1.    18 Sep 2017 #1
    Join Date : Feb 2017
    Posts : 22
    Windows 10 64 bit

    Malware that won't go away (text file included)


    I have this malware that keeps saying Windows has an update and I foolishly went to click it because it looked official and Malwarebytes blocked access. I can't find the program anywhere in Revo Uninstaller but I do have the log of what Malwarebytes blocked that I saved to a text file.

    This program is so mysterious and I'm having trouble. I did delete some .exe called BIGUBIK or something along those lines from the computer because User Account Control asked if I want to run that program when I clicked OK on this updater thing. But the pop up still comes up and it makes it so I can't click X and it shows up over any other program so the only way to deal with it is to click OK. Fortunately it doesn't do anything because it gets blocked. My nephew installed some crap with some Teamspeak like service against my wishes and I think he put it on there. Any help? I'm assuming this mshta.exe that shows up is the culprit.

    chromium text.txt
      My ComputerSystem Spec
  2.    18 Sep 2017 #2
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,057
    Windows 10 Pro Build 1703

    Hi pjmcquirk85

    Have you launched a full Malwarebytes scan. Please ensure root kits is selected.

    I would also try their other procdut ADWCleaner.

    https://www.malwarebytes.com/adwcleaner/

    Some of these products will work better from Safe Mode. Please access through the Advance Startup Options.

    Easiest way to start, hold shift key down and click restart.

    Boot to Advanced Startup Options in Windows 10

    In future provide nephew with a Standard account and do not supply admin password.

    Good luck


    Ken
      My ComputerSystem Spec
  3.    18 Sep 2017 #3
    Join Date : Jul 2016
    Crewe Cheshire
    Posts : 1,456
    windows 10

    Look in username/appears/local and any folders below you should find a file setup.log it's the problem then note the time the pop happens and check scheduled task for that time that's what starts it
      My ComputerSystem Spec
  4.    21 Sep 2017 #4
    Join Date : Feb 2017
    Posts : 22
    Windows 10 64 bit
    Thread Starter

    Ok guys thanks. I'll try both those things.
      My ComputerSystem Spec
  5.    21 Sep 2017 #5
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,057
    Windows 10 Pro Build 1703

    I assume no joy.

    Sounds like you might have something in your registry that is kicking it off.

    If you download and run autoruns you maybe able to find it. I say maybe as it is going to show you a ton of info.

    With autoruns you have the power to seriously mess up Windows but no harm looking.

    https://docs.microsoft.com/en-us/sys...loads/autoruns

    Before deleting or disabling anything please ensure you have a restore point. I also strongly recommend you create an Image with a tool like Macrium Reflect and finally have bootable media so you can start windows. Simplest way to get is to type Recovery Drive in Cortana and start app. USB key size could be between 4GB and 16GB. If you start app with no key installed it will tell you key size you need. Cancel app, buy key and start again. If it asks should you delete recovery partition the answer is No.

    Backup and Restore with Macrium Reflect


    Ken
      My ComputerSystem Spec
  6.    05 Oct 2017 #6
    Join Date : Feb 2017
    Posts : 22
    Windows 10 64 bit
    Thread Starter

    Quote Originally Posted by Samuria View Post
    Look in username/appears/local and any folders below you should find a file setup.log it's the problem then note the time the pop happens and check scheduled task for that time that's what starts it
    I did just that using task manager when the thing popped up again. It was an appdata local folder and it had a setup.log in it. It didn't show up under scheduled tasks but I don't quite know how to navigate scheduled tasks. I'll keep you posted. Is it ok to DM you on here if it pops up again?

    Thanks
      My ComputerSystem Spec
  7.    05 Oct 2017 #7
    Join Date : Oct 2016
    Caledon, Ontario, Canada
    Posts : 4,057
    Windows 10 Pro Build 1703

    When you open task manager go to the top item in the navigation pane, very left. Click on it.

    In the right Window in the section labelled Task Status you will see a drop down, likely with the words "Last 24 Hours". Switch to last hour right after you see it. Shouldn't be more than one or two.


    Ken
      My ComputerSystem Spec
  8.    06 Oct 2017 #8
    Join Date : Oct 2017
    Posts : 467
    Windows 10 Pro 64-bit

    Please open the Command Prompt as a administrator and type following command:

    Code:
    cd /
    
    dir /s /a /b chdrm.com | Clip
    When Dir command finish executing right click your next post and select Paste this will paste the Windows clipboard to your next post. Please post the result of dir command.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Is this a genuine file or malware ?
Hi, I noticed that my processor was working at 100% all the time. When i looked to see what was using al of the processor i found a process running named: g67b0.tmp.exe Google came with no results for this so i wondered if it is malware ? I...
AntiVirus, Firewalls and System Security
Solved File History. What are the defaults included in a backup?
Hi Iíve been trying Win 10 File History and am most confused. First I did a Test run and selected just one folder (Test Folder) to be backed up to an external drive. After the backup had been running for about 5 minutes & my Test Folder was only...
Backup and Restore
IRQL_NOT_LESS_OR_EQUAL BSOD [Pleas Help/Dump File Included]
I have been getting many bsods recently, and the main one is IRQL_NOT_LESS_OR_EQUAL. I don't always get it immediately upon booting up, most of the time its during the playing of a game. I have ran memtest and my results came back within an hour...
BSOD Crashes and Debugging
Random BSODs, dump file included
Bluescreenview indicates: "caused by driver ntoskrnl.exe" Memtest showed 0 errors with the RAM. All graphics drivers etc should be up to date. Analysing dump file with windows debugging tools shows: Microsoft (R) Windows Debugger Version...
BSOD Crashes and Debugging
Solved bluescreen with watchdog violation error (zip file included)
Hello, I upgraded yesterday and everything looked okay, but today I keep getting bluescreen with watchdog violation error like every 10 minutes. I don't know if it is win10 bug or I messed something up myself -- today I got some kind of malicious...
BSOD Crashes and Debugging
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:56.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums