybe as it is going to show you a ton of info.

    With autoruns you have the power to seriously mess up Windows but no harm looking.

    Before deleting or disabling anything please ensure you have a restore point. I also strongly recommend you create an Image with a tool like Macrium Reflect and finally have bootable media so you can start windows. Simplest way to get is to type Recovery Drive in Cortana and start app. USB key size could be between 4GB and 16GB. If you start app with no key installed it will tell you key size you need. Cancel app, buy key and start again. If it asks should you delete recovery partition the answer is No.

    Backup and Restore with Macrium Reflect

      My ComputerSystem Spec

  6.    05 Oct 2017 #6

    Samuria said: View Post
    Look in username/appears/local and any folders below you should find a file setup.log it's the problem then note the time the pop happens and check scheduled task for that time that's what starts it
    I did just that using task manager when the thing popped up again. It was an appdata local folder and it had a setup.log in it. It didn't show up under scheduled tasks but I don't quite know how to navigate scheduled tasks. I'll keep you posted. Is it ok to DM you on here if it pops up again?

      My ComputerSystem Spec

  7. Posts : 6,348
    Windows 10 Pro Build 1709
       05 Oct 2017 #7

    When you open task manager go to the top item in the navigation pane, very left. Click on it.

    In the right Window in the section labelled Task Status you will see a drop down, likely with the words "Last 24 Hours". Switch to last hour right after you see it. Shouldn't be more than one or two.

      My ComputerSystem Spec

  8.    06 Oct 2017 #8

    Please open the Command Prompt as a administrator and type following command:

    cd /
    dir /s /a /b | Clip
    When Dir command finish executing right click your next post and select Paste this will paste the Windows clipboard to your next post. Please post the result of dir command.
      My ComputerSystem Spec


Related Threads
Is this a genuine file or malware ? in AntiVirus, Firewalls and System Security
Hi, I noticed that my processor was working at 100% all the time. When i looked to see what was using al of the processor i found a process running named: g67b0.tmp.exe Google came with no results for this so i wondered if it is malware ? I...
Hi Iíve been trying Win 10 File History and am most confused. First I did a Test run and selected just one folder (Test Folder) to be backed up to an external drive. After the backup had been running for about 5 minutes & my Test Folder was only...
I have been getting many bsods recently, and the main one is IRQL_NOT_LESS_OR_EQUAL. I don't always get it immediately upon booting up, most of the time its during the playing of a game. I have ran memtest and my results came back within an hour...
Random BSODs, dump file included in BSOD Crashes and Debugging
Bluescreenview indicates: "caused by driver ntoskrnl.exe" Memtest showed 0 errors with the RAM. All graphics drivers etc should be up to date. Analysing dump file with windows debugging tools shows: Microsoft (R) Windows Debugger Version...
Hello, I upgraded yesterday and everything looked okay, but today I keep getting bluescreen with watchdog violation error like every 10 minutes. I don't know if it is win10 bug or I messed something up myself -- today I got some kind of malicious...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:39.
Find Us