Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware has frozen my screen - wants to SELL ME A fix [Closed] [Solved


  • This topic is locked This topic is locked

#1
geeksugarbaby

geeksugarbaby

    Member

  • Member
  • PipPipPip
  • 110 posts
Not sure how this happened, but
I have windows 8
A window popped up showing 6 malware files and I can't remove the screen

IT SAYS WINDOWS FIREWALL HAS BLOCKED A PROGRAM FROM ACCESSING THE INTERNET

BUT ITS FROZEN UP SO I CANT CLEAN IT.

Behind it I can see WINDOWS ANTIVIRUS MASTER

alt + tab does not bring up TASK MANAGER.

I CAN ONLY GO FORWARD and the screens want me to BUY by entering CC info ( which I won't do)

Looks like I need help.

I'm new to Windows 8 too.



Thanks!!
  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi geeksugarbaby, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Can you download/run any program(s)?

Regards,
Valinorum
  • 0

#3
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Actually, no. I boot up.
Then I click to switch to the screen without all the Tiles.
My Windows Defender screen is in the background telling me to clean my computer
In the lower right corner is a FIREWALL window saying the same thing
But I cannot "X" out if it
As I click through it directs me to a screen to buy a package that will clean my computer
( like in the image I attached )
That main screen is frozen
And I'm not sure how to try to download or run any programs from the TILES side of Windows 8

This problem is on my laptop...

I do have access to a DESKTOP computer, though...
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi geeksugarbaby, :)

  • Step #1
    Download the following three programs to your Desktop of the clean and functioning computer:

    1. WiNTBootIc
    2. Windows 8 64bit RC (Link has been PMed.)
    3. Farbar Recovery Scan Tool x64

    Extract wintoboot to your desktop
    Insert a USB drive of at least 1GB
    Run Wintoboot

    Posted Image

    Drag and drop the Windows 8 ISO to the programme in the space indicated
    Tick the Format box and accept the warnings
    Press Do It

    You will see it progressing

    Posted Image

    It will let you know when it is done
    Then copy FRST to the same USB

    Posted Image


    Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
    Note: If you are not sure how to do that follow the instructions Here


    When you reboot you will see this.

    Select the language on this screen and keyboard on the next

    Posted Image

    Select the Trouble shoot option

    Posted Image

    Select Advanced option

    Posted Image

    Select Command prompt

    Posted Image

    At the command prompt type the following :

    Posted Image
  • notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
    Posted Image
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

  • Required Log(s):
  • Farbar Recovery Scan Tool Log

Regards,
Valinorum
  • 0

#5
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
I greet thee, Valinorum:

The Link for WiNToBootic

took me here:
https://dl.dropboxus...WiNToBootic.exe

but I saw a screen that said ERROR 404

Error (404)
We can't find the page you're looking for. Check out our Help Center and forums for help, or head back to home


I am also downloading the CONSOLE you sent me via DropBox.... could there be a conflict since I am already downloading from Dropbox?

I will just try back once this first Download finishes...
  • 0

#6
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Tried it again. Still get that Error Message. Please resend Link to DropBox for the WiNToBootic

thank you
  • 0

#7
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
The Dropbox link is dead. My apology. Please use this link: http://www.wintoboot...Bootic_v2.1.zip
  • 0

#8
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
YOUR INSTRUCTIONS SAY:

"Drag and drop the Windows 8 ISO to the programme in the space indicated"

WHAT EXACTLY IS THE WINDOWS 8 ISO??
WHICH FILE IS IT?

in Windows 8 64bit RC
I EXTRACTED 3 FILES: 1 BOOT MGR FILE
1 BOOT FOLDER
1 SOURCES FOLDER

WHAT EXACTLY DO I DROP ONTO THE WINTOBOOTIC SCREEN?

OR DO I DROP THE ZIPPED UP FILE THERE????

HELP...



  • 0

#9
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
AS YOU CAN SEE, ONE OF THE PHOTOS THAT YOU SENT ME DID NOT EVER "DEVELOP"... ITS THE ONE THAT GOES WITH
STEP ONE


MAYBE YOU COULD SEND IT AGAIN?


MAYBE THIS WOULD CLARIFY ME ON JUST WHAT I DROP ONTO THE WINTOBOOTIC screen...


see my screenshot below

Attached Thumbnails

  • SCREEN.jpg

  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
1. Plug your flash drive to your PC;
2. Extract WinToBootic;
3. You have already downloaded the .iso file for the Windows 8 64-bir RC (Link was PMed earlier). Do not extract it manually;
4. Run WinToBootic and you will see Drag Source or Click. You can either drag and drop the .iso file there or click on and choose the .iso file.
5. Put tick mark on "Format Drive"
6. Click Do it and accept the warning message;
7. After it is done you will be notified and then copy FRST to the same USB.

After that follow the instructions here.
  • 0

Advertisements


#11
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
  • Farbar Recovery Scan Tool Log
IS ATTACHED BELOWAttached File  FRST.txt   13.95KB   148 downloads<BR itxtNodeId="219"><BR itxtNodeId="218">
  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi geeksugarbaby, :)

Do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

  • Step #2 Fix with FRST
    This section of the fix has two parts. For the first part please peruse the following --

    Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      HKLM-x32\...\Run: [] - [X]
      HKLM\...\Policies\Explorer: [NoControlPanel] 0
      HKU\WriterOne\...\Run: [PrSft] - C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe [1076224 2014-02-09] ()
      C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe
      Startup: C:\Users\WriterOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
      C:\Users\WriterOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
      ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
      C:\Program Files (x86)\MyPC Backup
      S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X]
      IFEO\k9filter.exe: [Debugger] SvcHost.EXE
      IFEO\mpcmdrun: [Debugger] c:\windows\vsjitdebugger.EXE
      IFEO\mpsvc.dll: [Debugger] c:\windows\vsjitdebugger.EXE
      IFEO\mpuxsrv.exe: [Debugger] c:\windows\vsjitdebugger.EXE
      IFEO\msascui: [Debugger] c:\windows\vsjitdebugger.EXE
      IFEO\MSconfig.exe: [Debugger] c:\windows\vsjitdebugger.EXE
      IFEO\msmpeng.exe: [Debugger] "c:\windows\Notepad2.exe" /z
      IFEO\MSseces: [Debugger] c:\windows\vsjitdebugger.EXE
      End
    • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Copy and Paste fixlist.txt to your flash drive.

You are ready to move on to the second part. Please peruse --
  • Connect your flash drive to the infected PC;
  • Enter the System Recovery Options and select Command Prompt;
  • Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
  • Click on Fix;
  • After the fix a log will be created in the flash drive named FixLog.txt;
  • Copy and Paste the contents of the log in your next reply;
  • Try to boot into Normal Mode.

 

  • Required Log(s):
  • FRST Fix Log

Regards,
Valinorum
  • 0

#13
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Greetings, Valinorum:

From the Command Prompt I typed e:\FRST64.exe and hit enter...


then I clicked FIX

FRST SAID: warning, looks like you don't know what to do. to prevent damage to the system the tool will now exit.

so it closed.

-----------------------------

I tried it again.

Noticed a warning that my FRST64 was more than a few days old. it prompted me to download it again. I did so, replaced the file on my Flash Drive with a new download, then went into Command Prompt and tried again.

Still it said:

FRST SAID: warning, looks like you don't know what to do. to prevent damage to the system the tool will now exit.

so it closed.

-----------------------------

what now??



  • 0

#14
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
  • Step #3 Fix with FRST
    This section of the fix has two parts. For the first part please peruse the following --

    Download the attached file and save it to your flash-drive.

    You are ready to move on to the second part. Please peruse --
  • Connect your flash drive to the infected PC;
  • Enter the System Recovery Options and select Command Prompt;
  • Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
  • Click on Fix;
  • After the fix a log will be created in the flash drive named FixLog.txt;
  • Copy and Paste the contents of the log in your next reply;
  • Try to boot into Normal Mode.

  • 0

#15
geeksugarbaby

geeksugarbaby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by SYSTEM at 2014-02-19 14:41:44 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\WriterOne\...\Run: [PrSft] - C:\Users\WriterOne\AppData\Roaming\svc-mnph.exe [1076224 2014-02-09] ()
IFEO\k9filter.exe: [Debugger] SvcHost.EXE
IFEO\mpcmdrun: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpsvc.dll: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpuxsrv.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\msascui: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\MSconfig.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\msmpeng.exe: [Debugger] "c:\windows\Notepad2.exe" /z
IFEO\MSseces: [Debugger] c:\windows\vsjitdebugger.EXE
*****************

HKU\WriterOne\Software\Microsoft\Windows\CurrentVersion\Run\\PrSft => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\k9filter.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpsvc.dll => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpuxsrv.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msascui => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSseces => Key deleted successfully.

==== End of Fixlog ====


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP